I would think it should get an IP, that way the user can register through the captive portal. Then once they are registered PF should flip them onto the correct VLan. Even if you are doing auto registration I would think the client still needs an IP. We let the PF server hand out DHCP on both the registration and isolation vlans, we found that PF is a lot happier that way.
The flow as I understand it is thus: 1) endpoint comes online (link up trap) 2) switch sends MAC to PF && client starts to broadcast for DHCP 3) PF check its database for MAC responds with correct vlan 3) switch receives SNMP command to put port on correct vlan 4) endpoint (now on the correct vlan) continues to broadcast and gets DHCP So even if your device is supposed to stay in the registration vlan it should get an IP, if your using a MAC detection VLan and your not getting put on a vlan that gets you DHCP (either from the PF server or your normal DHCP server) then something has gone wrong with your SNMP commands. What does you switch log say? Do you see any SNMP stuff, in my cisco 3560s I would see a log that said an SNMP SET command for such and such port has been received, etc., etc. Also, what version of SNMP are you using, we could never get V3 to work right (could be the older switch mind you) so we stuck with V2c. Jake Sallee Godfather Of Bandwidth Network Engineer Fone: 254-295-4658 Phax: 254-295-4221 -----Original Message----- From: Manueco, Antonio [mailto:[email protected]] Sent: Thursday, February 17, 2011 4:06 PM To: [email protected] Subject: Re: [Packetfence-users] PF Not assigning reg vlan? To clear up. Your device comes on, PF sees it, and puts it into VLAN 103 but it doesn't get an IP address. Correct? Is your networks.conf file set up in this VLAN to give out leases? Take a look at our registration VLAN conf: [10.xxx.xx.xx] netmask=255.255.248.0 gateway=[gateway for this VLAN] domain-name=registration.tel.miami.edu dns=[ipaddress of packetfence in this VLAN] dhcp_start=10.xxx.xx.0 dhcp_end=10.xxx.xx.240 dhcp_default_lease_time=300 dhcp_max_lease_time=600 type=registration named=enabled dhcpd=enabled -----Original Message----- From: Willis, Ben [mailto:[email protected]] Sent: Thursday, February 17, 2011 4:01 PM To: [email protected] Subject: [Packetfence-users] PF Not assigning reg vlan? My saga continues..... I can't get PF to put a port in any vlan other than mac-detection.... I've tried everything, is there a gotcha here that Im not aware of? I have a managed switch, if I plug in a pc pf gets the snmp trpas and moves the interface into vlan 103 in my case. Once the mac is learned it never does anything else so my device doesnt get an ip from the registration vlan. Thanks, Ben ANDERSON SCHOOL DISTRICT FIVE NOTICE: This email may contain business related information that is PERSONAL AND CONFIDENTIAL. If you have received this email in error, this does not constitute permission to examine, copy or distribute the accompanying material. If you receive this message in error, please notify the sender immediately or call 864-260-5000. ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
