I've since got this working using the method Bill mentioned in the previous post. Ie having eth0 as an empty but up interface, and having three virtual interfaces hanging off it. Is this likely to cause any other issues?
So far it seems to be working well and I'm now getting dot1x authenticating and the registration vlan IP address allocated. Cheers, Andi -----Original Message----- From: Francois Gaudreault [mailto:[email protected]] Sent: 13 January 2012 15:04 To: [email protected] Subject: Re: [Packetfence-users] dot1x authenticating, but no ip address The switchport needs to be in trunk mode, and put your management vlan as the native vlan: switchport trunk native vlan 703 Then use eth0 to set the management ip address. On 12-01-13 9:11 AM, Bill Arlofski wrote: > On 01/13/12 08:21, Morris, Andi wrote: >> Thanks Francois, those were ideas I hadn't even considered. >> >> Running a show vlan on the switch and I can see that vlan 704 is indeed >> created, and the dot1x port is in it. >> >> However, I have since plugged the laptop into a port that is statically >> configured to be in vlan 704 and I'm still not getting an IP address from >> packetfence, suggesting, as you say, that the vlans are not being trunked >> across to the pf server correctly. >> >> I've checked further and there's something funky going on somewhere, but I'm >> struggling to work out whether it's a problem with the network, or the >> packetfence network config. >> >> The three vlans that packetfence has legs in are: >> Management - 10.1.3.0/24 (vlan ID 703) - pf address 10.1.3.10 gateway >> 10.1.3.2 (address of the network router) - interface eth0 >> Registration - 10.1.4.0/24 (vlan ID 704) - pf address 10.1.4.10 >> gateway 10.1.4.10 (pf address for that vlan) - interface eth0.704 >> Isolation - 10.1.5.0/24 (vlan ID 705) - pf address 10.1.5.10 gateway >> 10.1.5.10 (pf address for that vlan) - interface eth0.705 >> >> These are all connected via a single interface, with the virtual interfaces >> as written above. >> >> The interface is plugged into the cisco core directly. >> >> Now...if I configure the port on the core to be a network trunk using >> 'switchport mode trunk' I can ping both the isolation and registration >> network cards from the core, but not the management network card. If I >> configure the port to be an access port using 'switchport mode access' and >> 'switchport access vlan 703' I can ping the management vlan, but not the >> other two! >> >> I've taken this to our network team, and they're baffled, and can't see >> anything wrong with the setup on the core, suggesting that it's an issue >> with the packetfence network setup, but I'm struggling. >> >> Any ideas? > Hi Andi... From what you just described, I would double-check your > network settings on the pf box. > > It is acting like you have assigned 10.1.3.10/24 to "eth0", instead of > a VLAN interface such as "eth0.703" - or "vlan703" - depending on how > you have configured your VLAN interfaces to be named. > > You have two options here: > > Option 1. Leave switch port in trunk mode, and make sure that you have > assigned eth0 NO IP address but make sure the interface is up. And > make sure that vlan703 is assigned 10.1.3.10/24 > > Option 2. Set the switch port to "general" mode, with VLAN 703 > untagged and a PVID of 703, and with VLANS 704 and 705 tagged. > > > Either method should clear this up for you. > > Hope this helps. > > -- > Bill Arlofski > Reverse Polarity, LLC > > ---------------------------------------------------------------------- > -------- > RSA(R) Conference 2012 > Mar 27 - Feb 2 > Save $400 by Jan. 27 > Register now! > http://p.sf.net/sfu/rsa-sfdev2dev2 > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ________________________________ >From 1st November 2011 UWIC changed its title to Cardiff Metropolitan >University. From the 6th December, as part of this change, all email addresses >which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent >from Cardiff Metropolitan University will now be sent from the new >@cardiffmet.ac.uk address. Please could you ensure that all of your contact >records and databases are updated to reflect this change. Further information >can be found on the website >here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> ------------------------------------------------------------------------------ RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
