Sorry you could not find the email in the archives. Im posting it back to the list for posterity : )
Here are the necessary config bits for enabling MAB on a Cisco 2960, but it should work for almost any Cisco switch: ===================================== Global config: aaa new-model aaa authentication dot1x default group radius aaa authorization network default group radius aaa accounting dot1x default start-stop group radius aaa accounting system default start-stop group radius snmp-server community <your SNMP string here> RW radius-server host <your RADIUS server IP> auth-port 1812 acct-port 1813 key <your RADIUS secret here> radius-server key 7 <your RADIUS secret here> radius-server vsa send authentication Port config: description NAC_Controlled switchport mode access switchport port-security maximum 2 switchport port-security maximum 1 vlan access switchport port-security authentication order mab authentication port-control auto mab mls qos trust cos spanning-tree portfast spanning-tree bpdufilter enable spanning-tree bpduguard enable spanning-tree guard loop ===================================== Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ________________________________________ From: Decoursey, Jason B CADET MIL USA USMA [[email protected]] Sent: Wednesday, March 05, 2014 10:31 AM To: Sallee, Jake Subject: RE: [PacketFence-users] Adding switch to packet fence Jake, I'm in the same boat as jayashantha I am trying to configure a 2960 for just MAB I've looked for a post from you in the archives and have been unable to find it. Forgive my noob question. I have made no changes to the FreeRadius configuration (it is in its default state), on the service status window it says it is running however, It is not currently listening on port 1812. Is there something I need to enable on PacketFence for it to listen? I want FreeRadius to use packetfence's user DB for the MAC addresses. Is this possible? If so, how? (I am an IT student doing this for a research project on a test network) Very Respectfully, Jason DeCoursey -----Original Message----- From: Sallee, Jake [mailto:[email protected]] Sent: Monday, March 03, 2014 11:16 AM To: [email protected] Subject: Re: [PacketFence-users] Adding switch to packet fence, Search for my name and 2960 in the archives, I posted the necessary config bits to make PF work with MAB on just about any cisco switch. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ________________________________ From: sampath jayashantha [[email protected]] Sent: Monday, March 03, 2014 9:24 AM To: [email protected] Subject: Re: [PacketFence-users] Adding switch to packet fence, Dear Jason, I just followed the packet fence device configuration guide to configure the switch. I can see there are lot of methods like, telnet, ssh, snmp, radius etc on packet fence switch add GUI. But i'm little bit confuse with those options Which are how to relate to each other. :( To make packet fence up and running with a vary basic configuration could you please tell me which configuration i need to do in switch side and the packet fence side. Same time what is the different between port-security method and full 802.1x with RADIUS de-auth. Little bit confused with those terminologies. And what will be the role for SNMP traps ? What is actually does ? Note: No need to explain in a very detail manner. Just briefing will be enough to find the right path for me. Regards, Sampath On Mon, Mar 3, 2014 at 8:40 PM, Jason Frisvold <[email protected]<mailto:[email protected]>> wrote: sampath jayashantha wrote: > Hi fellow people, > > After getting tired with old cisco 2950 old switch i found a new > switch > 2960 as my new packet fence switch. I have completed the switch > configuration according to the support document. But the problem is > when i plug in a device to switch port 4 nothing happen. I cant see > any event on switch and packet fence side logs. Any particular reason you're using the port-security method? The 2960 is fully capable of full 802.1x with RADIUS de-auth. For your current configuration, you need to make sure that traps from the switch are making it to the server. Is iptables on the packetfence server open for incoming 162/udp connections? Did you restart radiusd after adding the new switch config? > Am i missing anything ? -- --------------------------- Jason 'XenoPhage' Frisvold [email protected]<mailto:[email protected]> --------------------------- "Any sufficiently advanced magic is indistinguishable from technology.\" - Niven's Inverse of Clarke's Third Law ------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- .......................................................................................... There is always some one who know more Than us out there. Wê Lïvê †ð §hårê : Wê Lðvê †ð §hårê SAM ------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
