Since I upgraded to 3.4.1, PF seems not to return the normalVLAN to nodes In packetfence.log I get
Jul 06 12:11:28 pf::WebAPI(4054) INFO: MAC: 00:1c:23:33:03:ef, PID: holmes, Status: reg. Returned VLAN: (pf::vlan::fetchVlanForNode) Jul 06 12:11:28 pf::WebAPI(4054) WARN: new VLAN is not a managed VLAN -> Returning FAIL. Is the target vlan in the vlans=... list? (pf::radius::authorize) The switch I'm testing on has the target vlan defined, but anyway I think the actual issue is that no VLAN is returned as shown in the first line above type=ThreeCom::E4800G mode=production uplink=24 vlans=1,2,3,4,5,50,60 normalVlan=3 registrationVlan=50 isolationVlan=60 macDetectionVlan=5 If I set the Bypass VLAN to 3, it drops into the VLAN correctly. INFO: pfcmd calling node_modify for 00:1c:23:33:03:ef (main::command_param) Jul 06 12:16:11 pfcmd(4370) INFO: re-evaluating access for node 00:1c:23:33:03:ef (node_modify called) (pf::enforcement::reevaluate_access) Jul 06 12:16:11 pfcmd(4370) INFO: 00:1c:23:33:03:ef is currentlog connected at 163.1.40.23 ifIndex 1 in VLAN 50 (pf::enforcement::_should_we_reassign_vlan) Jul 06 12:16:11 pfcmd(4370) INFO: MAC: 00:1c:23:33:03:ef, PID: holmes, Status: reg. Returned VLAN: 3 (pf::vlan::fetchVlanForNode) Jul 06 12:16:11 pfcmd(4370) INFO: VLAN reassignment required for 00:1c:23:33:03:ef (current VLAN = 50 but should be in VLAN 3) (pf::enforcement::_should_we_reassign_vlan) Jul 06 12:16:11 pfcmd(4370) INFO: switch port for 00:1c:23:33:03:ef is 163.1.40.23 ifIndex 1 connection type: Wired MAC Auth (pf::enforcement::_vlan_reevaluation) Jul 06 12:16:15 pfsetvlan(22) INFO: local (127.0.0.1) trap for switch 163.1.40.23 (main::parseTrap) Jul 06 12:16:15 pfsetvlan(3) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Jul 06 12:16:15 pfsetvlan(3) INFO: reAssignVlan trap received on 163.1.40.23 ifIndex 1 (main::handleTrap) Jul 06 12:16:15 pfsetvlan(3) WARN: Until CoA is implemented we will bounce the port on VLAN re-assignment traps for MAC-Auth (pf::SNMP::handleReAssignVlanTrapForWiredMacAuth) Jul 06 12:16:19 pfsetvlan(3) INFO: finished (main::cleanupAfterThread) Jul 06 12:16:23 pf::WebAPI(4059) INFO: handling radius autz request: from switch_ip => 163.1.40.23, connection_type => Ethernet-NoEAP mac => 00:1c:23:33:03:ef, port => 16781313, username => 001c233303ef (pf::radius::authorize) Jul 06 12:16:23 pf::WebAPI(4059) INFO: MAC: 00:1c:23:33:03:ef, PID: holmes, Status: reg. Returned VLAN: 3 (pf::vlan::fetchVlanForNode) Jul 06 12:16:23 pf::WebAPI(4059) WARN: Role-based Network Access Control is not supported on network device type pf::SNMP::ThreeCom::E4800G. (pf::SNMP::supportsRoleBased And I notice that VLAN 3 is returned, wheras in the previous example it is empty pfcmd(4370) INFO: MAC: 00:1c:23:33:03:ef, PID: holmes, Status: reg. Returned VLAN: 3 (pf::vlan::fetchVlanForNode) Not sure what's happened here - any clues? Thanks, Mark Nuffield College is a Registered Charity No. 1137506. Registered Office: Nuffield College, New Road, Oxford, OX1 1NF ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
