Developers guide

Chapter 6

Configuration by example 36

Configuration by example

Here is an end-to-end sample configuration of PacketFence in "Hybrid" mode (VLAN mode and Inline mode

at the same time).

Assumptions

Throughout this configuration example we use the following assumptions for our network infrastructure:

∏ There are two different types of manageable switches in our network: Cisco Catalyst 2900XL and Cisco

Catalyst 2960, and one unmanageable device.

∏ VLAN 1 is the "normal" VLAN - users with the "default" role will be assigned to it

∏ VLAN 2 is the registration VLAN (unregistered devices will be put in this VLAN)

∏ VLAN 3 is the isolation VLAN (isolated devices will be put in this VLAN)

∏ VLANs 2 and 3 are spanned throughout the network

∏ VLAN 4 is the MAC detection VLAN (void VLAN)

∏ VLAN 4 must be defined on all the switches that do not support port-security (in our example Catalyst

2900XL do not support port-security with static MAC address). No need to put it in the trunk port.

∏ VLAN 5 is the inline VLAN (In-Band, for unmanageable devices)

∏ We want to isolate computers using Limewire (peer-to-peer software)

∏ We use Snort as NIDS

∏ The traffic monitored by Snort is spanned on eth1

∏ The DHCP server on the PacketFence box that will take care of IP address distribution in VLANs 2, 3 and 5

∏ The DNS server on the PacketFence box that will take care of domain resolution in VLANs 2 and 3

The network setup looks like this:

VLAN ID VLAN Name Subnet Gateway PacketFence Address

1 Normal 192.168.1.0/24 192.168.1.1 192.168.1.5

2 Registration 192.168.2.0/24 192.168.2.1 192.168.2.1

3 Isolation 192.168.3.0/24 192.168.3.1 192.168.3.1

4 Mac Detection

5 Inline 192.168.5.0/24 192.168.5.1 192.168.5.1

100 Voice