Hi Fabrice, I am using the first option, but I am having problems in the pf gateway, because I can access the network registration only by the same subnet if trying for another no longer respond ... below the configuration of pf.
#SWITCH Vlan 220 interface Vlan220 description Registration ip address 192.168.220.1 255.255.255.0 ip helper-address 192.168.220.6 #PF [interface eth1.220] enforcement=vlan ip=192.168.220.6 type=internal mask=255.255.255.0 gateway=192.168.220.1 [192.168.220.0] dns=192.168.220.6 split_network=disabled dhcp_start=192.168.220.10 gateway=192.168.220.1 domain-name=vlan-registration.sonangol.pvt nat_enabled=disabled named=enabled dhcp_max_lease_time=30 fake_mac_enabled=disabled dhcpd=enabled dhcp_end=192.168.220.246 type=vlan-registration netmask=255.255.255.0 dhcp_default_lease_time=30 A segunda, 12/08/2019, 13:44, Fabrice Durand <[email protected]> escreveu: > Hello Domingos, > > really sorry for the delay. > > So yes the registration and isolation vlan need to be available in all > your switches like a normal vlan. (layer 2) > > The only difference is that this vlan is managed by packetfence, so pf is > the dhcp/dns/default gateway. > > So let's say the reg vlan is 123 then you don't have to set a gateway on > this vlan. > > > Now let's say you want to route the registration vlan and isolation vlan. > > You have 2 ways to do it, the first one is to have a gateway in the vlan > 123 and tell packetfence to use this gateway to reach the remote > registration vlan and in the client gateway (on the other side) you need to > set an ip-helper address to the registration interface ip of packetfence. > > Or you can use the management interface as a dhcp, to do that just add an > additional daemon to the management interface (dhcp) and create a remote > registration config that use the gateway facing the management interface. > > Regards > > Fabrice > > > Le 19-08-09 à 12 h 03, Domingos Varela a écrit : > > Hi Fabrice, > > I agree with you that it is a network problem, because the production > network does not have access to the registration network. > > Should registration and isolation networks be routed or not in the > infrastructure? > > If not, how do clients get to the dhcp server if they don't have access to > the gateway of these networks? > > Is it possible to change the dhcp listen port to the management address? > Thanks > > Regards > > > A quarta, 7/08/2019, 16:44, Domingos Varela <[email protected]> > escreveu: > >> Hi, >> >> Pf logs in attach >> >> Thanks >> >> pf-logs.7z >> <https://drive.google.com/file/d/0B4kerdl39UHXZmlsckVnclFfaVIxNGhPdFV6MlZENWFyYkdR/view?usp=drivesdk> >> >> >> >> >> A quarta, 7/08/2019, 15:41, Fabrice Durand <[email protected]> escreveu: >> >>> Hello Domingas, >>> >>> the packetfence.log should be enough. >>> >>> Regards >>> >>> Fabrice >>> >>> >>> Le 19-08-06 à 17 h 01, Domingos Varela a écrit : >>> >>> Hi Patrice, >>> >>> Which equipment do you want the logs from? >>> For more details I send the implementation diagram. >>> Thanks >>> Regards >>> >>> Cumprimentos, >>> >>> * Domingos Varela* >>> Tel. +244 923 229 330 | Luanda - Angola >>> >>> >>> Fabrice Durand via PacketFence-users < >>> [email protected]> escreveu no dia terça, >>> 6/08/2019 à(s) 20:27: >>> >>>> Hello Domingos, >>>> >>>> if the device receive an ip address from the production vlan then it >>>> mean that there is a network miss-configuration. >>>> >>>> Can you provide some logs ? >>>> >>>> Regards >>>> >>>> Fabrice >>>> >>>> >>>> Le 19-08-05 à 10 h 17, Domingos Varela via PacketFence-users a écrit : >>>> >>>> Hi, >>>> >>>> I am using pf to authenticate wifi users on the network, but when a >>>> user connects to the network he gets the IP from the data network and not >>>> from the registration network. >>>> >>>> Shouldn't users receive the IP from the registration network and after >>>> logging in receive the io from the data network? >>>> >>>> Thanks >>>> Regards >>>> >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing >>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> -- >>>> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >>>> www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>> (http://packetfence.org) >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>> -- >>> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >>> www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> -- > Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
