Red Hat NETWORK 4.1.0 - Guide de l'utilisateur Page 90
- Page / 101
- Table des matières
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
Chapter 14
Copyright © 2008-2013 Inverse inc.
More on VoIP Integration 86
Note
Not all vendors support VoIP on port-security, please refer to the Network Configuration
Guide.
Mac Authentication and 802.1X
Cisco hardware
On Cisco switches, we are looking at the multi-domain configuration. The multi-domain means that we
can have one device on the VOICE domain, and one device on the DATA domain. The domain assignment
is done using a Cisco VSA. When the phone connects to the switchport, PacketFence will respond with
the proper VSA only, no RADIUS tunneled attributes. CDP then tells the phone to tag its ethernet frames
using the configured voice VLAN on the port. When a PC connects, the RADIUS server will return tunneled
attributes, and the switch will place the port in the provided access VLAN.
Non-Cisco hardware
On other vendor hardware, it is possible to make VoIP work using RADIUS VSAs. When a phone connects
to a switchport, PacketFence needs to return the proper VSA to tell the switch to allow tagged frames
from this device. When the PC will connect, we will be able to return standard RADIUS tunnel attributes
to the switch, that will be the untagged VLAN.
Note
Again, refer to the Network Configuration Guide to see if VoIP is supported on your
switch hardware.
What if CDP/LLDP feature is missing
It is possible that your phone doesn’t support CDP or LLDP. If it’s the case, you are probably looking at
the "DHCP way" of provisionning your phone with a voice VLAN. Some models will ask for a specific DHCP
option so that the DHCP server can give the phone a voice VLAN id. The phone will then reboot, and tag
its ethernet frame using the provided VLAN tag.
In order to make this scenario work with PacketFence, you need to ensure that you tweak the registration
and your production DHCP server to provide the DHCP option. You also need to make sure there is a voice
VLAN properly configured on the port, and that you auto-register your IP Phones (On the first connect,
the phone will be assigned on the registration VLAN).
- Version 4.1.0 - December 2013 2
- Table of Contents 3
- AboutthisGuide 5
- Introduction 6
- Network Integration 9
- Components 10
- System Requirements 11
- Operating System Requirements 12
- Installation 13
- RHEL 6.x 14
- Debian and Ubuntu 14
- Software Download 15
- Software Installation 15
- Configuration 17
- Apache Configuration 18
- Roles Management 19
- Authentication 20
- Working modes 22
- SNMP v1, v2c and v3 22
- From PacketFence to a switch 23
- From a switch to PacketFence 23
- Switch Configuration 23
- Web Services Interface 24
- Radius Secret 24
- Default VLAN/role assignment 25
- Hybrid mode 26
- (networks.conf) 26
- Production DHCP access 27
- Interface in every VLAN 28
- Routed Networks 29
- FreeRADIUS Configuration 32
- Samba / Kerberos / Winbind 33
- Starting PacketFence Services 37
- Log files 38
- Passthrough 38
- Proxy Interception 39
- Configuration by example 40
- Network Interfaces 41
- Switch Setup 42
- Inline enforcement specifics 47
- Optional components 49
- Violations 50
- Compliance Checks 53
- Scan on registration 55
- RADIUS Accounting 56
- Oinkmaster 57
- Floating Network Devices 57
- Here is how it works: 58
- Identification 58
- Guests Management 59
- Managed guests 60
- Guest pre-registration 60
- Statement of Health (SoH) 62
- Configuration of SoH policy 63
- Policy example 63
- Configure the feature 64
- SNMP Traps Limit 65
- Billing Engine 65
- Portal Profiles 66
- OAuth2 Authentication 67
- Gaming Devices Registration 68
- Iptables 69
- Log Rotations 69
- Logrotate (recommended) 69
- Log4perl 69
- High Availability 70
- Partitioning 71
- DRBD Configuration and setup 71
- MySQL Configuration 73
- Heartbeat configuration 74
- RADIUS HA configuration 76
- Performance optimization 77
- MySQL optimization tool 79
- Keeping tables small 79
- Captive Portal Optimizations 80
- Frequently Asked Questions 81
- VLAN assignment techniques 82
- MAC notification traps 85
- Port Security traps 85
- Device configuration 86
- Access control 86
- Limitations 86
- More on VoIP Integration 89
- Mac Authentication and 802.1X 90
- Additional Information 91
- Information 92
- Chapter 17 93
- Administration Tools 90 94
- Web Admin GUI 98
- In /usr/local/pf/raddb/users 100
Produits connexes et manuels pour Serveurs Red Hat NETWORK 4.1.0 -
Serveurs Red Hat NETSCAPE ENTERPRISE SERVER 6.1 - NSAPI PROGRAMMER GUIDE Guide d'installation
(91 pages)
(91 pages)
Serveurs Red Hat NETSCAPE ENTERPRISE SERVER 6.0 - NSAPI PROGRAMMER GUIDE Guide d'installation
(90 pages)
(90 pages)
© 2020, manymanuals.fr. Tous droits réservés | 2.562 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels