Hello Tony,
Le 19-02-17 à 23 h 22, Tony W via PacketFence-users a écrit :
Hi Fabrice,
Thank you for that.
So for PF, set 1 external interface (WAN) with Internet access (Inline)
No a management one with internet access
Then set at least 1 internal interface (LAN) with VLAN's, say 10 for SSID,
11, 12, 13, 14....for the users to be allocated to once authenticated.
11,12,13,14 as inline
I do not need (Or want) Internet access on VLAN 10, only DHCP for the
client devices.
So 10 is a registration interface.
When the client device successfully authenticates, the client traffic
will go to the
selected/allocated VLAN (11, 12, 13 or ....) and be given new IP
addresses by DHCP.
It's what an inline interface do.
It is no big deal regarding people being on the initial VLAN 10 as not
many will be there at any one time.
The registration interface on the vlan 10 will have short lease time, by
default we set it to 30s.
Just a quick question specific to CentOS 7.6 and PF.
CentOS 7.x issues interface names like em1, em2, p2p1, p2p2 etc.,
instead of the old style eth0, eth1...
Will PF still work OK, if I change this to the old style (See link below)?
https://sites.google.com/site/syscookbook/rhel/rhel-network-interface-rename-rhel7
Yes it will work.
I feel more comfortable using the old interface naming convention and
the above procedure works well:-)
Regards
Fabrice
On Mon, 18 Feb 2019 at 12:09, Durand fabrice via PacketFence-users
<[email protected]> wrote:
Hello Tony,
you can set the vlan as inline in PacketFence.
What i would do in this case is the following:
- Create on pf all the VLAN's an inline interface, per example eth1.10,
eth1.11, eth1.12 .... (the vlan's you return when authenticated)
- Set these vlan's id on the switch config (PacketFence side).
That's it.
The only issue you will have is when you unreg a device then it will
stay on the inline vlan but hit the portal on the inline interface.
If the device reconnect then it will go on the reg vlan.
Regards
Fabrice
Le 19-02-17 à 19 h 35, Tony W via PacketFence-users a écrit :
Hi there,
Trying to work out how to get PF to work as NAT/Firewall to the
internet whilst doing Radius and VLAN enforcement.
Is this possible? Reading the documentation, it appears that the
current version will work in hybrid mode
(A combination of both) but seems to be for "flat" networks on
switches that can not be managed.
I run a wireless network controller, where visitors connect to an SSID
(Assigned to a specific VLAN). This VLAN has no
Internet access.
Authentication is 802.1x. Once authenticated, visitor is directed to
one of a number of predetermined VLAN's by PF.
Each of the VLAN's shall have Internet access through the same PF box.
PF tells Ruckus to put the visitor in the
assigned VLAn. DHCP is used on the initial connection and each of the
VLAN's shall have their own DHCP scope.
I have done this before using FreeRadius with DaloRadius and a Ruckus
controller, configured manually on CentOS 7.3
with Firewall/NAT. That solution is lacking some of the nice extra
stuff integrated in PF.
Whilst not expecting someone to give me the whole solution, I am
looking for some pointers and confirmation that
PF is suitable for what I want to do.
Thanks in advance
Tony
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
