[prev in list] [next in list] [prev in thread] [next in thread] 

List:       packetfence-users
Subject:    Re: [PacketFence-users] PacketFence v13 & Role Mapping by VLAN ID
From:       Chris Vogel via PacketFence-users <packetfence-users () lists ! sourceforge ! net>
Date:       2024-04-26 6:28:18
Message-ID: 4a1d1c73-6566-453d-99cf-e26bf9868688 () z9 ! de
[Download RAW message or body]


Hey Marc, hey everybody,

Am 25.04.24 um 00:02 schrieb Mark Okuno via PacketFence-users:
> One last thing: while the new VLAN roles appear in the Roles screen, 
> they were not appearing as options to select for the nodes.   I had to 
> restart the VM in order for them to become available when configuring nodes.

**One remark**: I just tried to add a role in PF13.1 and immediately 
tried to add it to an unregistered node without role and this worked on 
my installation (no ZEN running directly on hardware).

**One question**: You write "VLAN roles" and I'm wondering whether I 
understood the term "role" in PFs context correctly: I thought that the 
role is an abstraction for whatever enforcement mode is used. E.g.

A node in the role guest:

- might be constraint by vlan enforcement to a certain vlan
- might be denied access to certain switches
- might be restricted by inline firewall rules when connected to a 
network configured to use inline enforcement
- might be restricted by access lists on the switch it is connected to

In short the guest node would get more or less the same permissions by 
very different enforcement modes on different parts of the network 
depending on the network equipment and needs for the different parts of 
the network.

Am I wrong here and the role should always be thought of being related 
directly to a vlan?


Chris


_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[prev in list] [next in list] [prev in thread] [next in thread]