On 01/13/12 08:21, Morris, Andi wrote: > Thanks Francois, those were ideas I hadn't even considered. > > Running a show vlan on the switch and I can see that vlan 704 is indeed > created, and the dot1x port is in it. > > However, I have since plugged the laptop into a port that is statically > configured to be in vlan 704 and I'm still not getting an IP address from > packetfence, suggesting, as you say, that the vlans are not being trunked > across to the pf server correctly. > > I've checked further and there's something funky going on somewhere, but I'm > struggling to work out whether it's a problem with the network, or the > packetfence network config. > > The three vlans that packetfence has legs in are: > Management - 10.1.3.0/24 (vlan ID 703) - pf address 10.1.3.10 gateway > 10.1.3.2 (address of the network router) - interface eth0 > Registration - 10.1.4.0/24 (vlan ID 704) - pf address 10.1.4.10 gateway > 10.1.4.10 (pf address for that vlan) - interface eth0.704 > Isolation - 10.1.5.0/24 (vlan ID 705) - pf address 10.1.5.10 gateway > 10.1.5.10 (pf address for that vlan) - interface eth0.705 > > These are all connected via a single interface, with the virtual interfaces > as written above. > > The interface is plugged into the cisco core directly. > > Now...if I configure the port on the core to be a network trunk using > 'switchport mode trunk' I can ping both the isolation and registration > network cards from the core, but not the management network card. If I > configure the port to be an access port using 'switchport mode access' and > 'switchport access vlan 703' I can ping the management vlan, but not the > other two! > > I've taken this to our network team, and they're baffled, and can't see > anything wrong with the setup on the core, suggesting that it's an issue with > the packetfence network setup, but I'm struggling. > > Any ideas?
Hi Andi... From what you just described, I would double-check your network settings on the pf box. It is acting like you have assigned 10.1.3.10/24 to "eth0", instead of a VLAN interface such as "eth0.703" - or "vlan703" - depending on how you have configured your VLAN interfaces to be named. You have two options here: Option 1. Leave switch port in trunk mode, and make sure that you have assigned eth0 NO IP address but make sure the interface is up. And make sure that vlan703 is assigned 10.1.3.10/24 Option 2. Set the switch port to "general" mode, with VLAN 703 untagged and a PVID of 703, and with VLANS 704 and 705 tagged. Either method should clear this up for you. Hope this helps. -- Bill Arlofski Reverse Polarity, LLC ------------------------------------------------------------------------------ RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
