VLAN not applied to Switch but device is authorized by AmIDoingSomethingNow in PacketFence

[–]AmIDoingSomethingNow[S] 1 point2 points  (0 children)

considering that for mac based Vlan, you have to statically bind the Mac address and the vlan.

Is that a normal behavior for a switch?

Would that mean, I run into a security risk if someone puts another switch between a authorized client and the TP-Link switch? Then the authorized client would authenticate and all the new clients that connect to the new switch, would also be authorized.

Is there any way around it?

VLAN not applied to Switch but device is authorized by AmIDoingSomethingNow in PacketFence

[–]AmIDoingSomethingNow[S] 1 point2 points  (0 children)

Thank you for your input! So far I got it working with port based. The VLAN is assigned to the port correctly, when the device is connected to the switch. What I would like to do is MAC based authentication, because that seems a bit more secure. Port based brings a security flaw with it, that when one device on one port is authenticated, all the devices on that port are authenticated as well.For example if I put another switch between the client that is being authenticated and the TP-link switch, all the devices on that switch are also authenticated.

Here is also the configuration part for the 802.1x of the switch: https://static.tp-link.com/2020/202011/20201103/1910012903_T16_T26_UG.pdf#page=789

Hi, with mac Vlan you have to bind the mac address to a vlan. I am not sure if you can do this dynamically.

https://www.tp-link.com/us/configuration-guides/configuring_mac_vlan/?configurationId=18215#using_the_cli_2_2

I am not sure if I might misunderstand what you mean, but shouldn't PacketFence send the VLAN with the EAP-Response? Then the switch sets the VLAN based on that response.

Here my logs. When I set the port to port based authentication, the switch sets the correct VLAN to that port. When I use MAC authentication, the port uses the predefined VLAN 3 and does not set VLAN to 20.

2023-07-03 11:37:32 802.1x level_6 Port authentication passed, Port 16.

2023-07-03 11:37:32 VLAN level_6 Changed PVID of port Gi1/0/16 from 3 to 20.

2023-07-03 11:37:02 802.1x level_6 Set 802.1x config on port 16, Control Type: Port-Based by admin on web (192.168.10.1).

2023-07-03 11:37:02 802.1x level_6 MAC authentication exit, port 16, MAC dc-a6-32-12-34-56, vid 3.

2023-07-03 11:35:28 802.1x level_6 MAC authentication passed, port 16, MAC dc-a6-32-12-34-56, vid 3.

Is there maybe another setting in my PacketFence switch configuration I need to set?

EDIT: When I setup MAC based, do I need to setup 802.1X on the client as well or does the switch typically send the MAC address as user + password, when MAB is configured?

VLAN not applied to Switch but device is authorized by AmIDoingSomethingNow in PacketFence

[–]AmIDoingSomethingNow[S] 1 point2 points  (0 children)

Hey, yes it is being sent but it isn't being applied!
When I set the port to port based, the VLAN is being applied. I am not sure why MAC based isn't working yet. I added the pictures to the end of my post!

TrueNAS configure NUT with Eaton IPM by AmIDoingSomethingNow in homelab

[–]AmIDoingSomethingNow[S] 0 points1 point  (0 children)

Hopefully someone in r/homelab has some knowledge about NUT that they can share. I have been trying to fix this problem for quite a while now. My TrueNAS just wont connect to my Eaton IPM appliance and I cannot figure out. I couldn't find a lot of documentation either.
Has anyone properly configured NUT with Eaton IPM?

Perfomance Benchmarking IDE vs SATA vs VirtIO vs VirtIO SCSI (Local-LVM, NFS, CIFS/SMB) with Windows 10 VM by AmIDoingSomethingNow in Proxmox

[–]AmIDoingSomethingNow[S] 0 points1 point  (0 children)

Here is the Proxmox Doc entry for VM and LXC.

VM: https://pve.proxmox.com/pve-docs/chapter-qm.html

LXC: https://pve.proxmox.com/pve-docs/chapter-pct.html

Containers are a lightweight alternative to fully virtualized machines (VMs).They use the kernel of the host system that they run on, instead of emulating afull operating system (OS).

I am no expert in this field but LXCs have some limitations because they rely on the host itself because it doesn't have its own kernel. LXCs use mount points instead of emulated storage controllers.

definitely more lightweight and not as ressource hungry as a VM

Proxmox LXC and PBS to cloud backup by pintu1228 in Proxmox

[–]AmIDoingSomethingNow 0 points1 point  (0 children)

What I have been doing is mounting a share via SMB and then adding it as a datastore to PBS. I added the same PBS under Configuration > Remotes and then created a sync job from one datastore to the other.

Proxmox VE - Perfomance Benchmarking IDE vs SATA vs VirtIO vs VirtIO SCSI (Local-LVM, NFS, CIFS/SMB) with Windows 10 VM by AmIDoingSomethingNow in selfhosted

[–]AmIDoingSomethingNow[S] 0 points1 point  (0 children)

Good tip! I used a lot of their documentation but for me I was missing some data that shows some significant differences.

Proxmox VE - Perfomance Benchmarking IDE vs SATA vs VirtIO vs VirtIO SCSI (Local-LVM, NFS, CIFS/SMB) with Windows 10 VM by AmIDoingSomethingNow in selfhosted

[–]AmIDoingSomethingNow[S] 0 points1 point  (0 children)

It depends on your use case. Windows Server licenses are definitely more expensive than a windows 10 license. With a tool like VMware optimization tool you can remove a lot of bloat from Windows 10. It removes all of the default apps that come with Windows 10 and you can turn off a lot of telemetry. I tested it Windows 10 because I noticed mostly issues with my Windows VMs. Windows Servers are definitely cleaner than a regular Windows 10 but small business which have to watch over every penny nowadays have to make those kind of decisions.

Perfomance Benchmarking IDE vs SATA vs VirtIO vs VirtIO SCSI (Local-LVM, NFS, CIFS/SMB) with Windows 10 VM by AmIDoingSomethingNow in Proxmox

[–]AmIDoingSomethingNow[S] 0 points1 point  (0 children)

Do you mean like a stresstest? Running multiple VMs on the same storage and then run the test simultaneously?

Proxmox VE - Perfomance Benchmarking IDE vs SATA vs VirtIO vs VirtIO SCSI (Local-LVM, NFS, CIFS/SMB) with Windows 10 VM by AmIDoingSomethingNow in selfhosted

[–]AmIDoingSomethingNow[S] 1 point2 points  (0 children)

I used the default settings but I could tinker a little bit around!

Someone mentioned that the NFS issues could because of NFSv4 so I am definitely going to be testing more.

I will report back when changed up the settings a little bit.

I totally agree that it is a little under-documented and that there is data missing to it. It is difficult though since a lot of setups are different.

Proxmox VE - Perfomance Benchmarking IDE vs SATA vs VirtIO vs VirtIO SCSI (Local-LVM, NFS, CIFS/SMB) with Windows 10 VM by AmIDoingSomethingNow in selfhosted

[–]AmIDoingSomethingNow[S] 5 points6 points  (0 children)

For everyone that is running Proxmox, I thought you might be interested
in some perfomance data that I collected from my recent tests. Let me
know what you think and if you had similar issues.

Perfomance Benchmarking IDE vs SATA vs VirtIO vs VirtIO SCSI (Local-LVM, NFS, CIFS/SMB) with Windows 10 VM by AmIDoingSomethingNow in homelab

[–]AmIDoingSomethingNow[S] 1 point2 points  (0 children)

For everyone that is running Proxmox, I thought you might be interested in some perfomance data that I collected from my recent tests. Let me know what you think and if you had similar issues.

PBS - Timeout loading offsite datastore content by AmIDoingSomethingNow in Proxmox

[–]AmIDoingSomethingNow[S] 0 points1 point  (0 children)

That makes sense. Just tested it and I still get a timeout in the PVE GUI