Hi all,
I must solicit your help (again),
I'm having some trouble with my the production vlan.
*My configuration:*
**
[interface eth0] => Management
mask=255.255.255.0
type=management
gateway=192.168.1.1
ip=192.168.1.5
[interface eth0.2] => Registration
mask=255.255.255.0
type=internal
enforcement=vlan
gateway=192.168.2.1
ip=192.168.2.1
[interface eth0.6] => Inline
mask=255.255.255.0
type=internal
enforcement=inline
ip=192.168.6.1
gateway=192.168.6.1
[interface eth0.20] => Production
mask=255.255.255.0
type=internal
enforcement=vlan
gateway=192.168.20.1
ip=192.168.20.1
[interface eth0.666] => Isolation
mask=255.255.255.0
type=internal
enforcement=vlan
gateway=192.168.202.1
ip=192.168.202.1
I use a cisco 2960s (192.168.1.10) that i configure like in the Network
Devices Configuration Guide for make 802.1x with MAC Authentication bypass.
When i connect the client, radius server return Accept - Accept but PF
doesn't give an ip.
*In the switch:*
*Mar 1 01:13:36.203: %AUTHMGR-5-START: Starting 'dot1x' for client
(d067.e519.1ba2) on Interface Gi1/0/9 AuditSessionID
C0A8010A0000000A004360D9
*Mar 1 01:13:37.697: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/9,
changed state to up
*Mar 1 01:13:41.855: %DOT1X-5-SUCCESS: Authentication successful for
client (d067.e519.1ba2) on Interface Gi1/0/9 AuditSessionID
*Mar 1 01:13:41.855: %AUTHMGR-7-RESULT: Authentication result 'success'
from 'dot1x' for client (d067.e519.1ba2) on Interface Gi1/0/9
AuditSessionID C0A8010A0000000A004360D9
*Mar 1 01:13:42.877: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet1/0/9, changed state to up
*Mar 1 01:13:42.898: %AUTHMGR-5-SUCCESS: Authorization succeeded for
client (d067.e519.1ba2) on Interface Gi1/0/9 AuditSessionID
C0A8010A0000000A004360D9
*Radius Debug mode:*
Sending Access-Accept of id 46 to 192.168.1.10 port 1645
User-Name = "test"
MS-MPPE-Recv-Key =
0x88d28e5293e5fe2c528fc968c90db451717a68a5cd25783fa283b657c20d9c9a
MS-MPPE-Send-Key =
0x721722072e0285e09e6d210d0f3d5f41a3c813bf38c066821946ff0b859b27f5
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
So i configure another port of the switch with MAC Authentication bypass
only, PF give it an IP in the production VLAN (20) and i can ping the
interface eth0.20.
*Switch info:*
*Mar 1 01:25:32.632: %AUTHMGR-5-START: Starting 'mab' for client
(d067.e519.1ba2) on Interface Gi1/0/5 AuditSessionID
C0A8010A0000000B004E4F61
*Mar 1 01:25:34.121: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/5,
changed state to up
*Mar 1 01:25:34.451: %MAB-5-SUCCESS: Authentication successful for client
(d067.e519.1ba2) on Interface Gi1/0/5 AuditSessionID
C0A8010A0000000B004E4F61
*Mar 1 01:25:34.451: %AUTHMGR-7-RESULT: Authentication result 'success'
from 'mab' for client (d067.e519.1ba2) on Interface Gi1/0/5 AuditSessionID
C0A8010A0000000B004E4F61
*Mar 1 01:25:34.451: %AUTHMGR-5-VLANASSIGN: VLAN 20 assigned to Interface
Gi1/0/5 AuditSessionID C0A8010A0000000B004E4F61
*Mar 1 01:25:35.463: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet1/0/5, changed state to up
*Mar 1 01:25:35.490: %AUTHMGR-5-SUCCESS: Authorization succeeded for
client (d067.e519.1ba2) on Interface Gi1/0/5 AuditSessionID
C0A8010A0000000B004E4F61
*Radius Debug mode:*
Sending Access-Accept of id 56 to 192.168.1.10 port 1645
Tunnel-Private-Group-Id:0 = "20"
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Is that a problem from freeradius side or from Packetfence side?
Thanks in advance for any response.
Cheers,
--
Pioc Maxime
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
