+ Post New Thread
Results 1 to 7 of 7
How do you do....it? Thread, Wireless security - Packetfence advice etc in Technical; Hi guys Firstly - congrats on a great forum. I've been "lurking in the shadows" for a while reading some ...
  1. #1

    Join Date
    Mar 2009
    Location
    Herefordshire
    Posts
    25
    Thank Post
    7
    Thanked 4 Times in 3 Posts
    Rep Power
    12

    Wireless security - Packetfence advice etc

    Hi guys

    Firstly - congrats on a great forum. I've been "lurking in the shadows" for a while reading some resources and it's great. Some really helpful, friendly and knowledgeable guys out there amongst you! But now I think the time has come to create a post and ask for a bit of advice.

    At the high school where I'm working, they are taking the big step of introducing Wifi access. I've rolled this out with IAS authentication and it works great with staff authenticating against their AD account with their school laptops. I did this with help from some posts on this forum by the way!

    However they want to take the next step of allowing 6th form students wifi access. Obviously I wouldn't want to just allow AD authentication as the security risk from unmanaged student laptops is astronomical.

    I could go down the VLAN route but to be honest I don't see the point as a new school is being built and will be open in 12 months with all new kit, so there's not much point in investing in decent Layer 3 switches to cope.

    Instead, I've read recommendations about PacketFence, and I'm interesting in getting this set up in ARP poisoning mode so it handles authentication of student laptops on the Wireless APs that way however I'm at a loss as to configuring this. I've read the documentation but, unless I'm missing something, I can't find how to configure this in ARP mode. The doc seems to only cover VLAN mode.

    Can anyone spare any information as to configuring this and even better, point me to some online guide or resource that could help?

    Many thanks in advance for any advice you may be able to spare.

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Code:
    network.mode=arp

  3. Thanks to Geoff from:

    Fivetwelve (18th May 2009)

  4. #3

    Join Date
    Mar 2009
    Location
    Herefordshire
    Posts
    25
    Thank Post
    7
    Thanked 4 Times in 3 Posts
    Rep Power
    12
    Quote Originally Posted by Geoff View Post
    Code:
    network.mode=arp
    Cheers Geoff - I completely missed that!

    My next question would be - currently we are in a NAC free environment, so if I configure PF, will there be chaos as every device on the network tries to register/authenticate itself? Or can I just allow everything as normal except for joining wireless clients?

    Many thanks

  5. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Only if you enable trapping. If you don't it'll just tell you what would of happened. One thing in particular you must do is white list your servers/switches/network printers.

  6. Thanks to Geoff from:

    Fivetwelve (18th May 2009)

  7. #5

    Join Date
    Mar 2009
    Location
    Herefordshire
    Posts
    25
    Thank Post
    7
    Thanked 4 Times in 3 Posts
    Rep Power
    12
    Yeah that goes without saying. Wouldn't device registration etc play hell with XP clients logging onto the domain? E.g. all traffic is blocked until it's registered through the web page. Can it just be logged on as an admin and registered once for that MAC address?

  8. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Indeed you can, probably with a really long expiry (like months). you may wish to look at the 'pfcmd node' stuff. It's all in there.

  9. Thanks to Geoff from:

    Fivetwelve (18th May 2009)

  10. #7

    Join Date
    Mar 2009
    Location
    Herefordshire
    Posts
    25
    Thank Post
    7
    Thanked 4 Times in 3 Posts
    Rep Power
    12
    Thanks Geoff, you've been fantastic. I've downloaded the ZEN VMware image for PacketFence so I'll have a play with that with trapping disabled first and see how I get on.

SHARE:
+ Post New Thread

Similar Threads

  1. Packetfence - baffled
    By Simcfc73 in forum Wireless Networks
    Replies: 1
    Last Post: 26th November 2010, 11:22 AM
  2. [Suse] Linux Security Advice Needed
    By Stuarte in forum *nix
    Replies: 14
    Last Post: 23rd January 2009, 04:44 PM
  3. Wireless AP security
    By dezt in forum Wireless Networks
    Replies: 7
    Last Post: 18th June 2007, 01:12 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •