Le 19-10-08 à 21 h 14, Javier Pobeda via PacketFence-users a écrit :
Hi folks,
I'm struggling to understand basic design stuff.
I want to run my PF server to authenticate remote users (wired 802.1x)
and also provide AAA to access network gear assigning role privilege
levels, etc.
Remote offices use different VLAN configuration so I have to be able
to allocate different VLAN IDs with Radius.
What mode should I choose during the setup? just VLAN? or VLAN AND Radius.
Vlan enforcement if you want to use the portal, Radius if you just want
to do radius.
Does this allow for putting a user that fails auth into a
"remediation" LAN?
It depend what you need , if the 802.1x authentication fail then the
radius request will be rejected. It belong to the switch to decide what
to do with a reject.
*VLAN enforcement*
PacketFence is the server that assigns the VLAN (or roles) to the
devices. This is the prefered enforcement mechanism for manageable
equipment.
*WebAuth enforcement*
PacketFence is the server that assigns the Role (or ACL) to the
devices. This mode is for web authentication.
*RADIUS enforcement*
PacketFence is the server that validates the RADIUS authentication and
returns the VLAN (or roles) to the devices. This mode does not have a
registration option, it is either accept or deny with the final VLAN.
If I choose VLAN and RADIUS It requires to add new interfaces but they
MUST be on separate networks which I'm not sure why if what I want is
to have a remote radius server to do the job. I can't quite get the
purpose.
Choose radius in that case.
Regards
Fabrice
Anyone able to shed some light?
Thanks
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
