Sorry for the amount of detail, but we are trying to setup 
PacketFence and wanted to include as much info as possible to help diagnose our 

                We have PacketFence installed on a server (  We 
have three interfaces defined in PacketFence: Management (, 
Isolation (, and Registration (  Those interfaces 
are plugged into our core Extreme Networks Summit switch into matching VLANs: 
"Internal_Appliances" (, "MAC_Isolation" (, and 
"MAC_Registration" (

That switch is then uplinked to our desktop switch, where we have created a 
"MAC_Isolation" (, "MAC_Registration" (, MAC_Temp 
(no IP), and "Desktops" (  We want the ports to eventually end 
up in the "Desktops" VLAN after authorization.

                The steps below were performed on the Extreme switch to which 
the desktops are connected, using Port 5:13 as our test.

create vlan MAC_Registration
config vlan "MAC_Registration" tag 369
create vlan MAC_Temp
enable snmp access
configure snmp add trapreceiver community public vr VR-DEFAULT
configure vlan MAC_Registration add ports 5:13 untagged
configure ports 5:13 vlan MAC_Registration lock-learning
disable snmp traps port-up-down ports 5:13
configure radius netlogin primary server 1812 client-ip 
vr VR-Default
configure radius netlogin primary shared-secret (password)
enable radius netlogin
configure netlogin vlan MAC_Temp
enable netlogin mac
configure netlogin dynamic-vlan enable
configure netlogin dynamic-vlan uplink-ports 4:45
configure netlogin mac authentication database-order radius
enable netlogin ports 5:13 mac
configure netlogin ports 5:13 mode port-based-vlans
configure netlogin ports 5:13 no-restart

        Now, every 5 minutes, these messages show up in the switch log and the 
test desktop in question doesn't show up in the nodes in PacketFence.

07/30/2014 13:47:39.42 <Info:nl.ClientAuthFailure> Slot-1: Authentication 
failed for Network Login MAC user 3C970EADB66B Mac 3C:97:0E:AD:B6:6B port 5:13
07/30/2014 13:47:39.42 <Warn:AAA.RADIUS.noServResp> Slot-1: No response from 
server trying local.
07/30/2014 13:47:39.42 <Warn:AAA.RADIUS.noServerResp> Slot-1: No servers 
07/30/2014 13:47:36.42 <Warn:AAA.RADIUS.resendPkt> Slot-1: Resend request to 
Authentication Server address current request count is 2
07/30/2014 13:47:33.41 <Warn:AAA.RADIUS.resendPkt> Slot-1: Resend request to 
Authentication Server address current request count is 1

        The results of "show netlogin" and "show radius" on the switch returns 
the following:
Slot-1 Stack.4 # show netlogin

NetLogin Authentication Mode : web-based DISABLED;  802.1x DISABLED;  mac-based 
NetLogin VLAN                : "MAC_Temp"
NetLogin move-fail-action    : Deny
NetLogin Client Aging Time   : 5 minutes
Dynamic VLAN Creation        : Enabled
Dynamic VLAN Uplink Ports    : 4:45

        Web-based Mode Global Configuration
Base-URL                 :
Default-Redirect-Page    : ENABLED;
Logout-privilege         : YES
Netlogin Session-Refresh : ENABLED; 3 minute(s) 0 second(s)
Refresh failures allowed : 0
Reauthenticate on refresh: Disabled
Authentication Database  : Radius, Local-User database
Proxy Ports              : 80(http),443(https)

        802.1x Mode Global Configuration
Quiet Period                    : 60
Supplicant Response Timeout     : 30
Re-authentication period        : 3600
Max Re-authentications          : 3
RADIUS server timeout           : 30
EAPOL MPDU version to transmit  : v1
Authentication Database         : Radius

          MAC Mode Global Configuration

MAC Address/Mask      Password (encrypted)            Port(s)
--------------------  ------------------------------  ------------------------
Default               <not configured>                any

Re-authentication period        : 0 (Re-authentication disabled)
Authentication Database         : Radius

Port: 5:13,  Vlan: MAC_Registration,  State: Enabled,  Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled

MAC                IP address       Authenticated     Type    ReAuth-Timer   
3c:97:0e:ad:b6:6b          No                MAC     0
(B) - Client entry Blackholed in FDB

Number of Clients Authenticated  : 0

Slot-1 Stack.5 # show radius
Switch Management Radius: disabled
Switch Management Radius server connect time out: 3 seconds
Switch Management Radius Accounting: disabled
Switch Management Radius Accounting server connect time out: 3 seconds
Netlogin Radius: enabled
Netlogin Radius server connect time out: 3 seconds
Netlogin Radius Accounting: disabled
Netlogin Radius Accounting server connect time out: 3 seconds

Primary Netlogin Radius server:
    Server name   :
    IP address    :
    Server IP Port:  1812
    Client address: (VR-Default)
    Shared secret :  2\q;sJ;@F=8Bjn
Access Requests   :  13752           Access Accepts    :  0
Access Rejects    :  0               Access Challenges :  0
Access Retransmits:  9168            Client timeouts   :  4584
Bad authenticators:  0               Unknown types     :  0
Round Trip Time   :  0


Information in this e-mail may be confidential. It is intended only for the 
addressee(s) identified above. If you are not the addressee(s), or an employee 
or agent of the addressee(s), please note that any dissemination, distribution, 
or copying of this communication is strictly prohibited. If you have received 
this e-mail in error, please notify the sender of the error.
PacketFence-announce mailing list

Reply via email to