Shulou(Shulou.com)06/01 Report--

Packetfence Network admission system:

Open source access system, our company now has 6-700 people, is using. The version is 5.7. Now the latest ones are all 6. 5%. Too much

The main user experience is: the user's computer is connected to the network, and any web page that opens will automatically jump to a landing page, and you can enter the intranet only after registration.

Main features:

1. Bypass access

two。 Supports 802.1x or MAB authentication

3. Perfect support for Cisco 2960 switch with VLAN assignment

4. You can find a switch with IP address and MAC address.

5. Other functions can be discovered by yourself. It is also found that fewer people use this system in China. There are also very few documents.

Installation reference: or download the virtual machine directly from the official website.

Yum updateyum install mysql*yum install http*yum install php*yum install selinux off / etc/yum.repos.d/PacketFence.repo with the following content: [picketence] name=PacketFence Repositorybaseurl= http://inverse.ca/downloads/PacketFence/RHEL$releasever/$basearchgpgcheck=0yum install-- enablerepo=packetfence packetfencerpm-Uvh http://packetfence.org/downloads/PacketFence/RHEL6/`uname-i` / RPMS/packetfence-release-1-2.centos6.noarch.rpmyum install-- enablerepo=packetfence packetfenceDHCP:dd if=/dev/urandom bs=16 count=1 2 > / dev/null | openssl enc-e-base64cWm+adEfwNaes7VlBoyHdQ==vi / etc/sysctl.conf # Controls IP packet forwardingnet.ipv4.ip_forward = 1

Build a network:

The network segment DHCP other than the user is assigned by Packetfence

Vlan1 10.0.x.x 255.255.0.0 Management DHCPvlan2 192.168.120.1 255.255.252.0 RegistrationDHCPvlan3 192.168.130.1 255.255.252.0 Isolation DHCPvlan4 user DHCP Normal

Cisco 2960 switch configuration:

Dot1x system-auth-controlswitchport mode accessauthentication order dot1x mabauthentication priority dot1x mabauthentication port-control autoauthentication periodicauthentication timer restart 10800authentication timer reauthenticate 7200mabno snmp trap link-statusdot1x pae authenticatordot1x timeout quiet-period 2dot1x timeout tx-period 3aaa new-modelaaa group server radius packetfenceserver 10.0.111.111 auth-port 1812 acct-port 1813aaa authentication login default localaaa authentication dot1x default group packetfenceaaa authorization network default group packetfenceradius-server host 192.168.120.1 auth-port 1812 acct-port 1813 timeout 2 key passwordradius-server vsa send authenticationsnmp-server community public RW

Switch port configuration:

Switchport mode accessauthentication host-mode multi-domainauthentication order dot1x mabauthentication priority dot1x mabauthentication port-control autoauthentication periodicauthentication timer restart 10800authentication timer reauthenticate 10800mabno snmp trap link-statusdot1x pae authenticatordot1x timeout quiet-period 2dot1x timeout tx-period 3

Others need to take the time to study:

1. Escape plan: what to do with fail-open when the admittance system fails-cluster, or set the escape to return VLAN

two。 Automatic user registration-to be studied

3. LDAP certification-OK

4. Access security scan check-configure snort Server as the interface

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.