Developers guide

Chapter 5

Configuration 18

Network Devices Definition (switches.conf)

This section applies only for VLAN enforcement. Users planning to do inline enforcement only can skip

this section.

PacketFence needs to know which switches, access points or controllers it manages, their type and

configuration. All this information is stored in /usr/local/pf/conf/switches.conf. You can modify

the configuration directly in the switches.conf file or you can do it in the Web Administration panel

under Configuration � Network � Switches.

This files contains a default section including:

∏ List of VLANs managed by PacketFence

∏ Default SNMP read/write communities for the switches

∏ Default working mode (see note about working mode below)

and a switch section for each switch (managed by PacketFence) including:

∏ Switch IP

∏ Switch vendor/type

∏ Switch uplink ports (trunks and non-managed ports)

∏ per-switch re-definition of the VLANs (if required)

Note

switches.conf is loaded at startup. A restart is required when changes are made

to this file.

Working modes

There are three different working modes:

Testing pfsetvlan writes in the log files what it would normally do, but it

doesn’t do anything.

Registration pfsetvlan automatically-register all MAC addresses seen on the switch

ports. As in testing mode, no VLAN changes are done.

Production pfsetvlan sends the SNMP writes to change the VLAN on the switch

ports.

SNMP v1, v2c and v3

PacketFence uses SNMP to communicate with most switches. Starting with 1.8, PacketFence now supports

SNMP v3. You can use SNMP v3 for communication in both directions: from the switch to PacketFence

and from PacketFence to the switch.