Thanks for your answer, but I already understood the dialog between cisco and the PF server. My really question was what the folder log I can see for look all the communication between PF and the switch. I really want to know what directive PF tell to the switch and switch to. I have a problem I configure my switch in two modes: Port security and for the radius mode. But I don't know how to configure radius into the PF. Can you help me please?
Best regards 11-13 rue René Jacques 92131 Issy-les-Moulineaux Cedex - France www.keynectis.com GUIMBI Ulrich Administrateur Systèmes et Réseaux T. +33 (0)1 44 42 00 15 T. +33 (0)1 55 64 21 21 -----Message d'origine----- De : Jason Frisvold [mailto:[email protected]] Envoyé : mardi 30 juillet 2013 15:40 À : [email protected] Objet : Re: [PacketFence-users] PF Server Dialog Ulrich Guimbi wrote: > I use a managing switches (Cisco 2960G). > I want to know the communication between switch and server. I'm still not sure what you're trying to identify, but basically the conversation between PF and the switches goes something like this : If you're using RADIUS, then the following occurs : A new client is plugged into the switch. If the switch is configured for 802.1x, then an 802.1x session is started with the client. If the client is configured for 802.1x, then the user's credentials are obtained and sent to PF via RADIUS. If MAB is also configured and the MAB timeout is reached, then the client MAC is sent to the PF server via RADIUS. In either case, RADIUS verifies the credentials and returns an accept or reject to the switch. In the case of an accept, the RADIUS server also sends the VLAN information necessary to put the client in the proper network. If the switch is configured for port security, or just SNMP Mac Notification, the following happens : A new client is plugged into the switch. In the case of port security, if the new MAC is different than the MAC listed for that port, then a trap is sent to the PF server. In the case of MAC notification, a trap is sent to the PF server. In either case, PF uses the MAC from the trap to determine if the client is registered or not. SNMP (or sometimes CLI) is used to send the switch the proper VLAN that client should be put in. In most cases, the port is then bounced to force the client to re-try DHCP. Is that what you're looking for? > Bests regards -- --------------------------- Jason 'XenoPhage' Frisvold [email protected] --------------------------- "Any sufficiently advanced magic is indistinguishable from technology.\" - Niven's Inverse of Clarke's Third Law -------------------------------------------------------------------------- ---- Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktr k _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
