Red Hat NETWORK 4.1.0 - Guide de l'utilisateur Page 26
- Page / 101
- Table des matières
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
Chapter 5
Copyright © 2008-2013 Inverse inc.
Configuration 22
Inline enforcement uses ipset to mark nodes as registered, unregistered and isolated. It is also
now possible to use multiple inline interfaces, a node registered on the first inline interface
is mark with is couple ip:mac, so when the node try to register on an other inline interface
PacketFence detect that the node is already registered on the first VLAN. It is also possible to enable
inline.should_reauth_on_vlan_change to force user to reauthenticate when they change VLAN. ipset also
provides a better reponse time under inline enforcement and now we just have to wait 10s after the
registration to access to internet.
The outgoing interface should be specified by adding in pf.conf the option interfaceSNAT in inline section.
It is a comma delimited list of network interfaces like eth0,eth0.100. It’s also possible to specify a network
that will be routed instead of using NAT by adding in conf/networks.conf an option nat=no under one
or more network section.
Another important setting is the gateway statement. Since it this the only way to get the PacketFence
server inline interface ip address, it is mandatory to set it to this ip (which is supposed to be the same
as in the ip statement of the inline interface in conf/pf.conf) .
Hybrid mode
This section applies for hybrid support for the manageable devices that support 802.1x or mac-auth.
Hybrid enforcement is a mixed method that offers the use of inline enforcement mode with VLAN
enforcement mode on the same device. This technique is covered in details in the "Technical introduction
to Hybrid enforcement" section
DHCP and DNS Server Configuration
(networks.conf)
PacketFence automatically generates the DHCP configuration files for Registration, Isolation and Inline
VLANs. This is done by editing the network interfaces from the configuration module of the administration
Web interface (see the First Step section).
network Network subnet
netmask Network mask
gateway PacketFence IP address in this network
next_hop Used only with routed networks; IP address
of the router in this network (This is used
to locally create static routes to the routed
networks). See the Routed Networks section)
domain-name DNS name
- Version 4.1.0 - December 2013 2
- Table of Contents 3
- AboutthisGuide 5
- Introduction 6
- Network Integration 9
- Components 10
- System Requirements 11
- Operating System Requirements 12
- Installation 13
- RHEL 6.x 14
- Debian and Ubuntu 14
- Software Download 15
- Software Installation 15
- Configuration 17
- Apache Configuration 18
- Roles Management 19
- Authentication 20
- Working modes 22
- SNMP v1, v2c and v3 22
- From PacketFence to a switch 23
- From a switch to PacketFence 23
- Switch Configuration 23
- Web Services Interface 24
- Radius Secret 24
- Default VLAN/role assignment 25
- Hybrid mode 26
- (networks.conf) 26
- Production DHCP access 27
- Interface in every VLAN 28
- Routed Networks 29
- FreeRADIUS Configuration 32
- Samba / Kerberos / Winbind 33
- Starting PacketFence Services 37
- Log files 38
- Passthrough 38
- Proxy Interception 39
- Configuration by example 40
- Network Interfaces 41
- Switch Setup 42
- Inline enforcement specifics 47
- Optional components 49
- Violations 50
- Compliance Checks 53
- Scan on registration 55
- RADIUS Accounting 56
- Oinkmaster 57
- Floating Network Devices 57
- Here is how it works: 58
- Identification 58
- Guests Management 59
- Managed guests 60
- Guest pre-registration 60
- Statement of Health (SoH) 62
- Configuration of SoH policy 63
- Policy example 63
- Configure the feature 64
- SNMP Traps Limit 65
- Billing Engine 65
- Portal Profiles 66
- OAuth2 Authentication 67
- Gaming Devices Registration 68
- Iptables 69
- Log Rotations 69
- Logrotate (recommended) 69
- Log4perl 69
- High Availability 70
- Partitioning 71
- DRBD Configuration and setup 71
- MySQL Configuration 73
- Heartbeat configuration 74
- RADIUS HA configuration 76
- Performance optimization 77
- MySQL optimization tool 79
- Keeping tables small 79
- Captive Portal Optimizations 80
- Frequently Asked Questions 81
- VLAN assignment techniques 82
- MAC notification traps 85
- Port Security traps 85
- Device configuration 86
- Access control 86
- Limitations 86
- More on VoIP Integration 89
- Mac Authentication and 802.1X 90
- Additional Information 91
- Information 92
- Chapter 17 93
- Administration Tools 90 94
- Web Admin GUI 98
- In /usr/local/pf/raddb/users 100
Produits connexes et manuels pour Serveurs Red Hat NETWORK 4.1.0 -
Serveurs Red Hat NETSCAPE ENTERPRISE SERVER 6.1 - NSAPI PROGRAMMER GUIDE Guide d'installation
(91 pages)
(91 pages)
Serveurs Red Hat NETSCAPE ENTERPRISE SERVER 6.0 - NSAPI PROGRAMMER GUIDE Guide d'installation
(90 pages)
(90 pages)
© 2020, manymanuals.fr. Tous droits réservés | 1.625 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels