Hello all, I have Cisco 2960 and my DHCP server linked in to Vlan 2 (resgistration) for giving some IPs for unregistered people, but when I link for Vlan2 I dont have access for the Packetfence unregistered page and I dont know why. the service pfredirect is stopped and maybe its because that or some lack configuration. These are my configs:
______pf.conf_______ [general] # # general.domain # # Domain name of PacketFence system. domain=packetfence # # # general.hostname # # Hostname of PacketFence system. This is concatenated with the domain in Apache rewriting rules and therefore must be resolvable by clients. hostname=pf # # general.dnsservers # # Comma-delimited list of DNS servers. Passthroughs are created to allow queries to these servers from even "trapped" nodes. dnsservers=4.2.2.1, 4.2.2.2 # # general.dhcpservers # # Comma-delimited list of DHCP servers. Passthroughs are created to allow DHCP transactions from even "trapped" nodes. dhcpservers=192.168.10.10,192.168.2.10,192.168.3.10,192.168.5.10,192.168.200.10,192.168.1.10 locale=pt_BR [trapping] # trapping.range # # Comma-delimited list of address ranges/CIDR blocks that PacketFence will monitor/detect/trap on. Gateway, network, and # broadcast addresses are ignored. range=192.168.2.0/24,192.168.3.0/24,192.168.5.0/24,192.168.10.0/24,192.168.200.0/24,192.168.1.0/24 # # # trapping.registration # # If enabled, nodes will be required to register on first network access. Further registration options are configured in the # registration section. registration=enabled redirecturl=https://www.pf.packetfence # # trapping.detection # # Enables snort-based worm detection. If you don't have a span interface available, don't bother enabling it. If you do, # you'll most definately want this on. detection=enabled [database] # # database.pass # # Password for the mysql database used by PacketFence. pass=root [servicewatch] # # servicewatch.restart # # Should pfcmd service pf watch restart PF if services are not running? # You must make sure to call the watch command. Installing it in the cron is the # recommended approach: # */5 * * * * /usr/local/pf/bin/pfcmd service pf watch restart=enabled [registration] # # registration.auth # # Method by which registering nodes will be authenticated. Templates for LDAP, RADIUS, Kerberos, local and guests are # available at <conf_dir>/authentication. If you wish to use a different authentication mechanism, simply create # a file called <conf_dir>/authentication/<authname>.pm, fill it with the necessary data, and set # auth=<authname>. The default value, local, relies on a local access file in <conf_dir>/user.conf. auth=radius default_auth=radius [interface eth0] ip=192.168.1.10 mask=255.255.255.0 type=management gateway=192.168.1.10 # [interface eth0.200] ip=192.168.200.10 mask=255.255.255.0 type=internal,monitor enforcement=inline gateway=192.168.200.10 [guests_self_registration] modes=email,sponsor category = guest email_activation_timeout = 10m allow_localdomain = enabled mandatory_fields = firstname, lastname, phone, email guest_pid = email sponsors_only_from_localdomain=yes sponsor_authentication = local preregistration = enabled # REMOVE COMMENTS TO ENABLE VLAN MODE [interface eth0.2] ip=192.168.2.10 mask=255.255.255.0 type=internal enforcement=vlan gateway=192.168.2.1 [interface eth0.3] ip=192.168.3.10 mask=255.255.255.0 type=internal enforcement=vlan gateway=192.168.3.1 [interface eth0.5] ip=192.168.5.10 mask=255.255.255.0 type=internal enforcement=vlan gateway=192.168.5.1 [interface eth0.10] ip=192.168.10.10 mask=255.255.255.0 type=internal enforcement=vlan gateway=192.168.10.1 [captive_portal] network_detection_ip=192.168.8.10 [vlan] trap_limit = enabled trap_limit_threshold = 100 trap_limit_action = [scan] engine=nessus host=127.0.0.1 nessus_clientfile= basic-policy.nessus nessus_clientpolicy = basic-policy pass = nessusUserPassword registration = enabled user = nessusUsername _____networks.conf______ [192.168.200.0] type=inline netmask=255.255.255.0 gateway=192.168.200.10 dns=192.168.200.1 dhcp_start=192.168.200.10 dhcp_end=192.168.200.254 dhcp_default_lease_time=300 dhcp_max_lease_time=600 named=enabled dhcpd=enabled next_hop= domain-name=nac.zen.packetfence.org # REMOVE COMMENTS TO ENABLE DHCP IN VLAN MODE [192.168.2.0] type=vlan-registration netmask=255.255.255.0 gateway=192.168.2.10 next_hop= named=enabled domain-name=registration.packetfence.local dns=192.168.2.10 dhcpd=enabled dhcp_start=192.168.2.10 dhcp_end=192.168.2.254 dhcp_default_lease_time=300 dhcp_max_lease_time=300 [192.168.3.0] type=vlan-idn netmask=255.255.255.0 gateway=192.168.3.10 next_hop= named=enabled domain-name=isolation.packetfence.local dns=192.168.3.10 dhcpd=enabled dhcp_start=192.168.3.10 dhcp_end=192.168.3.254 dhcp_default_lease_time=300 dhcp_max_lease_time=300 [192.168.5.0] type=vlan-registration netmask=255.255.255.0 gateway=192.168.5.10 pf_gateway= named=disabled domain-name=guests.packetfence.local dns=192.168.5.10 dhcpd=enabled dhcp_start=192.168.5.10 dhcp_end=192.168.5.254 dhcp_default_lease_time=300 dhcp_max_lease_time=300 # REMOVE COMMENTS TO ENABLE DHCP IN PROD NETWORK [192.168.10.0] type=vlan-registration netmask=255.255.255.0 gateway=192.168.10.10 pf_gateway= named=disabled domain-name=production.packetfence.local dns=192.168.10.10 dhcpd=enabled dhcp_start=192.168.10.10 dhcp_end=192.168.10.254 dhcp_default_lease_time=300 dhcp_max_lease_time=300 _____switches.conf_____ [default] vlans = 1,2,3,4,5,10,200 managementVlan = 1 registrationVlan = 2 isolationVlan = 3 macDetectionVlan = 4 guestVlan = 5 normalVlan = 10 customVlan1 = customVlan2 = customVlan3 = customVlan4 = customVlan5 = VoIPEnabled = no voiceVlan = SNMPCommunityTrap=public mode = testing macSearchesMaxNb = 30 macSearchesSleepInterval = 2 uplink = dynamic # # Command Line Interface # # cliTransport could be: Telnet, SSH or Serial cliTransport = Telnet cliUser = cliPwd = cliEnablePwd = # # SNMP section # # PacketFence -> Switch SNMPVersion = 3 SNMPCommunityRead = public SNMPCommunityWrite = private #SNMPEngineID = 0000000000000 SNMPUserNameRead = readUser SNMPAuthProtocolRead = MD5 SNMPAuthPasswordRead = authpwdread SNMPPrivProtocolRead = AES SNMPPrivPasswordRead = privpwdread SNMPUserNameWrite = writeUser SNMPAuthProtocolWrite = MD5 SNMPAuthPasswordWrite = authpwdwrite SNMPPrivProtocolWrite = AES SNMPPrivPasswordWrite = privpwdwrite # Switch -> PacketFence SNMPVersionTrap = 3 SNMPUserNameRead = readUser SNMPCommunityTrap = public SNMPAuthProtocolTrap = MD5 SNMPAuthPasswordTrap = authpwdread SNMPPrivProtocolTrap = AES SNMPPrivPasswordTrap = privpwdread # # Web Services Interface # # wsTransport could be: http or https wsTransport = http wsUser = admin wsPwd = admin_pwd # # RADIUS NAS Client config # # RADIUS shared secret with switch radiusSecret= secretPassPhrase # # Roles support # # This controls the ability to assign roles along with VLANs when accepting # a node. This is experimental for now and the format is meant to change. # Format: <category_name1>=<controller_role1>;<category_name2>=<controller_role2>;... roles= [127.0.0.1] type = PacketFence mode = production uplink = dynamic # SNMP Traps v1 are used for internal messages SNMPVersionTrap=1 SNMPCommunityTrap=public [192.168.0.1] type = Cisco::Catalyst_2900XL mode = production uplink = 23,24 SNMPVersion = 3 SNMPEngineID = 0000000000000 SNMPUserNameRead = readUser SNMPAuthProtocolRead = MD5 SNMPAuthPasswordRead = authpwdread SNMPPrivProtocolRead = DES SNMPPrivPasswordRead = privpwdread SNMPUserNameWrite = writeUser SNMPAuthProtocolWrite = MD5 SNMPAuthPasswordWrite = authpwdwrite SNMPPrivProtocolWrite = DES SNMPPrivPasswordWrite = privpwdwrite SNMPVersionTrap = 3 SNMPUserNameTrap = readUser SNMPAuthProtocolTrap = MD5 SNMPAuthPasswordTrap = authpwdread SNMPPrivProtocolTrap = DES SNMPPrivPasswordTrap = privpwdread ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
