Re: [PacketFence-users] Make PF function as NAT/Firewall with Radius and VLAN enforcement

Sun, 17 Feb 2019 17:09:38 -0800 

Hello Tony,

you can set the vlan as inline in PacketFence.

What i would do in this case is the following:
- Create on pf all the VLAN's an inline interface, per example eth1.10, eth1.11, eth1.12 .... (the vlan's you return when authenticated) 

- Set these vlan's id on the switch config (PacketFence side).

That's it.
The only issue you will have is when you unreg a device then it will stay on the inline vlan but hit the portal on the inline interface. 

If the device reconnect then it will go on the reg vlan.

Regards

Fabrice



Le 19-02-17 à 19 h 35, Tony W via PacketFence-users a écrit :

Hi there,

Trying to work out how to get PF to work as NAT/Firewall to the
internet whilst doing Radius and VLAN enforcement.

Is this possible? Reading the documentation, it appears that the
current version will work in hybrid mode
(A combination of both) but seems to be for "flat" networks on
switches that can not be managed.

I run a wireless network controller, where visitors connect to an SSID
(Assigned to a specific VLAN). This VLAN has no
Internet access.
Authentication is 802.1x. Once authenticated, visitor is directed to
one of a number of predetermined VLAN's by PF.
Each of the VLAN's shall have Internet access through the same PF box.
PF tells Ruckus to put the visitor in the
assigned VLAn. DHCP is used on the initial connection and each of the
VLAN's shall have their own DHCP scope.

I have done this before using FreeRadius with DaloRadius and a Ruckus
controller, configured manually on CentOS 7.3
with Firewall/NAT. That solution is lacking some of the nice extra
stuff integrated in PF.

Whilst not expecting someone to give me the whole solution, I am
looking for some pointers and confirmation that
PF is suitable for what I want to do.

Thanks in advance

Tony


_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users



_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to