Hello everyone,
My organization is new to Packetfence. My coworkers in the IT department are
not yet fully trained on how to work with it.
Since my coworkers might not know how to release a host from a "violation"
condition via the admin GUI (and I might not be available to assist them), I
recommended that they should power off the Packetfence server if they ever need
to deal with a situation in which a large number of hosts are stuck in
violation for some unexpected reason. Our Packetfence server does not move
hosts in "violation" to an isolated VLAN. Instead we redirect hosts (via RADIUS
reply sent from Packetfence to our Cisco switches) to the portal interface to
show users on isolated hosts the template with a reason why they are isolated.
Sample RADIUS reply for host in "violation" state:
[cid:[email protected]]
Since Packetfence is issuing the RADIUS reply, I expected the host would no
longer be "isolated" if the server is down (or if all pf services are stopped),
because the RADIUS reply would no longer be sent from Packetfence.
What actually happens is that the hosts in "violation" are still redirected
even though the Packetfence server is offline. I expect if I "shut/no shut" the
switch port, the host would no longer be isolated, but that seems like a very
suboptimal workaround to this problem, especially when accounting for a
worst-case scenario in the event that something could go completely haywire in
the system and change every switch port into an "isolation" state.
1. Does anyone have a better idea for how I can get hosts in "isolation"
to fail over to full network access in the event that the PacketFence server is
unavailable?
2. Does anyone know of any reason why I would not want to perform
isolation for hosts in violation and also set up the system to reverse the
isolation in the event that the Packetfence server is unavailable to their
switches?
3. Does anyone see any reason why this configuration would be
insecure/inadequate in terms of isolation during violation events?
Thank you,
Michael R. Haag
Computer Services Technician
Department of Information Technology
Madison County, NY
(315) 366-2204
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
