Hi Ludovic or other list members, just curious if there is any feedback. We have a Clearpass demo this afternoon I was hoping to compare/contrast to Packetfence.
Thanks, Steve On Mon, Jun 21, 2021 at 7:58 AM Steve Dainard <sdain...@spd1.com> wrote: > Hi Ludovic, > > 802.1X certificates for wifi/port auth. > > > Steve > > On Fri, Jun 18, 2021 at 4:54 AM Zammit, Ludovic <luza...@akamai.com> > wrote: > >> Hello Steve, >> >> Which type of RADIUS authentication are you doing 802.1x or Mac >> authentication ? >> >> Thanks, >> >> *Ludovic Zammit* >> *Product Support Engineer Principal* >> *Cell:* +1.613.670.8432 >> Akamai Technologies - Inverse >> 145 Broadway >> Cambridge, MA 02142 >> Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> >> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> >> <http://www.linkedin.com/company/akamai-technologies> >> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> >> >> On Jun 17, 2021, at 12:21 PM, Steve Dainard via PacketFence-users < >> packetfence-users@lists.sourceforge.net> wrote: >> >> Hello, >> >> First I'll say I'm just in the initial phase of spinning up a test >> instance of packetfence so please excuse my ignorance. >> >> From the docs it seems like the more common deployment scenarios are >> onprem, but I'd like to know how the following system design would work. >> >> We have multiple office sites, but the vast majority of our hosts are in >> EC2. Currently we're using MS NPS for radius auth but it doesn't cluster so >> we have to manually export/import configs, it doesn't have a web ui, and I >> can't natively send accounting info as syslog to Palo Alto for userid. Also >> we're more of a Linux shop and have a full config-management and deployment >> system for Linux hosts. >> >> My initial design idea was to: >> - launch 2 instances in our EC2/VPC region, each in a different AZ >> - use a highly available RDS DB backend >> - the instances might be behind an AWS load balancer (not sure on this >> due to Juniper switches not accepting fqdn in radius server statements) >> - the instances would all be assigned IP addresses via DHCP due to EC2 >> environment >> >> Topology: >> Onprem Network Devices -> (maybe/optionally) EC2 Load balancer -> >> packetfence instances -> RDS DB backend. >> >> There is documentation on a layer 3 HA implementation but >> the documentation is very focused on local DB's rather than just the >> application so it's difficult to understand the implications of split-brain >> if we're using an external DB. >> >> Because these are EC2 instances there are a few things made a bit more >> difficult such as not getting the host IP address until the instance is >> already provisioned but we should be able to handle this in config >> management. Also there is no virtual ip capability. >> >> I'm wondering does my deployment design result in: >> - active-active packetfence instances, ie. can they actively share the >> same external db? >> - ability to launch packetfence instances at will (configuration >> management would handle config files) | replace packetfence instances on >> the fly without concern of db corruption or service interruption >> - Use any of the instances web UI for configuration changes >> >> Also this issue https://github.com/inverse-inc/packetfence/issues/6396 >> <https://urldefense.com/v3/__https://github.com/inverse-inc/packetfence/issues/6396__;!!GjvTz_vk!D00_eOqWq16WwFrCSVh3I_UV7G_Lr7LUZj2CE7XjJ-Ec7wOQruu5roRqS7K4rUsH$> >> perhaps points out there are some shortcomings and potentially a lack of >> support in external db deployments. We would want some level of commercial >> support for this system so perhaps we're out of luck until this issue is >> addressed? >> >> Thanks for reading, >> Steve >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> >> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!D00_eOqWq16WwFrCSVh3I_UV7G_Lr7LUZj2CE7XjJ-Ec7wOQruu5roRqS21riLtg$ >> >> >>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
