Hi Chris, >> Anyway, the point is: ignore anything related to dot11Deauthentication. > > Do I take this literally ? Should I then disable SNMP on the access > point ? Is there really no disconnection event ? Then, it seems, the > locationlog table will fill with entries showing that everyone is > still connected ... (???)
Yes, you are correct, the locationlog entries won't close if a client disappears but having opened entries is better than the problems we had with dot11Deauth. http://www.packetfence.org/bugs/view.php?id=880 http://www.packetfence.org/bugs/view.php?id=1041 At some point we want to try to use RADIUS Accounting information for locationlog bookkeeping. Or some entry expiration mechanism. > Olivier, even if the vlan on the AP *were* successfully switched, what > exactly is the mechanism that would provoke a DHCP request from the > connecting machine ? > How else would the connecting laptop get its new > address from the new vlan at the end of the registration process ? I > guess that I'm asking for a bit of overview ... Usually the OS detects that it reauthenticated and sends a DHCP Request (the step 3 of the normal DHCP handshake. step 1 being DHCP Discover) with it's previous IP. This is like asking 'can I still use this IP?' Since the network changed, the DHCP Server will issue a DHCP NAK (or a couple of DHCP Request will go without a reply) and then the OS will do a DHCP Discover and get a new IP. This varies greatly by OS and OS version. This bug will give you an idea of what we went through troubleshooting a problem like this on Mac OS X: http://www.packetfence.org/bugs/view.php?id=1132 > My test laptop runs > Debian Linux and I use the WICD wifi manager widget. I know from testing I have done that dhclient doesn't do the right thing. I haven't investigated deeply since we were never told by customers to look at it. If I recall correctly WICD is just a front-end to the low-level terminal commands including dhclient. If you could try network-manager I think you would have more luck with that being a more integrated stack. Best is to grab a pcap of your successful registration and see what happens with your DHCP stack. > What am I missing > at the network level ? I don't know of a means by which the remote > device could provoke a DHCP request from the attaching client. > Now you know as much as I do. ;) > As you requested, I've attached the complete log for the latest > session. The entries somewhat redundant but I don't know what you > might find interesting so I have left the log as is (with all > duplication). Do you run 2.0.0? If you do, I'm concerned that I don't see the pfcmd_vlan entries in your log.. Have a good one! -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Gaining the trust of online customers is vital for the success of any company that requires sensitive data to be transmitted over the Web. Learn how to best implement a security strategy that keeps consumers' information secure and instills the confidence they need to proceed with transactions. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
