Hello Jason,
Le 19-04-15 à 23 h 28, Jason Salmans via PacketFence-users a écrit :
Hi all,
I’ve got a Packetfence server set up to evaluate and I’ve got a few
questions. First, a bit about my environment… I’m working with Cisco
WLC with mostly 2700 series APs with a few 702w or 1810w hospitality
APs. For switches, we’ve got mostly Cisco 2960-X stacks with some
older Dell 6200 series switches mixed in. Currently we’re doing
mostly MAB enforcement with a captive portal for user-ID capture on
our existing NAC. Our NAC is currently deployed primarily in
on-campus housing and our wireless. We’ve also got Infoblox DHCP/DNS
servers for these areas as well as a Palo Alto firewall with Panorama.
What I’d like to accomplish with Packetfence:
* 802.1x with MAB fallback for devices that don’t support it
we support.
*
* Device onboarding to assist with 802.1x config, especially for OS
that don’t really support it by default (I’m looking at you Windows)
We support
*
* User-ID captured for every device.. obviously the supplicant will
do this with 802.1x but I’d also like to do a captive portal for
MAB devices
We support
*
* A “My Devices” portal so users can log in and see a list of their
devices and the registration status. It would also be great if
users could pre-register devices this way with a MAC before
connecting them to the network (would be required for anything
that doesn’t have a supplicant or web browser)
We support
*
* IPv6 (possibly)
ipv4 for reg/isolation network and ipv6 for the production network.
*
* Not require a permanent install on BYOD devices if at all possible
You can have a portal with AD authentication for that.
*
So for my questions:
1. Is the above all possible on Packetfence?
Yes
1.
2. What would be the recommended network setup for this? For my
initial trial, I only set up two NICs.. one for management and one
for Registration. Also, is it recommended to bring the
registration network, or any network, back to the server? I’m a
little leery of doing Layer 2 all of the way, especially
considering the number of networks I have to work with.
2 nics is ok, and you can have layer 3 registration networks if you want.
1.
2. What is the recommended wireless setup? I know I’ve seen some
people recommend an onboarding network that then pushes configs to
connect to the real networks (which can be hidden).
You can have an open ssid for the guest and for onboarding and a secure
ssid for corporate/byod devices.
1.
2. I’ve read about Infoblox integration but I can’t seem to find much
documentation on how to accomplish it other than that it may
involve the DHCP Syslog Parser… is there documentation or a
tutorial on how to set it up and what does it improve? (I’ve
noticed my Windows SurfaceBook gets identified as an Xbox device
with Fingerbank Integration …. I’d like to improve on this and get
a more accurate ID).
As i remember the Infoblox syslog is like the iscdhcp format, so you
just need to send the syslog to packetfence, configure rsyslog to send
the content in a fifo and create a syslog parser in packetfence (DHCP)
and you should be good.
Regards
Fabrice
1.
Thanks in advance… really excited to try this out,
Jason Salmans
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
