The switchport needs to be in trunk mode, and put your management vlan as the native vlan: switchport trunk native vlan 703
Then use eth0 to set the management ip address. On 12-01-13 9:11 AM, Bill Arlofski wrote: > On 01/13/12 08:21, Morris, Andi wrote: >> Thanks Francois, those were ideas I hadn't even considered. >> >> Running a show vlan on the switch and I can see that vlan 704 is indeed >> created, and the dot1x port is in it. >> >> However, I have since plugged the laptop into a port that is statically >> configured to be in vlan 704 and I'm still not getting an IP address from >> packetfence, suggesting, as you say, that the vlans are not being trunked >> across to the pf server correctly. >> >> I've checked further and there's something funky going on somewhere, but I'm >> struggling to work out whether it's a problem with the network, or the >> packetfence network config. >> >> The three vlans that packetfence has legs in are: >> Management - 10.1.3.0/24 (vlan ID 703) - pf address 10.1.3.10 gateway >> 10.1.3.2 (address of the network router) - interface eth0 >> Registration - 10.1.4.0/24 (vlan ID 704) - pf address 10.1.4.10 gateway >> 10.1.4.10 (pf address for that vlan) - interface eth0.704 >> Isolation - 10.1.5.0/24 (vlan ID 705) - pf address 10.1.5.10 gateway >> 10.1.5.10 (pf address for that vlan) - interface eth0.705 >> >> These are all connected via a single interface, with the virtual interfaces >> as written above. >> >> The interface is plugged into the cisco core directly. >> >> Now...if I configure the port on the core to be a network trunk using >> 'switchport mode trunk' I can ping both the isolation and registration >> network cards from the core, but not the management network card. If I >> configure the port to be an access port using 'switchport mode access' and >> 'switchport access vlan 703' I can ping the management vlan, but not the >> other two! >> >> I've taken this to our network team, and they're baffled, and can't see >> anything wrong with the setup on the core, suggesting that it's an issue >> with the packetfence network setup, but I'm struggling. >> >> Any ideas? > Hi Andi... From what you just described, I would double-check your network > settings on the pf box. > > It is acting like you have assigned 10.1.3.10/24 to "eth0", instead of a VLAN > interface such as "eth0.703" - or "vlan703" - depending on how you have > configured your VLAN interfaces to be named. > > You have two options here: > > Option 1. Leave switch port in trunk mode, and make sure that you have > assigned eth0 NO IP address but make sure the interface is up. And make sure > that vlan703 is assigned 10.1.3.10/24 > > Option 2. Set the switch port to "general" mode, with VLAN 703 untagged and a > PVID of 703, and with VLANS 704 and 705 tagged. > > > Either method should clear this up for you. > > Hope this helps. > > -- > Bill Arlofski > Reverse Polarity, LLC > > ------------------------------------------------------------------------------ > RSA(R) Conference 2012 > Mar 27 - Feb 2 > Save $400 by Jan. 27 > Register now! > http://p.sf.net/sfu/rsa-sfdev2dev2 > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
