On 23-04-2020 00:24, Sallee, Jake via PacketFence-users wrote:
PF works great with routed networks and depending on the details of your VPN
connection I think it should work in your situation.
Thanks, it's not the VPN I am wondering about, though.
The most important requirement is that PF only tells the switches which
VLAN to assign to the selected port, based on which client is
connecting. It must not do DHCP or DNS. That will be done locally. Nor
must it keep track of local DHCP assignments.
VPN routing and firewall has been set up such that PF that the switches
can talk to PF and vice versa.
I am considering using the same VLAN ids on all sites (there are
hundreds). To PF, the VPN presents the individual sites as one large
network block, so PF won't know that they are actually numerous
individual segments. To the individial locations it does not matter that
VLAN ids are the same everywhere, because VLAN ids are stripped by the
VPN anyway.
Communication between hosts on different locations is controlled by the
VPN firewall.
So the main question is, can PF assign VLAN only, without knowing or
caring about IPs?
I am sure it can, as freeRADIUS can, but since I can't check myself yet,
I am really curious to know.
Erik
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
