The method used in PacketFence 1.6... was ARP Spoofing. Yes, I did just say arp spoofing. For the configuration/process:
- Trunk Vlan to server
- Give the PF server ip address on vlan
- Tell PF that it was trapping on that network
- Every 60 seconds it ran it's "Arp Gun"
- Inject mac address of PF server in as router of systems that were not registered
- Client would go to PF server as gateway
- PF server display captive portal
- User Registered with captive portal
- PF would "release user" Giving them back the correct address of the Production Router
This method worked fairly well. Some problems with it:
- Trapping/Registration didn't happen right away, could take hours.
- Clients that had the mac of the router on their subnet could place static entry in their arp table and bypass registration/trapping.
- A/V- Security suites would detect the mac change of the router and throw warnings.
- Overhead of listening on several vlans
Next Post will be on the upgrade process and current version. Stay tuned.