'Re: [PacketFence-users] Roles and vlans'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       packetfence-users
Subject:    Re: [PacketFence-users] Roles and vlans
From:       Diego Garcia del Rio via PacketFence-users <packetfence-users () lists ! sourceforge ! 
Date:       2021-12-10 17:32:49
Message-ID: CAL4zwzxEa22C284P-xa1uvmudr9buxNxy1-3QeOGGNGXOhgn=Q () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/related)]

[Attachment #4 (multipart/alternative)]


You might want to add the vlan as some field in AD / ldap and then see if
there is any way to access that using the radius or vlan filters to push
the vlan to the user. Not sure it will be possible to be honest



On Fri, Dec 10, 2021, 13:29 jj c <ece44780@gmail.com> wrote:

> nice thank you for the clarification and advice.
>
> we have many clients per client we have vlan with dhcp server.
> what we want to achieve is that when a client connect in the network using
> his AD acount in the portal.packetfence will give the right vlan to that
> client.
>
> so what we did is to put hundreds of vlan in roles. and put it in the
> authentication sources. so that when a client login in the
> portal. pf will send the right vlan.but it did not work out with what we
> are expecting.  maybe youre right we are misusing the roles.
>
> On Sat, Dec 11, 2021 at 12:05 AM Diego Garcia del Rio <garci66@gmail.com>
> wrote:
>
>> But how many roles are you defining ? Several hundred? If so then you're
>> probably misusing the roles. In that case, indeed, vlan-pool is what you
>> want.
>>
>> The manual describes vlan-pools as the following:
>>
>> For a VLAN pool instead of defining a VLAN identifier, you can set a
>> value like that: 20..23,27..30
>>
>> So... for example, for role "students"  you could define a vlan pool like
>> "1000..2999"  and if you select the "vlan pool technique" as "vlan per
>> user" as shown below:
>>
>> [image: image.png]
>>
>>
>>
>> then the system will allocate, for users belonging to the role "students"
>> one vlan in the range 1000 through 2999 (both inclusive). But if there are
>> more USERS in that role than VLANs then vlan allocation will start to fail.
>>
>> The other allocation methods can potentially give the same vlan to 2 or
>> more users.
>>
>>
>> Not sure what your use-case is, but vlan-per-user can be a pain to
>> manage. It makes sense in things like hotels or maybe university student
>> accommodation...
>>
>> cheers,
>>
>>
>>
>>
>> On Fri, Dec 10, 2021, 12:43 jj c <ece44780@gmail.com> wrote:
>>
>>> sorry for the confusion but i have 2 question here.
>>> 1. when i define roles with each own vlan and use it in authentication
>>> sources the packetfence 11.0  experience slowness.
>>> 2. i want to understand the vlan pool technique per_user_vlan.in the
>>> current manual there is no written details about it.
>>>
>>> On Fri, Dec 10, 2021 at 11:31 PM Diego Garcia del Rio <garci66@gmail.com>
>>> wrote:
>>>
>>>> you should be able to easily do vlan per role.. .but you seem to be
>>>> wanting a vlan per user?
>>>>
>>>> or you have 300 roles defined and each with its own vlan??
>>>>
>>>> On Fri, Dec 10, 2021 at 12:22 PM jj c via PacketFence-users <
>>>> packetfence-users@lists.sourceforge.net> wrote:
>>>>
>>>>> Hi to all,
>>>>> is it possible to bind roles per vlan? because we use vlan per client.
>>>>> lets say role1=vlan 10,role2=vlan20,role3=vlan30 and so on. the problem is
>>>>> when you put 300 vlan in authentication sources and roles we are
>>>>> experiencing slowness when browsing packetfence. also what is per user vlan
>>>>> in vlan technique i cannot find in the manual.
>>>>>
>>>>> Thank you,
>>>>> james
>>>>> _______________________________________________
>>>>> PacketFence-users mailing list
>>>>> PacketFence-users@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>
>>>>

[Attachment #7 (text/html)]

<div dir="auto">You might want to add the vlan as some field in AD / ldap and then \
see if there is any way to access that using the radius or vlan filters to push the \
vlan to the user. Not sure it will be possible to be honest  <div \
dir="auto"><br></div><div dir="auto"><br></div></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Dec 10, 2021, 13:29 jj \
c &lt;<a href="mailto:ece44780@gmail.com">ece44780@gmail.com</a>&gt; \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">nice thank you for \
the clarification and advice.<br><br>we have many clients per client we have vlan \
with dhcp server.<br>what we want to achieve is that when a client connect in the \
network using his AD acount in the portal.packetfence will give the right vlan to \
that client.<br><br>so what we did is to put hundreds of vlan in roles. and put it in \
the authentication sources. so that when a client login in the<br>portal. pf will \
send the right vlan.but it did not work out with what we are expecting.   maybe youre \
right we are misusing the roles.  <br></div><br><div class="gmail_quote"><div \
dir="ltr" class="gmail_attr">On Sat, Dec 11, 2021 at 12:05 AM Diego Garcia del Rio \
&lt;<a href="mailto:garci66@gmail.com" target="_blank" \
rel="noreferrer">garci66@gmail.com</a>&gt; wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="auto">But \
how many roles are you defining ? Several hundred? If so then you&#39;re probably \
misusing the roles. In that case, indeed, vlan-pool is what you want.</div><div \
dir="auto"><br></div><div dir="auto">The manual describes vlan-pools as the \
following:</div><div dir="auto"><br></div><div dir="auto"><span \
style="color:rgb(73,80,87);font-family:-apple-system,BlinkMacSystemFont,&quot;Segoe \
UI&quot;,Roboto,&quot;Helvetica Neue&quot;,Arial,&quot;Noto \
Sans&quot;,&quot;Liberation Sans&quot;,sans-serif,&quot;Apple Color \
Emoji&quot;,&quot;Segoe UI Emoji&quot;,&quot;Segoe UI Symbol&quot;,&quot;Noto Color \
Emoji&quot;;font-size:14.4px">For a VLAN pool instead of defining a VLAN identifier, \
you can set a value like that: 20..23,27..30</span></div><div dir="auto"><font \
color="#495057" face="-apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Helvetica \
Neue, Arial, Noto Sans, Liberation Sans, sans-serif, Apple Color Emoji, Segoe UI \
Emoji, Segoe UI Symbol, Noto Color Emoji"><span \
style="font-size:14.4px"><br></span></font></div><div dir="auto"><span \
style="color:rgb(73,80,87);font-family:-apple-system,BlinkMacSystemFont,&quot;Segoe \
UI&quot;,Roboto,&quot;Helvetica Neue&quot;,Arial,&quot;Noto \
Sans&quot;,&quot;Liberation Sans&quot;,sans-serif,&quot;Apple Color \
Emoji&quot;,&quot;Segoe UI Emoji&quot;,&quot;Segoe UI Symbol&quot;,&quot;Noto Color \
Emoji&quot;;font-size:14.4px"></span><font color="#495057" face="-apple-system, \
BlinkMacSystemFont, Segoe UI, Roboto, Helvetica Neue, Arial, Noto Sans, Liberation \
Sans, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol, Noto Color \
Emoji"><span style="font-size:14.4px">So... for example, for role \
&quot;students&quot;   you could define a vlan pool like &quot;1000..2999&quot;   and \
if you select the &quot;vlan pool technique&quot; as &quot;vlan per user&quot; as \
shown below:</span></font></div><div dir="auto"><font color="#495057" \
face="-apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Helvetica Neue, Arial, \
Noto Sans, Liberation Sans, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI \
Symbol, Noto Color Emoji"><span style="font-size:14.4px"><br></span></font></div><div \
dir="auto"><img src="cid:ii_kx0kvri90" alt="image.png" width="562" \
height="109"><br><div dir="auto"><br></div><div dir="auto"><br></div><div \
dir="auto"><br></div><div>then the system will allocate, for users belonging to the \
role &quot;students&quot; one vlan in the range 1000 through 2999 (both inclusive). \
But if there are more USERS in that role than VLANs then vlan allocation will start \
to fail.</div><div><br></div><div>The other allocation methods can potentially give \
the same vlan to 2 or more users.</div><div><br></div><div><br></div><div>Not sure \
what your use-case is, but vlan-per-user can be a pain to manage. It makes sense in \
things like hotels or maybe university student accommodation...  \
</div><div><br></div><div>cheers,</div><div><br></div><div><br></div><div \
dir="auto"><br></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Fri, Dec 10, 2021, 12:43 jj c &lt;<a \
href="mailto:ece44780@gmail.com" target="_blank" \
rel="noreferrer">ece44780@gmail.com</a>&gt; wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr">sorry for the confusion but i have \
2 question here. <br>1. when i define roles with each own vlan and use it in \
authentication sources the packetfence 11.0   experience slowness.<br>2. i want to \
understand the vlan pool technique <a href="http://per_user_vlan.in" rel="noreferrer \
noreferrer" target="_blank">per_user_vlan.in</a> the current manual there is no \
written details about it.</div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Fri, Dec 10, 2021 at 11:31 PM Diego Garcia del Rio &lt;<a \
href="mailto:garci66@gmail.com" rel="noreferrer noreferrer" \
target="_blank">garci66@gmail.com</a>&gt; wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr">you should be able to easily do \
vlan per role.. .but you seem to be wanting a vlan per user?  \
<br><div><br></div><div>or you have 300 roles defined and each with its own \
vlan??</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On \
Fri, Dec 10, 2021 at 12:22 PM jj c via PacketFence-users &lt;<a \
href="mailto:packetfence-users@lists.sourceforge.net" rel="noreferrer noreferrer" \
target="_blank">packetfence-users@lists.sourceforge.net</a>&gt; \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi to \
all,<div>is it possible to bind roles per vlan? because we use vlan per client. lets \
say role1=vlan 10,role2=vlan20,role3=vlan30 and so on. the problem is when you put \
300 vlan in authentication sources and roles we are experiencing slowness when \
browsing packetfence. also what is per user vlan in vlan technique i cannot find in \
the manual.</div><div><br></div><div>Thank you,<br>james</div></div> \
_______________________________________________<br> PacketFence-users mailing \
list<br> <a href="mailto:PacketFence-users@lists.sourceforge.net" rel="noreferrer \
noreferrer" target="_blank">PacketFence-users@lists.sourceforge.net</a><br> <a \
href="https://lists.sourceforge.net/lists/listinfo/packetfence-users" rel="noreferrer \
noreferrer noreferrer" \
target="_blank">https://lists.sourceforge.net/lists/listinfo/packetfence-users</a><br>
 </blockquote></div>
</blockquote></div>
</blockquote></div>
</blockquote></div>
</blockquote></div>

--00000000000061356f05d2ce1dea--


["image.png" (image/png)]



_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic