721 is the production vlan (it will be many more, but that's the only one for now). When I look in the node information in the admin web GUI the unreg field is blank.
Switches.conf is as below: radiusSecret=testing123 type= controllerIp=10.1.3.10 SNMPUserNameTrap= SNMPAuthProtocolTrap= SNMPAuthPasswordTrap= SNMPPrivProtocolTrap= SNMPPrivPasswordTrap= SNMPEngineID= SNMPUserNameRead= SNMPAuthProtocolRead= SNMPAuthPasswordRead= SNMPPrivProtocolRead= SNMPPrivPasswordRead= SNMPUserNameWrite= SNMPAuthProtocolWrite= SNMPAuthPasswordWrite= SNMPPrivProtocolWrite= SNMPPrivPasswordWrite= [127.0.0.1] type=PacketFence vlans=703,704,705 normalVlan=703 registrationVlan=704 isolationVlan=705 macDetectionVlan= controllerIp=10.1.3.10 [10.1.1.21] type=Cisco::Catalyst_3550 vlans=4,704,705,721 normalVlan=721 #SNMPVersion = 3 #SNMPEngineID = 0000000000000 #SNMPUserNameRead = readUser #SNMPAuthProtocolRead = MD5 #SNMPAuthPasswordRead = authpwdread #SNMPPrivProtocolRead = DES #SNMPPrivPasswordRead = privpwdread #SNMPUserNameWrite = writeUser #SNMPAuthProtocolWrite = MD5 #SNMPAuthPasswordWrite = authpwdwrite #SNMPPrivProtocolWrite = DES #SNMPPrivPasswordWrite = privpwdwrite #SNMPVersionTrap = 3 #SNMPUserNameTrap = readUser #SNMPAuthProtocolTrap = MD5 #SNMPAuthPasswordTrap = authpwdread #SNMPPrivProtocolTrap = DES #SNMPPrivPasswordTrap = privpwdread I've just spotted that in the 127.0.0.1 line the production vlan isn't declared. Could this be related? Regarding the routed networks, I'm still not totally clear on how I should set the dhcp listeners. 10.1.3.10 is PF management interface 10.1.4.10 is PF registration interface 10.1.5.10 is PF isolation interface PF is the DHCP server for the isolation and registration vlan. The interfaces are declared as below in pf.conf: [interface eth1] type=monitor [interface eth0.703] ip=10.1.3.10 mask=255.255.255.0 gateway=10.1.3.2 type=management [interface eth0.704] ip=10.1.4.10 mask=255.255.255.0 gateway=10.1.4.10 type=internal enforcement=vlan [interface eth0.705] ip=10.1.5.10 mask=255.255.255.0 gateway=10.1.5.10 type=internal enforcement=vlan networks.conf is as below: [10.1.4.0] type=vlan-registration netmask=255.255.255.0 gateway=10.1.4.10 next_hop= named=enabled dns=10.1.4.10 domain-name=registration.internal.uwic.ac.uk dhcpd=enabled dhcp_start=10.1.4.20 dhcp_end=10.1.4.200 dhcp_default_lease_time=20 dhcp_max_lease_time=20 [10.1.5.0] type=vlan-isolation netmask=255.255.255.0 gateway=10.1.5.10 next_hop= named=enabled dns=10.1.5.10 domain-name=isolation.internal.uwic.ac.uk dhcpd=enabled dhcp_start=10.1.5.20 dhcp_end=10.1.5.200 dhcp_default_lease_time=20 dhcp_max_lease_time=20 -----Original Message----- From: Francois Gaudreault [mailto:[email protected]] Sent: 07 February 2012 16:36 To: [email protected] Subject: Re: [Packetfence-users] Violations retriggering & vlans still not quite behaving correctly Hello Andi, I checked the previous post and saw this : Jan 30 13:56:01 pf::WebAPI(7544) INFO: MAC: 00:24:54:42:86:04, PID: sm18818, Status: reg. Returned VLAN: 721 (pf::vlan::fetchVlanForNode) Jan 30 13:56:01 pf::WebAPI(7544) INFO: Returning ACCEPT with VLAN: 721 (pf::radius::authorize) Is your VLAN 721 your production VLAN? If it's the case, the only reason why a user would be given the unreg VLAN is that the node is unregistered OR there is a misconfiguration in switches.conf. Also, when you register, what unregdate is set for the node? For the DHCP, yes, PF needs to have a copy of the production DHCP using ip helpers (if using routed nets). On 12-02-07 8:06 AM, Morris, Andi wrote: > As far as the problem of the computer being put back into the > registration vlan after a reboot I believe that the log snippet below > is the cause of this: -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ________________________________ >From 1st November 2011 UWIC changed its title to Cardiff Metropolitan >University. From the 6th December, as part of this change, all email addresses >which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent >from Cardiff Metropolitan University will now be sent from the new >@cardiffmet.ac.uk address. Please could you ensure that all of your contact >records and databases are updated to reflect this change. Further information >can be found on the website >here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
