From: Regis B. <rba...@in...> - 2008-05-15 18:18:11
|
Hi Matt, > Trying to set up vlan isolation here and have a few questions. We’re > using Nortel switches. From what we can tell they have linkup/LinkDown > traps as well as Port Security Traps, but no mac notification traps. > Anyways, my questions are: > - How should the vlans be configured in the switches? I’m > thinking they should they be created, but not applied to any ports, but > not sure. MAC Detection, Registration and Isolation VLANs should be declared in the switch. Registration and Isolation should only be applied on trunk ports (MAC Detection is just a "local" VLAN so no need to apply it on trunk ports) and PacketFence must be able to access these 2 VLANs (whether it has an IP in each VLAN or those 2 VLANs are routed to PF) > > - How well will Port Security allow for Hubs to be connected? > I’m assuming gateway/router devices would be ok because traffic would be > coming from a single mac-address. Does anyone have any experience > setting this up with Nortel gear? Ports with Hubs connected to them must be declared as "uplinks" (in conf/switches.conf). Otherwise traffic must come from one MAC address only. > > > > - Is there still a whitelist for mac’s we don’t want to have to > register? No there is no whitelist with VLAN isolation. The reason is simple: if a MAC is not registered in the system (i.e. in PacketFence database), how will PacketFence know in which VLAN put the port in which this MAC is connected to ? So right now we haven't added this feature yet. But if many people think this feature is insteresting, we can start a thread in which we exchange ideas on how to manage whitelist with VLAN isolation... > > > > Any advice/info is appreciated. > > > > Thanks > > > > Matt > > md...@un... > > > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > > ------------------------------------------------------------------------ > > _______________________________________________ > Packetfence-devel mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-devel -- rba...@in... :: +1.514.755.3650 :: http://www.inverse.ca |