Hi Fabrice,
Thank you for answering my questions. So I'll add the vlans, APs local IP,
register all static clients and for wired ill add switch configs per the
documentation and not the cloud Meraki controller.
Thanks so much. It was a relief to hear back from someone,
On July 27, 2020 4:52:58 PM Durand fabrice via PacketFence-users
<packetfence-users@lists.sourceforge.net> wrote:
Le 20-07-26 à 21 h 10, Priscilla Lopez via PacketFence-users a écrit :
Hi ,Can someone confirm a few questions I have?
Goalb
I'm am trying to set up a captive portal for registration and isolation for
students and staff. Our goal is to registrar all staff and student BYOD and
ensure that devices not allowed on the network are not gaining access. A
later goal will be security posturing.
We already have meraki access points, meraki cloud based controller and an
on-campus windows radius server handling authentication via wifi.
For packetfence config confirm:
I've looked at the manual concerning this and it's not very clear or
helpful. I've also tried looking through discussions etc. If there is a
reference in the manual page that related tk my question? Or a link to a
discussion I missed that will be very helpful.
Do I add each Access Point local ip as switch in the config?
Yes, the radius request is coming from the AP , not from the controller.
Do I also add the Cloud Controller as a switch in the config?
Not needed.
It asks for the IP but it's a cloud controller so I have to lookup it' IP
address correct? I attempted to add ad Meraki cloud controller v2 but just
nedd confirmation I'm doing it right
Do you mean the controller ip in the switch config ? If it's that then you
don't need to specify it since the CoA is made on the AP.
I've already completed part of the instructions with the Meraki policies
and SSID.
Do I add all our vlans and all APs as we have a few that are not Meraki?
After I add our APs and cloud controller on order to Dd registration to the
wired network do I also our Core Juniper Switch and do I also have to add
all our other managed switches connected to the Main Core switch?
Depends of what vlan you will return but keep in mind that the traffic of
the device will go out from the AP and not from the controller, so
something like that should be ok:
native vlan: mgmt vlam
Spanned vlan: registration/isolation/All production vlan that devices
should be after registration
How does it then pass the authentication off to the already existing radius
server for appropriate vlan assignment instead of PF FreeRadius. Is this to
CoA for the wired and wireless?
yes CoA or disconnect
Our Vlans are per building with one switch in each building. We have one
Core switch then each switch is connected it in each building?
Just map the role to the correct vlan id on each ap.
AP from building A: staff vlan -> 22
AP from building B: staff vlan -> 55
....
As students move between building they loose connectivity as they reconnect
to the next vlan. I was informed it was for smaller broadcast
domain/collisions. We also have so much stuff on our network.
Would I have to register all those devices as well such as sensors,
copiers, non-Meraki access points, that are more for general use?
it depends, but i believe that copiers are per example connected to a
switch port, so if you manage the switch port with packetfence then yes
register it manually.
Regards
Fabrice
Thanks.
Regards,
Priscilla Lopez
Computers Systems Engineer
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
Priscilla Lopez
Computers Systems Engineer
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
