Solution:
In your pf.conf file, for the management interface,
add a parameter called 'vip' and put the cluster IP
ie.
[interface eth42]
ip=1.3.3.7
mask=0.0.0.0
type=management
vip=42.42.42.42
Radius CoA should be sent using that value :)
Let me know!
Cheers!
dw.
--
Derek Wuelfrath
[email protected] :: +1.514.447.4918 (x110) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On 2013-08-07, at 11:26 AM, Derek Wuelfrath <[email protected]> wrote:
> Jake!
> Your tha man! Exactly what I thought ;)
>
> Glad that you are now on the good side of the matrix ;)
>
> Anything else ? :)
>
> Cheers!
> dw.
>
> --
> Derek Wuelfrath
> [email protected] :: +1.514.447.4918 (x110) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
> (www.packetfence.org)
>
> On 2013-08-07, at 10:56 AM, "Sallee, Stephen (Jake)" <[email protected]>
> wrote:
>
>> Derek:
>>
>> I beat you to it buddy!
>>
>> The problem was that PF is using one interface for RADIUS and another for
>> the RADIUS-CoA. Once I configured both interfaces as RADIUS servers on the
>> WLC it started working.
>>
>> I had three debug sessions on separate pieces of hardware going at once,
>> watching text fly by … felt like I was in The Matrix.
>>
>> http://images.wikia.com/anythingeverything/images/5/5c/The_Matrix.gif
>> and then
>> http://images5.fanpop.com/image/photos/31800000/The-Matrix-the-matrix-31832109-500-211.gif
>> and then
>> http://4.bp.blogspot.com/-Bz80e6kWy-g/USUbvD8_B-I/AAAAAAAAKw8/hau1V82mSFQ/s1600/the-one.gif
>>
>> Sorry for the link storm, I’m just so relieved to get this working and
>> pictures relay emotion so much better.
>>
>>
>>
>> Jake Sallee
>> Godfather of Bandwidth
>> System Engineer
>> University of Mary Hardin-Baylor
>> 900 College St.
>> Belton TX. 76513
>> Fone: 254-295-4658
>> Phax: 254-295-4221
>> HTTP://WWW.UMHB.EDU
>>
>> From: Derek Wuelfrath [mailto:[email protected]]
>> Sent: Wednesday, August 07, 2013 9:08 AM
>> To: [email protected]
>> Subject: Re: [PacketFence-users] RADIUS De-Auth on Cisco WLC5508
>>
>> Can you send me the two following pcap please.
>> 1. A PCAP containing a RADIUS Access-Request from the controller to the
>> PacketFence server
>> 2. A PCAP containing the CoA from the PacketFence server to the controller.
>>
>> I think I know what is the problem :)
>>
>> Derek
>>
>> --
>> Derek Wuelfrath
>> [email protected] :: +1.514.447.4918 (x110) :: www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
>> (www.packetfence.org)
>>
>> On 2013-08-06, at 2:13 PM, "Sallee, Stephen (Jake)" <[email protected]>
>> wrote:
>>
>>
>> Yes and it is set to enabled.
>>
>> Jake Sallee
>> Godfather of Bandwidth
>> System Engineer
>> University of Mary Hardin-Baylor
>> 900 College St.
>> Belton TX. 76513
>> Fone: 254-295-4658
>> Phax: 254-295-4221
>> HTTP://WWW.UMHB.EDU
>>
>> From: Derek Wuelfrath [mailto:[email protected]]
>> Sent: Tuesday, August 06, 2013 12:31 PM
>> To: [email protected]
>> Subject: Re: [PacketFence-users] RADIUS De-Auth on Cisco WLC5508
>>
>> Jake,
>> Is there any place in the RADIUS server configuration on the WLC mentionning
>> RFC3576 ?
>>
>> Derek
>>
>> --
>> Derek Wuelfrath
>> [email protected] :: +1.514.447.4918 (x110) :: www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
>> (www.packetfence.org)
>>
>> On 2013-08-05, at 6:21 PM, "Sallee, Stephen (Jake)" <[email protected]>
>> wrote:
>>
>>
>>
>> Hello all!
>>
>> I am having a bit of trouble configuring my PF box to do RADIUS-CoA de-auth
>> to my Cisco WLC 5508.
>>
>> I THINK I have everything configured right but I keep getting this error in
>> the logs:
>>
>> Aug 05 16:58:27 pfsetvlan(1) WARN: Unable to perform RADIUS
>> Disconnect-Request: Timeout waiting for a reply from 10.2.1.35 on port 3799
>> at /usr/local/pf/lib/pf/util/radius.pm line 160. (pf::SNMP::__ANON__)
>> Aug 05 16:58:27 pfsetvlan(1) ERROR: Wrong RADIUS secret or unreachable
>> network device... (pf::SNMP::__ANON__)
>> Aug 05 16:58:27 pfsetvlan(1) INFO: finished (main::cleanupAfterThread)
>>
>> Now, that says I have the wrong RADIUS secret but I have quadruple checked
>> to make sure the secret is correct. I have rebooted both boxes to make
>> sure the changes persist and they do.
>>
>> I have checked the config guide but it doesn’t mention anything I need to do
>> on the WLC as far as RADIUS-CoA is concerned.
>>
>> As always, any help is appreciated.
>>
>> Jake Sallee
>> Godfather of Bandwidth
>> System Engineer
>> University of Mary Hardin-Baylor
>> 900 College St.
>> Belton TX. 76513
>> Fone: 254-295-4658
>> Phax: 254-295-4221
>> HTTP://WWW.UMHB.EDU
>>
>> ------------------------------------------------------------------------------
>> Get your SQL database under version control now!
>> Version control is standard for application code, but databases havent
>> caught up. So what steps can you take to put your SQL databases under
>> version control? Why should you start doing it? Read more to find out.
>> http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk_______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>> ------------------------------------------------------------------------------
>> Get 100% visibility into Java/.NET code with AppDynamics Lite!
>> It's a free troubleshooting tool designed for production.
>> Get down to code-level detail for bottlenecks, with <2% overhead.
>> Download for free and get started troubleshooting in minutes.
>> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk_______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>> ------------------------------------------------------------------------------
>> Get 100% visibility into Java/.NET code with AppDynamics Lite!
>> It's a free troubleshooting tool designed for production.
>> Get down to code-level detail for bottlenecks, with <2% overhead.
>> Download for free and get started troubleshooting in minutes.
>> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk_______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
