Re: [PacketFence-users] PacketFence 8.2 with pfSense as DHCP server? ; Equivalent to FreeRADIUS virtual severs?

Tue, 20 Nov 2018 18:24:02 -0800 

Hello Victor,

Le 18-11-20 à 15 h 28, Victor Hooi via PacketFence-users a écrit :

Hi,
I'm trying to setup PacketFence 8.2 for a new network, for WPA2-Enterprise and 802.1x for wired Ethernet ports.
We use Unifi wireless APs, with multiple SSIDs - ideally each should have their own user-list. 

The Fingerbank feature also looks interesting.
Our main router is running pfSense 2.4.5, and this provides DNS/DHCP. It also has FreeRADIUS. 

 1. Assuming we move FreeRADIUS to PacketFence. How do you do a
    virtual-server
    <https://wiki.freeradius.org/config/Virtual-server> setup in
    PacketFence, whereby you can have different user lists for
    different Wifi networks? (Unifi lets you set a different IP and
    port tuple for the RADIUS server for each network).
There is no need to create a virtual server, it can be done directly in the PacketFence config.
You just need to assign a specif role for a specific ssid, so if the device is not in the specific role then reject it. 



 1. Is it possible to keep pfSense as our main DHCP/DNS server?
yes of course, it's better to use the PacketFence's DHCP/DNS server for registration network but for your prod network use what you want. 

 1. The PacketFence administration guide mentions a DHCP sensor - but
    I assume this isn't available for FreeBSD/pfSense. So we need to
    setup some kind of relay, whereby DHCP broadcasts are also seen by
    PacketFence?
If you can build the go dhcp forwarder on freebsd then you will be good. (https://github.com/inverse-inc/packetfence-dhcp-forwarder)
Also broadcast in most cases is enough to do the fingerprinting of the device but if you want to keep track of the mac/ip then the unicast dhcp is needed (dhcp ack) 


 1. Are there any clear reasons we should use PacketFence for DHCP?


for registration network.


 1. Also, will the Fingerbank feature still work if we use DHCP relaying?


yes

Regards

Fabrice



Thanks,
Victor


_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to