Hi all, I've got a Packetfence server set up to evaluate and I've got a few questions. First, a bit about my environment... I'm working with Cisco WLC with mostly 2700 series APs with a few 702w or 1810w hospitality APs. For switches, we've got mostly Cisco 2960-X stacks with some older Dell 6200 series switches mixed in. Currently we're doing mostly MAB enforcement with a captive portal for user-ID capture on our existing NAC. Our NAC is currently deployed primarily in on-campus housing and our wireless. We've also got Infoblox DHCP/DNS servers for these areas as well as a Palo Alto firewall with Panorama.
What I'd like to accomplish with Packetfence: * 802.1x with MAB fallback for devices that don't support it * Device onboarding to assist with 802.1x config, especially for OS that don't really support it by default (I'm looking at you Windows) * User-ID captured for every device.. obviously the supplicant will do this with 802.1x but I'd also like to do a captive portal for MAB devices * A "My Devices" portal so users can log in and see a list of their devices and the registration status. It would also be great if users could pre-register devices this way with a MAC before connecting them to the network (would be required for anything that doesn't have a supplicant or web browser) * IPv6 (possibly) * Not require a permanent install on BYOD devices if at all possible So for my questions: 1. Is the above all possible on Packetfence? 2. What would be the recommended network setup for this? For my initial trial, I only set up two NICs.. one for management and one for Registration. Also, is it recommended to bring the registration network, or any network, back to the server? I'm a little leery of doing Layer 2 all of the way, especially considering the number of networks I have to work with. 3. What is the recommended wireless setup? I know I've seen some people recommend an onboarding network that then pushes configs to connect to the real networks (which can be hidden). 4. I've read about Infoblox integration but I can't seem to find much documentation on how to accomplish it other than that it may involve the DHCP Syslog Parser... is there documentation or a tutorial on how to set it up and what does it improve? (I've noticed my Windows SurfaceBook gets identified as an Xbox device with Fingerbank Integration .... I'd like to improve on this and get a more accurate ID). Thanks in advance... really excited to try this out, Jason Salmans
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
