My wireless clients aren't catching the deauth/dis-associate from the access point. Specifically they are not going through the DHCP process after a change in VLAN. For example a client connections to the registration VLAN and registers in the captive portal. At that point pf attempts to move the client from the reg VLAN to the guest VLAN. I can see in the pf logs the dis-associate ( Radius COA ) being sent to the access point. And I can also see the access point log the dis-associate and then the subsequent associate by the client. But it all happens so fast the Windows client doesn't see it, sort of. If I repeat this on the private SSID I can see the client do the 802.1X auth after registration and re-association. If I watch the wireless networks in the task bar, I don't see any change in the connectivity state. It's a windows 7 client on a Moto 7131 w/ PF 3.3.2. Packetfence and the AP are doing what they are supposed to. Is this a windows 7 problem? Is there a way to throttle associations on the AP?
Here is the entire transaction: PF LOG: Jun 05 18:17:56 register.cgi(0) INFO: 192.168.20.22 - 00:23:4e:53:cd:cf on registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler) Jun 05 18:17:56 register.cgi(0) INFO: performing node registration MAC: 00:23:4e:53:cd:cf pid: barry.quiel (pf::web::_sanitize_and_register) Jun 05 18:17:56 register.cgi(0) INFO: re-evaluating access for node 00:23:4e:53:cd:cf (manage_register called) (pf::enforcement::reevaluate_access) Jun 05 18:17:56 register.cgi(0) INFO: 00:23:4e:53:cd:cf is currentlog connected at 192.168.3.36 ifIndex 1 in VLAN 2020 (pf::enforcement::_should_we_reassign_vlan) Jun 05 18:17:56 register.cgi(0) INFO: MAC: 00:23:4e:53:cd:cf, PID: barry.quiel, Status: reg. Returned VLAN: 2171 (pf::vlan::fetchVlanForNode) Jun 05 18:17:56 register.cgi(0) INFO: VLAN reassignment required for 00:23:4e:53:cd:cf (current VLAN = 2020 but should be in VLAN 2171) (pf::enforcement::_should_we_reassign_vlan) Jun 05 18:17:56 register.cgi(0) INFO: switch port for 00:23:4e:53:cd:cf is 192.168.3.36 ifIndex 1 connection type: WiFi MAC Auth (pf::enforcement::_vlan_reevaluation) Jun 05 18:17:56 register.cgi(0) INFO: 192.168.20.22 - 00:23:4e:53:cd:cf on registration page (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler) Jun 05 18:17:58 pfsetvlan(22) INFO: local (127.0.0.1) trap for switch 192.168.3.36 (main::parseTrap) Jun 05 18:17:58 pfsetvlan(3) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Jun 05 18:17:58 pfsetvlan(3) INFO: desAssociate trap received on 192.168.3.36 for wireless client 00:23:4e:53:cd:cf (main::handleTrap) Jun 05 18:17:59 pfsetvlan(3) INFO: finished (main::cleanupAfterThread) Jun 05 18:18:01 pf::WebAPI(895) INFO: handling radius autz request: from switch_ip => 192.168.3.36, connection_type => Wireless-802.11-NoEAP mac => 00:23:4e:53:cd:cf, port => 1, username => 00-23-4E-53-CD-CF (pf::radius::authorize) Jun 05 18:18:02 pf::WebAPI(895) INFO: MAC: 00:23:4e:53:cd:cf, PID: barry.quiel, Status: reg. Returned VLAN: 2171 (pf::vlan::fetchVlanForNode) AP LOG: Jun 5 18:17:59 2012 Jun 5 18:17:59 00-24-38-F3-99-40 %AAA-5-RADIUS_DISCON_MSG: Received Radius dynamic authorization Disconnect Message for '00-23-4E-53-CD-CF' from server '192.168.11.50' Jun 5 18:17:59 2012 Jun 5 18:17:59 00-24-38-F3-99-40 %DOT11-6-CLIENT_DISASSOCIATED: Client '00-23-4E-53-CD-CF' disassociated from wlan 'public' radio 'BR7171-900-01:R1': radius dynamic authorization disconnect (reason code:1) Jun 5 18:18:01 2012 Jun 5 18:18:01 00-24-38-F3-99-40 %DOT11-6-CLIENT_ASSOCIATED: Client '00-23-4E-53-CD-CF' associated to wlan 'public' ssid 'sungardps' on radio 'BR7171-900-01:R1' Jun 5 18:18:02 2012 Jun 5 18:18:02 00-24-38-F3-99-40 %AAA-6-RADIUS_VLAN_UPDATE: Assigning Radius server specified vlan 2171 to client '00-23-4E-53-CD-CF' on wlan 'public' ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
