Hi all, I am trying to install, configure and test PF for first time. My university has a central site (data center room), where PF will be located in its own subnet and around 50 campus sites where the users are located. Each one of these sites has its own several VLANs, for VoIP, printing, users, etc. In addition we have WLAN with 3 main SSIDs- for the organization users, for students and for visitors.
Further details: - Currently we use Cisco ISE to control access into our network, - All of my switches are manageable, supporting 802.1x authentication. Most of them are Cisco, - For WLAN we use Cisco's WLC controller, - We use Microsoft's LDAP for user accounts (students, faculty and admin staff). ISE uses this LDAP to authenticate users either wired or wireless, - For WLAN we also use local accounts for visitors, created on ISE. For these accounts, user authentication is done via a web portal, located on ISE. - ISE uses VLAN changing method before and after authentication What we would like to do is use PF in the same way ISE is used. We installed PF on a virtual host with one Ethernet card and we are trying to get it up and going. We selected VLAN enforcement and WebAuth Enforcement methods. Then we tried to follow the instructions according to the Zen out-of-band documentation. We created the 3 VLANs (isolation, registration and portal) and we have the management on eth0 without creating a VLAN for it. The VLANs created are as follows: - VLAN 180: 10.250.16.4/24 portal - VLAN 181: 10.250.18.4/24 isolation - VLAN 182: 10.250.20.4/24 registration What confuses me here is that the VLAN IPs are actually host IP addresses and not subnets. Furthermore, there is no option to define a default gateway for each of the three VLANs. Therefore only the management IP is accessible from the remote campus networks. The PF machine is connected to a switch via a trunk and all 3 VLANs, including management network, are passed over this trunk. The gateway for each of the three VLANs and the management network are on the switch. I can ping the IP interface for each of the VLANs from the switch itself, but I cannot ping the IPs from any other network. Any help is appreciated! Regards, Constantine <html> <body> <img src="http://www.cut.ac.cy/images/environmentalSign.gif"/> </body> </html> ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
![http://www.cut.ac.cy/images/environmentalSign.gif"/](http://www.cut.ac.cy/images/environmentalSign.gif"/){kind=link}