Sorry for the amount of detail, but we are trying to setup PacketFence and wanted to include as much info as possible to help diagnose our issue.
We have PacketFence installed on a server (172.22.0.3). We have three interfaces defined in PacketFence: Management (172.22.0.3/23), Isolation (12.22.2.3/23), and Registration (172.22.38.3/23). Those interfaces are plugged into our core Extreme Networks Summit switch into matching VLANs: "Internal_Appliances" (172.22.0.1/23), "MAC_Isolation" (172.22.2.1/23), and "MAC_Registration" (172.22.38.1/23). That switch is then uplinked to our desktop switch, where we have created a "MAC_Isolation" (172.22.2.2/23), "MAC_Registration" (172.22.38.2/23), MAC_Temp (no IP), and "Desktops" (172.22.34.2/23). We want the ports to eventually end up in the "Desktops" VLAN after authorization. The steps below were performed on the Extreme switch to which the desktops are connected, using Port 5:13 as our test. create vlan MAC_Registration config vlan "MAC_Registration" tag 369 create vlan MAC_Temp enable snmp access configure snmp add trapreceiver 172.22.0.3 community public vr VR-DEFAULT configure vlan MAC_Registration add ports 5:13 untagged configure ports 5:13 vlan MAC_Registration lock-learning disable snmp traps port-up-down ports 5:13 configure radius netlogin primary server 172.22.0.3 1812 client-ip 172.22.32.2 vr VR-Default configure radius netlogin primary shared-secret (password) enable radius netlogin configure netlogin vlan MAC_Temp enable netlogin mac configure netlogin dynamic-vlan enable configure netlogin dynamic-vlan uplink-ports 4:45 configure netlogin mac authentication database-order radius enable netlogin ports 5:13 mac configure netlogin ports 5:13 mode port-based-vlans configure netlogin ports 5:13 no-restart Now, every 5 minutes, these messages show up in the switch log and the test desktop in question doesn't show up in the nodes in PacketFence. 07/30/2014 13:47:39.42 <Info:nl.ClientAuthFailure> Slot-1: Authentication failed for Network Login MAC user 3C970EADB66B Mac 3C:97:0E:AD:B6:6B port 5:13 07/30/2014 13:47:39.42 <Warn:AAA.RADIUS.noServResp> Slot-1: No response from server 172.22.0.3 trying local. 07/30/2014 13:47:39.42 <Warn:AAA.RADIUS.noServerResp> Slot-1: No servers responding 07/30/2014 13:47:36.42 <Warn:AAA.RADIUS.resendPkt> Slot-1: Resend request to Authentication Server address 172.22.0.3 current request count is 2 07/30/2014 13:47:33.41 <Warn:AAA.RADIUS.resendPkt> Slot-1: Resend request to Authentication Server address 172.22.0.3 current request count is 1 The results of "show netlogin" and "show radius" on the switch returns the following: Slot-1 Stack.4 # show netlogin NetLogin Authentication Mode : web-based DISABLED; 802.1x DISABLED; mac-based ENABLED NetLogin VLAN : "MAC_Temp" NetLogin move-fail-action : Deny NetLogin Client Aging Time : 5 minutes Dynamic VLAN Creation : Enabled Dynamic VLAN Uplink Ports : 4:45 ------------------------------------------------ Web-based Mode Global Configuration ------------------------------------------------ Base-URL : network-access.com Default-Redirect-Page : ENABLED; http://www.extremenetworks.com Logout-privilege : YES Netlogin Session-Refresh : ENABLED; 3 minute(s) 0 second(s) Refresh failures allowed : 0 Reauthenticate on refresh: Disabled Authentication Database : Radius, Local-User database Proxy Ports : 80(http),443(https) ------------------------------------------------ ------------------------------------------------ 802.1x Mode Global Configuration ------------------------------------------------ Quiet Period : 60 Supplicant Response Timeout : 30 Re-authentication period : 3600 Max Re-authentications : 3 RADIUS server timeout : 30 EAPOL MPDU version to transmit : v1 Authentication Database : Radius ------------------------------------------------ ------------------------------------------------ MAC Mode Global Configuration ------------------------------------------------ MAC Address/Mask Password (encrypted) Port(s) -------------------- ------------------------------ ------------------------ Default <not configured> any Re-authentication period : 0 (Re-authentication disabled) Authentication Database : Radius ------------------------------------------------ Port: 5:13, Vlan: MAC_Registration, State: Enabled, Authentication: mac-based Guest Vlan <Not Configured>: Disabled Authentication Failure Vlan <Not Configured>: Disabled Authentication Service-Unavailable Vlan <Not Configured>: Disabled MAC IP address Authenticated Type ReAuth-Timer User 3c:97:0e:ad:b6:6b 0.0.0.0 No MAC 0 ----------------------------------------------- (B) - Client entry Blackholed in FDB Number of Clients Authenticated : 0 Slot-1 Stack.5 # show radius Switch Management Radius: disabled Switch Management Radius server connect time out: 3 seconds Switch Management Radius Accounting: disabled Switch Management Radius Accounting server connect time out: 3 seconds Netlogin Radius: enabled Netlogin Radius server connect time out: 3 seconds Netlogin Radius Accounting: disabled Netlogin Radius Accounting server connect time out: 3 seconds Primary Netlogin Radius server: Server name : IP address : 172.22.0.3 Server IP Port: 1812 Client address: 172.22.38.2 (VR-Default) Shared secret : 2\q;sJ;@F=8Bjn Access Requests : 13752 Access Accepts : 0 Access Rejects : 0 Access Challenges : 0 Access Retransmits: 9168 Client timeouts : 4584 Bad authenticators: 0 Unknown types : 0 Round Trip Time : 0 ________________________________ Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error.
------------------------------------------------------------------------------
_______________________________________________ PacketFence-announce mailing list PacketFence-announce@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-announce