Hello Fabrice, Thanks for your reply but I’m still wrestling with the config at all and I’m having so further questions.First let me tell you my plans. I’d like to use pf in the vlan-enf mode with a openwrt router with hostapd and the radius with local auth (for testing).
I configurated the network as I wrote in my last mail. So pf and the openwrt ap are in the 10.0.0.x network without any vlan. I created a vlan each for registration and isolation as described in this guide: https://packetfence.org/doc/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN.html#_configuring_your_packetfence_environment and the linking of the ap after that guide https://packetfence.org/doc/PacketFence_OpenWrt-Hostapd-15-05_Quick_Install_Guide.html which contains two errors I’d like to report. The linking of the ap works fine so far. Initially I plan to use default role which I allowed to register up to 10 devices. Here my troubles are starting: Which Authentication Sources shall use? At the moment I’m using the default connection profile with the local source. If I connect a device via wifi to the network I can see the following lines in the log of hostapd: Sat Aug 26 18:09:37 2017 daemon.info hostapd: wlan0: STA 00:13:ce:ec:9e:27 IEEE 802.11: authenticated Sat Aug 26 18:09:37 2017 daemon.info hostapd: wlan0: STA 00:13:ce:ec:9e:27 IEEE 802.11: associated (aid 1) Sat Aug 26 18:09:37 2017 daemon.info hostapd: wlan0: STA 00:13:ce:ec:9e:27 RADIUS: starting accounting session 59A1541A-0000001E If I check auto registration of new devices in the connection profile the device even gets registrated but no the wifi won’t connect. I stored the radius credentials as demanded in the /usr/local/pf/raddb/users file. Which point am I missing? Do I need further configurations? Honestly sometimes I’m feeling lost in the guides of pf. Two last questions for my own understanding. The users section in pf web menu. Is it the “local” auth source? And If I use the auth source htpasswd do I need to create a user in the users section? Best regards and sorry for the large amount of questions/problems Moritz > On 25. Aug 2017, at 18:49, Fabrice Durand via PacketFence-users > <[email protected]> wrote: > > Hello Moritz, > > just keep in mind that the registration and isolation vlan is managed by > packetfence (dhcp/dns/gateway), after that the production vlan can be > what you want. > > Regards > > Fabrice > > > > Le 2017-08-25 à 10:39, Moritz Schmid via PacketFence-users a écrit : >> Hey guys, >> >> I’m new to pf and a little bit confused about a proper vlan setup for the >> vlan enforcement. So far I’d like to have my setup checked please. My >> Question: Is it possible that the management vlan and the “normal” aka >> production vlan are the same? I know it is possible to have several prod >> vlans but in my case I just want to have one. >> >> In the Network Device Conf Guide its: Normal VLAN: 1, Registration VLAN: 2 & >> Isolation VLAN: 3 >> In the OoB Zen Guide its: Mgmt VLAN 1, Reg VLAN 2, Isolation VLAN 3 & Normal >> VLAN 10 >> >> My plans and my understanding is the following: >> >> Pf server (following the guide): >> Eth0 as mgmt/normal with ip 10.0.0.x >> Eth0 vlan 2 as registration with dhcp from pf (192.168.2.x) >> Eth0 vlan 3 as isolation with dhcp from pf >> (192.168.3.x) >> >> Switch >> Default vlan (1) with ip 10.0.0.x >> … >> … >> >> On uplink (Port 1) which is in the default vlan 1 and Port 2 as the trunk >> port in all three vlans. >> >> Regards, >> Moritz >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- > Fabrice Durand > [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
