Menu
▾
▴
Re: [PacketFence-users] VLAN isolation and routed networks
|
From: Ludovic Z. <lz...@in...> - 2020-04-23 11:50:31
|
Hello Erik, Yes it can assign VLAN only. Do you want a captive portal to register your devices or just do 802.1x/ mac authentication ? There a lot of feature that rely on DHCP handled by PacketFence for the captive portal, for example you will lose a good part the Profiling with Fingerbank that relies on DHCP traffic. Thanks, Ludovic Zammit lz...@in... <mailto:lz...@in...> :: +1.514.447.4918 (x145) :: www.inverse.ca <http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Apr 23, 2020, at 7:22 AM, Erik via PacketFence-users <pac...@li...> wrote: > > > > On 23-04-2020 00:24, Sallee, Jake via PacketFence-users wrote: >> PF works great with routed networks and depending on the details of your VPN connection I think it should work in your situation. > > Thanks, it's not the VPN I am wondering about, though. > > The most important requirement is that PF only tells the switches which VLAN to assign to the selected port, based on which client is connecting. It must not do DHCP or DNS. That will be done locally. Nor must it keep track of local DHCP assignments. > > VPN routing and firewall has been set up such that PF that the switches can talk to PF and vice versa. > > I am considering using the same VLAN ids on all sites (there are hundreds). To PF, the VPN presents the individual sites as one large network block, so PF won't know that they are actually numerous individual segments. To the individial locations it does not matter that VLAN ids are the same everywhere, because VLAN ids are stripped by the VPN anyway. > Communication between hosts on different locations is controlled by the VPN firewall. > > So the main question is, can PF assign VLAN only, without knowing or caring about IPs? > I am sure it can, as freeRADIUS can, but since I can't check myself yet, I am really curious to know. > > Erik > > > _______________________________________________ > PacketFence-users mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-users |
