//
you're reading...
network, security

[PacketFence / Aruba IAP] part 1: setup

Since some DELL/Aruba IAPs users are interested in using PacketFence to secure their wireless networks,
i decided to write few articles on this topic.

Note: to be able to use PacketFence with an IAP, only the InstantOS is relevant, i use PacketFence with InstantOS since version 3.0 (we are at version 3.2 as today).

Quick reminder:

You can use PacketFence in different mode:

  • Inband (also called Inline Enforcement): PacketFence will act like a router/firewall , every access, every network packet, will be processed by PacketFence. This mode in useful when you have unmanaged network devices, but depending on your network usage, it can also put a huge overhead on your PacketFence system (we’ll talk about this later).
  • Out-of-band (also called vlan Enforcement): PacketFence will act like a network supervisor, managing your switch/hotspot …. regarding security policies.
  • Mixed: PacketFence will be used in both modes (inband and Out-of-Band), i personally don’t recommend using both of them unless you REALLY know what you are doing, this will make management and troubleshooting really harder.

That said, for this tutorial we will use PacketFence in “Out-of-band” mode.

Here is the setup:

  1. FW: a Fw/DHCP @192.168.1.1
  2. SW:  Layer2 manageable POE Switch @IP: 192.168.1.2
  3. HotSpot: Aruba IAP-93 @IP: 192.168.1.3
  4. NAC: PacketFence instance @IP: 192.168.1.10
  5. FILER:  samba server @IP: 192.168.1.11
  6. Laptop: Wireless Client @DHCP_CLIENT

PacketFence_Visio

Notes:

  • Packetfence is deployed as a virtual appliance (Packetfence ZEN), so there is only 1 physical Card (from the ESXi server) used for PacketFence.
  • Depending on your PacketFence configuration this can be in production (actually i’m using a virtualised PacketFence instance in production)

As we use Out-of-band mode (also called vlan Enforcement), we will use these VLAN:

– VLAN ID: 1 –> Data VLAN

– VLAN ID: 4 –> Registration VLAN

– VLAN ID: 5 –> Isolation VLAN (not used in this tutorial)

– VLAN ID: 6 –> Guest VLAN (not used in this tutorial)

Note: these VLAN will be also defined on the SW configuration (we’ll talk about it in the second part).

OK that’s it for the first part, in the next part :

  • we will see how to configure PacketFence.
  • we will update the network diagram

Stay tuned!

Discussion

4 thoughts on “[PacketFence / Aruba IAP] part 1: setup

  1. I personally Think posting, “[PacketFence / Aruba IAP] part 1: setup My life in IT Land” was perfect!
    I actuallycannot see eye to eye along with you even more! Finally appears like Idiscovered a blog page truly worth
    reading. Thanks, Rowena

    Posted by http://tinyurl.com/holygibbs15500 | 2013/02/07, 07:29
  2. Hi, this is exaclty my setup… any chance for you to continue your tutorial? I am having setup troubles and tutorials like this on packetfence are impossible to find.

    Thanks.

    Posted by Bob | 2013/05/16, 13:06
  3. post your smart switch config please, or your issue is not realy help :\

    Posted by tester | 2014/03/17, 16:39
  4. GreatStart I guess you’re as far as I am

    Posted by AHHH | 2014/06/19, 15:28

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Calendar

February 2013
M T W T F S S
« Sep    
 123
45678910
11121314151617
18192021222324
25262728  
%d bloggers like this: