Hi Fabrice, Thank you for that.
So for PF, set 1 external interface (WAN) with Internet access (Inline) Then set at least 1 internal interface (LAN) with VLAN's, say 10 for SSID, 11, 12, 13, 14....for the users to be allocated to once authenticated. I do not need (Or want) Internet access on VLAN 10, only DHCP for the client devices. When the client device successfully authenticates, the client traffic will go to the selected/allocated VLAN (11, 12, 13 or ....) and be given new IP addresses by DHCP. It is no big deal regarding people being on the initial VLAN 10 as not many will be there at any one time. Just a quick question specific to CentOS 7.6 and PF. CentOS 7.x issues interface names like em1, em2, p2p1, p2p2 etc., instead of the old style eth0, eth1... Will PF still work OK, if I change this to the old style (See link below)? https://sites.google.com/site/syscookbook/rhel/rhel-network-interface-rename-rhel7 I feel more comfortable using the old interface naming convention and the above procedure works well:-) On Mon, 18 Feb 2019 at 12:09, Durand fabrice via PacketFence-users <packetfence-users@lists.sourceforge.net> wrote: > > Hello Tony, > > you can set the vlan as inline in PacketFence. > > What i would do in this case is the following: > > - Create on pf all the VLAN's an inline interface, per example eth1.10, > eth1.11, eth1.12 .... (the vlan's you return when authenticated) > > - Set these vlan's id on the switch config (PacketFence side). > > That's it. > > The only issue you will have is when you unreg a device then it will > stay on the inline vlan but hit the portal on the inline interface. > > If the device reconnect then it will go on the reg vlan. > > Regards > > Fabrice > > > > Le 19-02-17 à 19 h 35, Tony W via PacketFence-users a écrit : > > Hi there, > > > > Trying to work out how to get PF to work as NAT/Firewall to the > > internet whilst doing Radius and VLAN enforcement. > > > > Is this possible? Reading the documentation, it appears that the > > current version will work in hybrid mode > > (A combination of both) but seems to be for "flat" networks on > > switches that can not be managed. > > > > I run a wireless network controller, where visitors connect to an SSID > > (Assigned to a specific VLAN). This VLAN has no > > Internet access. > > Authentication is 802.1x. Once authenticated, visitor is directed to > > one of a number of predetermined VLAN's by PF. > > Each of the VLAN's shall have Internet access through the same PF box. > > PF tells Ruckus to put the visitor in the > > assigned VLAn. DHCP is used on the initial connection and each of the > > VLAN's shall have their own DHCP scope. > > > > I have done this before using FreeRadius with DaloRadius and a Ruckus > > controller, configured manually on CentOS 7.3 > > with Firewall/NAT. That solution is lacking some of the nice extra > > stuff integrated in PF. > > > > Whilst not expecting someone to give me the whole solution, I am > > looking for some pointers and confirmation that > > PF is suitable for what I want to do. > > > > Thanks in advance > > > > Tony > > > > > > _______________________________________________ > > PacketFence-users mailing list > > PacketFence-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
