Hello Ludovic, thanks for your reply. So I tried to configure MAC-auth via RADUIS. It basically works but with a flaw: I have to manually reset the switch port for the changes i.e. registration/deregistration to work.
What I did on the switch: radius-server host [PF-IP] key [password] aaa authentication port-access chap-radius aaa port-access mac-based 1-24 aaa port-access 1-24 when connecting a new unauthed client it’s blocked. I also tried a registration VLAN which also worked. Then I registered the client in PF but the switch Port is still blocked or stays in registration VLAN. When manually resetting the port on the switch or reconnecting the client, the port is configured correctly and unblocked. When using the “Restart Switchport” function in PF it results in an snmp Error on the switch. Looks like PF tries to do this via snmp which I didn’t configure. Is there any way this works automatically? Thanks Johannes Johannes Mudrich Mitarbeiter IT Altmark-Klinikum gGmbH Ernst-von-Bergmann-Straße 22 39638 Gardelegen Tel.: 03907 791229 Fax.: 03907 791248 Mail: j.mudr...@altmark-klinikum.de Von: Zammit, Ludovic [mailto:luza...@akamai.com] Gesendet: Montag, 27. Februar 2023 13:43 An: PacketFence-users <packetfence-users@lists.sourceforge.net> Cc: Mudrich, J. <j.mudr...@altmark-klinikum.de> Betreff: Re: [PacketFence-users] Basic Config for Procurve Switch Hello Johannes, You should use RADIUS and not Port-Security if the switch is capable of it. You configure RADIUS on the switch at the general level and then the interface(s) that you want to control with PF. The role assignation would work once you get the RADIUS request sent to PF. Thanks, Ludovic Zammit Product Support Engineer Principal Lead [https://www.akamai.com/us/en/multimedia/images/custom/2019/logo-no-tag-93x45.png] Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: [https://www.akamai.com/us/en/multimedia/images/custom/community.jpg]<https://community.akamai.com>[https://www.akamai.com/us/en/multimedia/images/custom/rss.png]<http://blogs.akamai.com>[https://www.akamai.com/us/en/multimedia/images/custom/twitter.png]<https://twitter.com/akamai>[https://www.akamai.com/us/en/multimedia/images/custom/fb.png]<http://www.facebook.com/AkamaiTechnologies>[https://www.akamai.com/us/en/multimedia/images/custom/in.png]<http://www.linkedin.com/company/akamai-technologies>[https://www.akamai.com/us/en/multimedia/images/custom/youtube.png]<http://www.youtube.com/user/akamaitechnologies?feature=results_main> On Feb 22, 2023, at 8:00 AM, Mudrich, J. via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> wrote: Hi, I am pretty new to the NAC stuff and I am currently evaluating PackentFence. What I try to achieve: Block the Ports on my switch (procurve 2510) when an unknown MAC is detected. If the MAC is registered/known, unblock the Port. What I have done so far: PacketFence server is running with basic configuration. That means I basically didn’t touch anything except I added a Switch (ProCurve 2500 Series) and configured my SSH credentials. On my switch I disabled Link Up/Down Traps and enabled port security according to the Network Device Configuration Guide. When connecting a test client I can see the alert SNPM-traps coming in on the server and a new Node is created. I tried registering the node, assigned a role (default), but the port on the switch is still blocked. Did I miss something? How does Packetfence communicate with the switch? Is there any way I can test the communication? Thanks Johannes Johannes Mudrich Mitarbeiter IT Altmark-Klinikum gGmbH Ernst-von-Bergmann-Straße 22 39638 Gardelegen Tel.: 03907 791229 Fax.: 03907 791248 Mail: j.mudr...@altmark-klinikum.de<mailto:j.mudr...@altmark-klinikum.de> <sah.png><https://urldefense.com/v3/__https:/www.salusaltmarkholding.de/__;!!GjvTz_vk!R-mXGoeRljOgVpOKSgH4FCF7vLAkGCbOaRRtaCI4F86Yuec_wYX0kXHTOolpX8PncevbwaK23Mcc0mfJmitAzRTEYARAVh7_CDGxAg$> Salus Altmark Holding gGmbH Tel.: +49 39325700<tel:+4939325700> Sitz der Gesellschaft: Seepark 5 | 39116 Magdeburg www.salusaltmarkholding.de<https://urldefense.com/v3/__https:/www.salusaltmarkholding.de__;!!GjvTz_vk!R-mXGoeRljOgVpOKSgH4FCF7vLAkGCbOaRRtaCI4F86Yuec_wYX0kXHTOolpX8PncevbwaK23Mcc0mfJmitAzRTEYARAVh5DhVk05A$> <instagram.png><https://urldefense.com/v3/__https:/www.instagram.com/salusaltmarkholding/__;!!GjvTz_vk!R-mXGoeRljOgVpOKSgH4FCF7vLAkGCbOaRRtaCI4F86Yuec_wYX0kXHTOolpX8PncevbwaK23Mcc0mfJmitAzRTEYARAVh6gxYtKQA$> <facebook.png><https://urldefense.com/v3/__https:/www.facebook.com/SalusAltmarkHolding__;!!GjvTz_vk!R-mXGoeRljOgVpOKSgH4FCF7vLAkGCbOaRRtaCI4F86Yuec_wYX0kXHTOolpX8PncevbwaK23Mcc0mfJmitAzRTEYARAVh4etuzU6w$> <linkedin.png><https://urldefense.com/v3/__https:/de.linkedin.com/company/salus-ggmbh__;!!GjvTz_vk!R-mXGoeRljOgVpOKSgH4FCF7vLAkGCbOaRRtaCI4F86Yuec_wYX0kXHTOolpX8PncevbwaK23Mcc0mfJmitAzRTEYARAVh7Pfm70Fg$> <xing.png><https://urldefense.com/v3/__https:/www.xing.com/pages/salusaltmarkholdingggmbh__;!!GjvTz_vk!R-mXGoeRljOgVpOKSgH4FCF7vLAkGCbOaRRtaCI4F86Yuec_wYX0kXHTOolpX8PncevbwaK23Mcc0mfJmitAzRTEYARAVh5LvLymQQ$> <youtube.png><https://urldefense.com/v3/__https:/www.youtube.com/user/SALUSgGmbH__;!!GjvTz_vk!R-mXGoeRljOgVpOKSgH4FCF7vLAkGCbOaRRtaCI4F86Yuec_wYX0kXHTOolpX8PncevbwaK23Mcc0mfJmitAzRTEYARAVh7FkJa9Rg$> Registergericht: AG Stendal: HRB 112594 Geschäftsführer: Jürgen Richter Aufsichtsratsvorsitz: Wolfgang Beck Gemäß Art. 13 DSGVO informieren wir darüber, dass Ihre Daten elektronisch gespeichert werden. Nähere Informationen: www.salusaltmarkholding.de/datenschutz<https://urldefense.com/v3/__https:/www.salusaltmarkholding.de/datenschutz__;!!GjvTz_vk!R-mXGoeRljOgVpOKSgH4FCF7vLAkGCbOaRRtaCI4F86Yuec_wYX0kXHTOolpX8PncevbwaK23Mcc0mfJmitAzRTEYARAVh5Iuc1Tbw$> Ab Januar 2022 nehmen wir keine Mails mit doc-, xls- und ppt-Anhängen mehr an. Bitte verwenden Sie die aktuellen Office-Formate docx, xlsx, pptx oder pdf. _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!R-mXGoeRljOgVpOKSgH4FCF7vLAkGCbOaRRtaCI4F86Yuec_wYX0kXHTOolpX8PncevbwaK23Mcc0mfJmitAzRTEYARAVh7Nh5jKRQ$<https://urldefense.com/v3/__https:/lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!R-mXGoeRljOgVpOKSgH4FCF7vLAkGCbOaRRtaCI4F86Yuec_wYX0kXHTOolpX8PncevbwaK23Mcc0mfJmitAzRTEYARAVh7Nh5jKRQ$>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
