Hi, Please, can someone who has the registration subnet working help? Thanks
A segunda, 12/08/2019, 17:34, Domingos Varela <[email protected]> escreveu: > Hi Fabrice, > > I am using the first option, but I am having problems in the pf gateway, > because I can access the network registration only by the same subnet if > trying for another no longer respond ... below the configuration of pf. > > #SWITCH > > Vlan 220 > > interface Vlan220 > description Registration > ip address 192.168.220.1 255.255.255.0 > ip helper-address 192.168.220.6 > > > #PF > > [interface eth1.220] > enforcement=vlan > ip=192.168.220.6 > type=internal > mask=255.255.255.0 > gateway=192.168.220.1 > > [192.168.220.0] > dns=192.168.220.6 > split_network=disabled > dhcp_start=192.168.220.10 > gateway=192.168.220.1 > domain-name=vlan-registration.sonangol.pvt > nat_enabled=disabled > named=enabled > dhcp_max_lease_time=30 > fake_mac_enabled=disabled > dhcpd=enabled > dhcp_end=192.168.220.246 > type=vlan-registration > netmask=255.255.255.0 > dhcp_default_lease_time=30 > > > A segunda, 12/08/2019, 13:44, Fabrice Durand <[email protected]> > escreveu: > >> Hello Domingos, >> >> really sorry for the delay. >> >> So yes the registration and isolation vlan need to be available in all >> your switches like a normal vlan. (layer 2) >> >> The only difference is that this vlan is managed by packetfence, so pf is >> the dhcp/dns/default gateway. >> >> So let's say the reg vlan is 123 then you don't have to set a gateway on >> this vlan. >> >> >> Now let's say you want to route the registration vlan and isolation vlan. >> >> You have 2 ways to do it, the first one is to have a gateway in the vlan >> 123 and tell packetfence to use this gateway to reach the remote >> registration vlan and in the client gateway (on the other side) you need to >> set an ip-helper address to the registration interface ip of packetfence. >> >> Or you can use the management interface as a dhcp, to do that just add an >> additional daemon to the management interface (dhcp) and create a remote >> registration config that use the gateway facing the management interface. >> >> Regards >> >> Fabrice >> >> >> Le 19-08-09 à 12 h 03, Domingos Varela a écrit : >> >> Hi Fabrice, >> >> I agree with you that it is a network problem, because the production >> network does not have access to the registration network. >> >> Should registration and isolation networks be routed or not in the >> infrastructure? >> >> If not, how do clients get to the dhcp server if they don't have access >> to the gateway of these networks? >> >> Is it possible to change the dhcp listen port to the management address? >> Thanks >> >> Regards >> >> >> A quarta, 7/08/2019, 16:44, Domingos Varela <[email protected]> >> escreveu: >> >>> Hi, >>> >>> Pf logs in attach >>> >>> Thanks >>> >>> pf-logs.7z >>> <https://drive.google.com/file/d/0B4kerdl39UHXZmlsckVnclFfaVIxNGhPdFV6MlZENWFyYkdR/view?usp=drivesdk> >>> >>> >>> >>> >>> A quarta, 7/08/2019, 15:41, Fabrice Durand <[email protected]> >>> escreveu: >>> >>>> Hello Domingas, >>>> >>>> the packetfence.log should be enough. >>>> >>>> Regards >>>> >>>> Fabrice >>>> >>>> >>>> Le 19-08-06 à 17 h 01, Domingos Varela a écrit : >>>> >>>> Hi Patrice, >>>> >>>> Which equipment do you want the logs from? >>>> For more details I send the implementation diagram. >>>> Thanks >>>> Regards >>>> >>>> Cumprimentos, >>>> >>>> * Domingos Varela* >>>> Tel. +244 923 229 330 | Luanda - Angola >>>> >>>> >>>> Fabrice Durand via PacketFence-users < >>>> [email protected]> escreveu no dia terça, >>>> 6/08/2019 à(s) 20:27: >>>> >>>>> Hello Domingos, >>>>> >>>>> if the device receive an ip address from the production vlan then it >>>>> mean that there is a network miss-configuration. >>>>> >>>>> Can you provide some logs ? >>>>> >>>>> Regards >>>>> >>>>> Fabrice >>>>> >>>>> >>>>> Le 19-08-05 à 10 h 17, Domingos Varela via PacketFence-users a écrit : >>>>> >>>>> Hi, >>>>> >>>>> I am using pf to authenticate wifi users on the network, but when a >>>>> user connects to the network he gets the IP from the data network and not >>>>> from the registration network. >>>>> >>>>> Shouldn't users receive the IP from the registration network and after >>>>> logging in receive the io from the data network? >>>>> >>>>> Thanks >>>>> Regards >>>>> >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing >>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> -- >>>>> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >>>>> www.inverse.ca >>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>> (http://packetfence.org) >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>> -- >>>> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >>>> www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>> (http://packetfence.org) >>>> >>>> -- >> Fabrice [email protected] :: +1.514.447.4918 (x135) :: >> www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >>
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
