Hi,
I've been experimenting with Packetfence for a week now to see how it works
and so far it looks good.
However I have found some issue with my configuration:
Packetfence 3.3.2 running on Centos 6 on a decicated computer with two
network cards.
Cisco Catalyst 2950 Version 12.1(22)EA14 - some unused switch from our
company that I foun in the basement.
First of all I have followed manuals concerning the installation and
configuration of the switch.
I have enabled dot1x on the switch to run with RADIUS with one test user
account i the raddb/users with MySQL backend.
Eveyrthing is OK when client is using 802.1X auth - the switch is detecting
link, then if there is EAPOL login succesfull it is assinged to vlan1.
When the computer is in violation then it is moved to vlan 3 (isolation).
But i have problem with guests or users not using 802.1X at all - seems
like they are not assigned to the any vlan at all.
I have found that the ony way to get users assigned to any vlan is to use
below command on the switch
interface fa 0/2
dot1x guest-vlan 2
Thus if the end device is not sending EAPOL requests at all in given time
then it is moved to the vlan 2 (registration).
when running web browser user is prompet do login the machine - I enter the
testing account which for sure works (as with 802.1X EAPOL) and then I'm
presented the message that my network should be enabled in the moment.
The device gets reg status in packetfence web amdinistraton page.
Then I see that the packetfence sends a command to the switch to shut down
the port in order to reassing it to the proper vlan.
The problem is that after port shutdown the device again lands in guest
vlan.
Any suggestions what can be the issue?
One more thing, I've also experimented with dot1x auth-fail vlan 5 so that
users that fail EAPOL will be assigned to the vlan 5 which uses inline
security - then the registration works.
--
Michal Sochoń
alias _KaszpiR_ [email protected]
IRC: #hlds.pl @ irc.quakenet.org
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
