Hello, Your switch management interface needs to talk to PacketFence management interface over RADIUS UDP 1812 in order to do the authentication. PF needs to talk to the AD as well if you want to do 802.1x EAP PEAP.
PacketFence does not need to have an interface in all network vlan production. Thanks, Ludovic Zammit [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: www.inverse.ca <http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Sep 16, 2020, at 10:39 AM, 'van Rooij Neal' via PacketFence-users > <[email protected]> wrote: > > Hello all, > > I'd like some help understanding something about interface managment because > I don't know if I should activate the NAC process on all my interfaces or not. > > My network looks like below: > > | Router | on fa0/1 > | > | AD Server | ------ | Switch | ------- | PacketFence | > on fa0/3 | on fa0/2 > | Computers | > on fa0/4-8 > > > I have a Managment VLAN on Fa0/2-3 and configured the NAC process on Fa0/4-8. > Should I include Fa0/2-3 in the process, add the nodes in PF and set up a > MGMT role for them ? > > And what about Fa0/1 ? Should something be done about this one ? > > > Or is the fact that my switch isn't entirely an Access switch the issue here ? > Should I split the network in a Core/Distrib + Access system ? > > Thanks for the replies and have a good day, > Neal > > > > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
