Hello Mark,
where is connected the registration interface ?
Is the packetfence network interface card is directly connected to the
switch (like eth1 on a port access 302) ?
Regards
Fabrice
Le 2013-11-13 04:54, Mark Gmeiner a écrit :
So, I've got PacketFence up and running now - partly ...
My gear:
PF 4.0.6-2 on a Centos 6.4 x64 Server
Extreme Networks Summit X460-48t, XOS 15.3.1.4-patch19, all ports
configured into macregistration-vlan (tag 302)
PacketFence properly learns all the nodes on my network, I can
manually pre-register these nodes and they got dropped into the
correct role/vlan. So far so good ...
But ...
An directly attached, unregistered node (that stays in
macregistration-vlan) gets blackholed in the fdb and - ergo - can't
connect to the captive-portal for user-self-registration:
switch1 # show netlogin port 11
Port : 11
Port Restart : Disabled
Allow Egress : None
Vlan : macregistration
Authentication : mac-based
Port State : Enabled
Guest Vlan : Disabled
Auth Failure Vlan : Disabled
Auth Service-Unavailable Vlan : Disabled
MAC IP address Authenticated Type
ReAuth-Timer User
00:1b:78:3c:8f:99 0.0.0.0 Yes(B), Radius MAC
7106 001B783C8F99
-----------------------------------------------
(B) - Client entry Blackholed in FDB
while a virtual machine on a registered node or a node on a miniswitch
with some other registered node can properly connect to the
captive-portal, register and connect to its target vlan!
PF-Radius says:
Wed Nov 13 10:45:18 2013 : Auth: Login OK: [001B783C8F99] (from client
10.4.201.18 port 1011 cli 00-1B-78-3C-8F-99)
Wed Nov 13 10:45:18 2013 : Auth: rlm_perl: Returning vlan 302 to
request from 00:1b:78:3c:8f:99 port 1011
So, as far as I can see, the unregistered node is authenticated
correctly to the macregistration-vlan (302) and SHOULD get an
ipaddress for further proceeding. But instead I got no network
connectivity at all.
Am I missing something? Because configuration actually was pretty
straightforward (switch- and PF-side) ...
FYI: When I deselect the "force-registration"-checkbox in PF, the
unregistered nodes get a correct macregistration-ipaddress, but then
there is no captive-portal to register (works as designed, I guess).
Thanks in advance!
regards
Mark
------------------------------------------------------------------------------
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
