Derek:
I beat you to it buddy!
The problem was that PF is using one interface for RADIUS and another for the
RADIUS-CoA. Once I configured both interfaces as RADIUS servers on the WLC it
started working.
I had three debug sessions on separate pieces of hardware going at once,
watching text fly by ... felt like I was in The Matrix.
http://images.wikia.com/anythingeverything/images/5/5c/The_Matrix.gif
and then
http://images5.fanpop.com/image/photos/31800000/The-Matrix-the-matrix-31832109-500-211.gif
and then
http://4.bp.blogspot.com/-Bz80e6kWy-g/USUbvD8_B-I/AAAAAAAAKw8/hau1V82mSFQ/s1600/the-one.gif
Sorry for the link storm, I'm just so relieved to get this working and pictures
relay emotion so much better.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton TX. 76513
Fone: 254-295-4658
Phax: 254-295-4221
HTTP://WWW.UMHB.EDU
From: Derek Wuelfrath [mailto:[email protected]]
Sent: Wednesday, August 07, 2013 9:08 AM
To: [email protected]
Subject: Re: [PacketFence-users] RADIUS De-Auth on Cisco WLC5508
Can you send me the two following pcap please.
1. A PCAP containing a RADIUS Access-Request from the controller to the
PacketFence server
2. A PCAP containing the CoA from the PacketFence server to the controller.
I think I know what is the problem :)
Derek
--
Derek Wuelfrath
[email protected]<mailto:[email protected]> :: +1.514.447.4918 (x110)
:: www.inverse.ca<http://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu/>) and
PacketFence (www.packetfence.org<http://www.packetfence.org/>)
On 2013-08-06, at 2:13 PM, "Sallee, Stephen (Jake)"
<[email protected]<mailto:[email protected]>> wrote:
Yes and it is set to enabled.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton TX. 76513
Fone: 254-295-4658
Phax: 254-295-4221
HTTP://WWW.UMHB.EDU
From: Derek Wuelfrath [mailto:[email protected]<http://inverse.ca>]
Sent: Tuesday, August 06, 2013 12:31 PM
To:
[email protected]<mailto:[email protected]>
Subject: Re: [PacketFence-users] RADIUS De-Auth on Cisco WLC5508
Jake,
Is there any place in the RADIUS server configuration on the WLC mentionning
RFC3576 ?
Derek
--
Derek Wuelfrath
[email protected]<mailto:[email protected]> :: +1.514.447.4918 (x110)
:: www.inverse.ca<http://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu/>) and
PacketFence (www.packetfence.org<http://www.packetfence.org/>)
On 2013-08-05, at 6:21 PM, "Sallee, Stephen (Jake)"
<[email protected]<mailto:[email protected]>> wrote:
Hello all!
I am having a bit of trouble configuring my PF box to do RADIUS-CoA de-auth to
my Cisco WLC 5508.
I THINK I have everything configured right but I keep getting this error in the
logs:
Aug 05 16:58:27 pfsetvlan(1) WARN: Unable to perform RADIUS Disconnect-Request:
Timeout waiting for a reply from 10.2.1.35 on port 3799 at
/usr/local/pf/lib/pf/util/radius.pm line 160. (pf::SNMP::__ANON__)
Aug 05 16:58:27 pfsetvlan(1) ERROR: Wrong RADIUS secret or unreachable network
device... (pf::SNMP::__ANON__)
Aug 05 16:58:27 pfsetvlan(1) INFO: finished (main::cleanupAfterThread)
Now, that says I have the wrong RADIUS secret but I have quadruple checked to
make sure the secret is correct. I have rebooted both boxes to make sure the
changes persist and they do.
I have checked the config guide but it doesn't mention anything I need to do on
the WLC as far as RADIUS-CoA is concerned.
As always, any help is appreciated.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton TX. 76513
Fone: 254-295-4658
Phax: 254-295-4221
HTTP://WWW.UMHB.EDU
------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
