Le 20-07-26 à 21 h 10, Priscilla Lopez via PacketFence-users a écrit :
Hi ,Can someone confirm a few questions I have?
Goalb
I'm am trying to set up a captive portal for registration and
isolation for students and staff. Our goal is to registrar all
staff and student BYOD and ensure that devices not allowed on the
network are not gaining access. A later goal will be security posturing.
We already have meraki access points, meraki cloud based controller
and an on-campus windows radius server handling authentication via wifi.
For packetfence config confirm:
I've looked at the manual concerning this and it's not very clear or
helpful. I've also tried looking through discussions etc. If there is
a reference in the manual page that related tk my question? Or a link
to a discussion I missed that will be very helpful.
Do I add each Access Point local ip as switch in the config?
Yes, the radius request is coming from the AP , not from the controller.
Do I also add the Cloud Controller as a switch in the config?
Not needed.
It asks for the IP but it's a cloud controller so I have to lookup
it' IP address correct? I attempted to add ad Meraki cloud controller
v2 but just nedd confirmation I'm doing it right
Do you mean the controller ip in the switch config ? If it's that then
you don't need to specify it since the CoA is made on the AP.
I've already completed part of the instructions with the Meraki
policies and SSID.
Do I add all our vlans and all APs as we have a few that are not
Meraki? After I add our APs and cloud controller on order to Dd
registration to the wired network do I also our Core Juniper Switch
and do I also have to add all our other managed switches connected to
the Main Core switch?
Depends of what vlan you will return but keep in mind that the traffic
of the device will go out from the AP and not from the controller, so
something like that should be ok:
native vlan: mgmt vlam
Spanned vlan: registration/isolation/All production vlan that devices
should be after registration
How does it then pass the authentication off to the already existing
radius server for appropriate vlan assignment instead of PF
FreeRadius. Is this to CoA for the wired and wireless?
yes CoA or disconnect
Our Vlans are per building with one switch in each building. We have
one Core switch then each switch is connected it in each building?
Just map the role to the correct vlan id on each ap.
AP from building A: staff vlan -> 22
AP from building B: staff vlan -> 55
....
As students move between building they loose connectivity as they
reconnect to the next vlan. I was informed it was for smaller
broadcast domain/collisions. We also have so much stuff on our network.
Would I have to register all those devices as well such as sensors,
copiers, non-Meraki access points, that are more for general use?
it depends, but i believe that copiers are per example connected to a
switch port, so if you manage the switch port with packetfence then yes
register it manually.
Regards
Fabrice
Thanks.
Regards,
Priscilla Lopez
Computers Systems Engineer
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
