I got it "working" by changing my switch config to this instead of what is detailed in the network device config guide. It actually istn working because I get the message:
pf::WebAPI(3433) ERROR: Wired MAC Authentication (Wired Access Authorization through RADIUS) is not supported on switch type pf::SNMP::Cisco::Catalyst_3750. Please let us know what hardware you are using. (pf::SNMP::supportsWiredMacAuth) I thought that I could use this config with Cisco 3750's? Am I only able to use port security? ---Cisco 3750 radius config- aaa authentication login default local aaa authentication dot1x default group radius aaa authorization network default group radius radius-server host 10.10.80.203 auth-port 1812 acct-port 1813 key ###### ---Cisco 3750 port config (802.1x with MAC Authentication bypass (MultiDomain) )- interface FastEthernet1/0/38 switchport access vlan 100 switchport mode access switchport voice vlan 15 authentication host-mode multi-domain authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer restart 10800 authentication timer reauthenticate 10800 mab no snmp trap link-status dot1x pae authenticator dot1x timeout quiet-period 2 dot1x timeout tx-period 3 end Thanks, Ben _______________________ There is no place like 127.0.0.1 http://lmgtfy.com/?q=Anderson+School+District+Five -----Original Message----- From: Marc-André Jutras [mailto:[email protected]] Sent: Tuesday, May 03, 2011 2:01 PM To: [email protected] Subject: Re: [Packetfence-users] Radius Problems Ben, your radiusd.conf file seems to be ok... - Any access-list on your switch who can block these requests ? - try to re-enter your radius password in your switch... make sure this one is matching your radiusd.conf... - what's the ip address of your switch ? IOS version ? send me your swich config, I'll validate it... M-A Le 11-05-03 13:38, Willis, Ben a écrit : > Marc, > > I disabled iptables and I still don't get a connection from my switch. I have > my switches configured in clients.conf and since radius works locally I dont > know what else to confirm. > > > > client localhost { > ipaddr = 127.0.0.1 > secret = testing123 > require_message_authenticator = no > nastype = other # localhost isn't usually a NAS... > } > > client Cisco3750x { > secret = cisco > ipaddr = 10.85.10.1 > } > > client RAMS.MC.SW01 { > secret = cisco > ipaddr = 172.20.85.1 > } > > client 172.20.95.1 { > secret = cisco > ipaddr = 172.20.95.1 > nastype = cisco > } > > client 10.95.0.0/16 { > secret = cisco > shortname = GVMS > } > > > > Thanks, > Ben > _______________________ > There is no place like 127.0.0.1 > > http://lmgtfy.com/?q=Anderson+School+District+Five > > > -----Original Message----- > From: Marc-André Jutras [mailto:[email protected]] > Sent: Tuesday, May 03, 2011 1:11 PM > To: [email protected] > Subject: Re: [Packetfence-users] Radius Problems > > Hi again ! :) > > 1- to test your radius setup, de-activate your iptables ( iptables -F ) and > try to authenticate... if this is not working, validate your radius config... > > 2- if your radius server is working, reload iptables and try to activate some > log foryour traffic... ( example : > http://www.techbytes.ca/techbyte136.html ) > > 3- radiusd[3363]: segfault at 0000000000000000 rip 00002b4adba035db > rsp > 00007ffffa992bb0 error 4 > no issue there : this is what's happening every time you restart PF... > ( PF will kill -9 radiusd at every restart ... ) > > M-A > Le 11-05-03 12:49, Willis, Ben a écrit : >> Me again... >> >> I have PF working now with port security but my switches refuse to >> work (Cisco 3750 (V2 and X's) with any 802.1x mac auth configurations. >> The switch states: >> >> %AUTHMGR-7-RESULT: Authentication result 'server dead' from 'mab' for >> client (Unknown MAC) on Interface Fa1/0/46 >> >> %AUTHMGR-5-FAIL: Authorization failed for client (Unknown MAC) on >> Interface Fa1/0/46 >> >> %AUTHMGR-5-START: Starting 'mab' for client (0025.6444.6aaa) on >> Interface Fa1/0/46 >> >> It seems like radius is not answering but radius does work for the >> registration portal. I have verified iptables: >> >> -A RH-Firewall-1-INPUT -p udp -m udp --dport 1812 -d 10.10.80.203 -i >> eth0.10 -j ACCEPT >> >> -A RH-Firewall-1-INPUT -p udp -m udp --dport 1813 -d 10.10.80.203 -i >> eth0.10 -j ACCEPT >> >> This is the radius server config on my switches (straight out of the >> guides): >> >> aaa new-model >> >> aaa group server radius packtfence >> >> server 10.10.80.203 auth-port 1812 acct-port 1813 >> >> aaa authentication login default local >> >> aaa authentication dot1x default group packetfence >> >> aaa authorization network default group packetfence >> >> radius-server host 10.10.80.203 auth-port 1812 acct-port 1813 timeout >> 2 key ###### >> >> radius-server vsa send authentication >> >> I did notice this error while monitoring /var/log/messages: >> >> A5DO-NAC kernel: radiusd[3363]: segfault at 0000000000000000 rip >> 00002b4adba035db rsp 00007ffffa992bb0 error 4 >> >> Hoping that someone can point me in the right direction...... >> >> Thanks for the help so far, >> >> Ben in SC >> >> *//* >> >> >> --------------------------------------------------------------------- >> - >> -- ANDERSON SCHOOL DISTRICT FIVE NOTICE: This email may contain >> business related information that is PERSONAL AND CONFIDENTIAL. If >> you have received this email in error, this does not constitute >> permission to examine, copy or distribute the accompanying material. >> If you receive this message in error, please notify the sender >> immediately or call 864-260-5000. >> >> >> --------------------------------------------------------------------- >> - >> -------- WhatsUp Gold - Download Free Network Management Software The >> most intuitive, comprehensive, and cost-effective network management >> toolset available today. Delivers lowest initial acquisition cost >> and overall TCO of any competing solution. >> http://p.sf.net/sfu/whatsupgold-sd >> >> >> _______________________________________________ >> Packetfence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- > Marc-Andre Jutras, Project manager - Inverse inc. > [email protected] :: +1.514.447.4918 (x110) :: http://www.inverse.ca > Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > > ---------------------------------------------------------------------- > -------- WhatsUp Gold - Download Free Network Management Software The > most intuitive, comprehensive, and cost-effective network management > toolset available today. Delivers lowest initial acquisition cost and > overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ANDERSON SCHOOL DISTRICT FIVE NOTICE: This email may contain business > related information that is PERSONAL AND CONFIDENTIAL. If you have > received this email in error, this does not constitute permission to examine, > copy or distribute the accompanying material. > If you receive this message in error, please notify the sender immediately or > call 864-260-5000. > > ---------------------------------------------------------------------- > -------- WhatsUp Gold - Download Free Network Management Software The > most intuitive, comprehensive, and cost-effective network management > toolset available today. Delivers lowest initial acquisition cost and > overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Marc-Andre Jutras, Project manager - Inverse inc. [email protected] :: +1.514.447.4918 (x110) :: http://www.inverse.ca Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ANDERSON SCHOOL DISTRICT FIVE NOTICE: This email may contain business related information that is PERSONAL AND CONFIDENTIAL. If you have received this email in error, this does not constitute permission to examine, copy or distribute the accompanying material. If you receive this message in error, please notify the sender immediately or call 864-260-5000. ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
