Need parameter to push gateway on VIP only

inverse-inc / packetfence

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.

https://packetfence.org

GNU General Public License v2.0

1.39k stars 291 forks source link

Need parameter to push gateway on VIP only #3363

Open julsemaan opened 6 years ago

julsemaan commented 6 years ago

Similarly to the active_active.dns_on_vip_only parameter, we would need the same for the gateway since its not pushing all the cluster members as possible gateways.

This can cause an issue if there are some ACLs in the registration VLAN containing the traffic on the VIP

fdurand commented 6 years ago

In the case of a registration vlan in layer2 packetfence send the list of all members of a cluster as a gateway. In layer3, the gateway of the client is the layer3 interface of the remote registration network and the core switch do the routing. So for dns it make sense but for gateway i don't see the point.

julsemaan commented 6 years ago

I have users that actually put an ACL in the L2 registration VLAN so that would cause problem for them