On 23-04-2020 13:50, Ludovic Zammit wrote:
Hello Erik,
Hello Ludovic,
Yes it can assign VLAN only.
Ah, nice.
Do you want a captive portal to register your devices or just do 802.1x/ mac authentication ?
To begin with, just 802.1x and/or MAC auth. Local equipment can handle a captive portal should that be necessary. May later via PF, but I don't see a specific need anytime soon.
There a lot of feature that rely on DHCP handled by PacketFence for the captive portal, for example you will lose a good part the Profiling with Fingerbank that relies on DHCP traffic.
Hmm, that might be interesting later on too. Will that require PF to actually be the DHCP-server, or will it suffice that PF is kept informed by the local DHCP-server?
If PF needs to be the DHCP-server in those cases, would it be able to select the correct IP range based on site specific attributes? Because each site has its own specific IP range, but PF will see the entire VPN as one big IP block.
Like in the example below, where the entire range routed by the VPN concentrator is 10.64.0.0/10. Devices must receive an IP within the range of their own site. One way for PF to tell from which site the request is coming, might be the IP of the local switch (NAS).
PF (10.64.0.1/32) ---- VPN concentrator ---- site 1 (10.64.63.0/25) | |------ site 2 (10.64.63.128/25) |------ site 3 (10.64.64.0/24) Erik _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
