Thanks Francois, those were ideas I hadn't even considered. Running a show vlan on the switch and I can see that vlan 704 is indeed created, and the dot1x port is in it.
However, I have since plugged the laptop into a port that is statically configured to be in vlan 704 and I'm still not getting an IP address from packetfence, suggesting, as you say, that the vlans are not being trunked across to the pf server correctly. I've checked further and there's something funky going on somewhere, but I'm struggling to work out whether it's a problem with the network, or the packetfence network config. The three vlans that packetfence has legs in are: Management - 10.1.3.0/24 (vlan ID 703) - pf address 10.1.3.10 gateway 10.1.3.2 (address of the network router) - interface eth0 Registration - 10.1.4.0/24 (vlan ID 704) - pf address 10.1.4.10 gateway 10.1.4.10 (pf address for that vlan) - interface eth0.704 Isolation - 10.1.5.0/24 (vlan ID 705) - pf address 10.1.5.10 gateway 10.1.5.10 (pf address for that vlan) - interface eth0.705 These are all connected via a single interface, with the virtual interfaces as written above. The interface is plugged into the cisco core directly. Now...if I configure the port on the core to be a network trunk using 'switchport mode trunk' I can ping both the isolation and registration network cards from the core, but not the management network card. If I configure the port to be an access port using 'switchport mode access' and 'switchport access vlan 703' I can ping the management vlan, but not the other two! I've taken this to our network team, and they're baffled, and can't see anything wrong with the setup on the core, suggesting that it's an issue with the packetfence network setup, but I'm struggling. Any ideas? -----Original Message----- From: Francois Gaudreault [mailto:[email protected]] Sent: 12 January 2012 18:07 To: [email protected] Subject: Re: [Packetfence-users] dot1x authenticating, but no ip address Hi Andi, On 12-01-12 11:36 AM, Morris, Andi wrote: > I'm setting up dot1x on a switch and am seeing successful > authentication messages on both the switch side, and the radius > output. Radius appears to be sending the request to change the port to > the registration vlan, but the test laptop only receives a 169.254 > address On the switch, when you do a sh vlan, do you see the port in VLAN 704? Is the VLAN 704 created on the switch? Are you sure the VLAN 704 is properly trunked between the switch and the PF server? What happens when you put a port in access vlan 704, does it work? -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ________________________________ >From 1st November 2011 UWIC changed its title to Cardiff Metropolitan >University. From the 6th December, as part of this change, all email addresses >which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent >from Cardiff Metropolitan University will now be sent from the new >@cardiffmet.ac.uk address. Please could you ensure that all of your contact >records and databases are updated to reflect this change. Further information >can be found on the website >here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> ------------------------------------------------------------------------------ RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
