Hi folks, I'm struggling to understand basic design stuff.
I want to run my PF server to authenticate remote users (wired 802.1x) and also provide AAA to access network gear assigning role privilege levels, etc. Remote offices use different VLAN configuration so I have to be able to allocate different VLAN IDs with Radius. What mode should I choose during the setup? just VLAN? or VLAN AND Radius. Does this allow for putting a user that fails auth into a "remediation" LAN? VLAN enforcement PacketFence is the server that assigns the VLAN (or roles) to the devices. This is the prefered enforcement mechanism for manageable equipment. WebAuth enforcement PacketFence is the server that assigns the Role (or ACL) to the devices. This mode is for web authentication. RADIUS enforcement PacketFence is the server that validates the RADIUS authentication and returns the VLAN (or roles) to the devices. This mode does not have a registration option, it is either accept or deny with the final VLAN. If I choose VLAN and RADIUS It requires to add new interfaces but they MUST be on separate networks which I'm not sure why if what I want is to have a remote radius server to do the job. I can't quite get the purpose. Anyone able to shed some light? Thanks
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
