packetfence administration guide - inverse .packetfence administration guide for version 3.2.0.

Download PacketFence Administration Guide - Inverse .PacketFence Administration Guide for version 3.2.0.

Post on 19-Jul-2018

214 views

Category:

Documents

2 download

Embed Size (px)

TRANSCRIPT

  • PacketFence Administration Guidefor version 3.2.0

  • PacketFence Administration GuideOlivier BilodeauFranois GaudreaultDerek WuelfrathDominik Gehl

    Version 3.2.0 - February 2012Copyright 2008-2012 Inverse inc.

    Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 orany later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copyof the license is included in the section entitled "GNU Free Documentation License".

    The fonts used in this guide are licensed under the SIL Open Font License, Version 1.1. This license is available with a FAQ at: http://scripts.sil.org/OFL

    Copyright Barry Schwartz, http://www.crudfactory.com, with Reserved Font Name: "Sorts Mill Goudy".

    Copyright Raph Levien, http://levien.com/, with Reserved Font Name: "Inconsolata".

    http://scripts.sil.org/OFLhttp://www.crudfactory.comhttp://levien.com/

  • Revision HistoryRevision 2.0 2012-02-22 FG, OB, DWDocumentation ported to asciidoc. Added section for accounting violations based on bandwidth, OpenVAS-based clientside policy compliance and billing integration. Updated FreeRADIUS 2 config and log locations. More documentationabout running a scan from a remote server. Improvements to the trap limit feature description. Updated guestregistration configuration section (new parameter introduced). Added basic VoIP documentation and warning regardingCLI access due to #1370.Revision 1.0 2008-12-13 DGFirst OpenDocument version.

  • Copyright 2008-2012 Inverse inc. iv

    Table of ContentsAbout this Guide ................................................................................................................. 1

    Othersourcesof information ......................................................................................... 1Introduction ....................................................................................................................... 2

    Features .................................................................................................................... 2Network Integration .................................................................................................... 4Components .............................................................................................................. 5

    System Requirements .......................................................................................................... 6Assumptions .............................................................................................................. 6Minimum Hardware Requirements ................................................................................. 6Operating System Requirements .................................................................................... 7

    Installation ........................................................................................................................ 8OS Installation ............................................................................................................ 8Software Download ..................................................................................................... 9Software Installation .................................................................................................. 10

    Configuration .................................................................................................................... 11First Step ................................................................................................................. 11Web-based Administration Interface .............................................................................. 11Global configuration file (pf.conf) ................................................................................. 12Apache Configuration ................................................................................................. 12SELinux .................................................................................................................... 13Authentication (flat file, LDAP/AD, RADIUS) ..................................................................... 13Network Devices Definition (switches.conf) .................................................................... 14Default VLAN assignment ............................................................................................ 17Inline enforcement configuration .................................................................................. 17DHCP and DNS Server Configuration (networks.conf) ........................................................ 18Production DHCP access ............................................................................................. 19Routed Networks ....................................................................................................... 21FreeRADIUS Configuration ............................................................................................ 24Starting PacketFence Services ...................................................................................... 28Log files .................................................................................................................. 28

    Configuration by example ................................................................................................... 29Assumptions ............................................................................................................. 29Network Interfaces .................................................................................................... 30Switch Setup ............................................................................................................ 31switches.conf ............................................................................................................ 32pf.conf .................................................................................................................... 33networks.conf ........................................................................................................... 35Inline enforcement specifics ........................................................................................ 36

    Optional components ......................................................................................................... 37Blocking malicious activities with violations ................................................................... 37Conformity Scan ........................................................................................................ 41RADIUS Accounting .................................................................................................... 43Oinkmaster ............................................................................................................... 44Floating Network Devices ............................................................................................ 45Guest management ................................................................................................... 47Statement of Health (SoH) .......................................................................................... 50Apple wireless profile provisioning ............................................................................... 51SNMP traps limit ....................................................................................................... 52Billing engine ........................................................................................................... 53

    Operating System Best Practices .......................................................................................... 54Iptables ................................................................................................................... 54

  • Copyright 2008-2012 Inverse inc. v

    Log Rotations ........................................................................................................... 54Logrotate (recommended) ........................................................................................... 54Log4perl ................................................................................................................... 54High availability ........................................................................................................ 55

    Performance optimization ................................................................................................... 62MySQL optimizations .................................................................................................. 62Captive portal optimizations ....................................................................................... 65

    Frequently Asked Questions ................................................................................................ 66Technical introduction to VLAN enforcement .......................................................................... 67

    Introduction ............................................................................................................. 67VLAN assignment techniques ....................................................................................... 67More on SNMP traps VLAN isolation ............................................................................. 68

    Technical introduction to Inline enforcement .......................................................................... 71Introduction ............................................................................................................. 71Device configuration .................................................................................................. 71Acces

Recommended

View more >