Hi sallee,
First thank you very much for your reply. I did the configuration according
to your template. When i plug a new device switch goes to vlan 2. But
device dosent get a IP address from registration vlan. Wondering where i
should do the troubleshooting.
Before i go more deeper into configuration stuff could you please help me
to understand the basic behavior of the pf. I have below few concerns.
1 ) When i plug a new device to wired port what is the process actually
gone through it. I just need to identify the steps which involve for device
registration. I know there is a radius authentication with MAB. And then
switch should go to registration vlan according to snmp traps. Registration
vlan ip should assign to the device and we should able to get the
registration portal through web. If registration is success switch should
go to production vlan. otherwise it should go to isolation vlan.
2) Am i correct ? Other than pf switch configuration, do i need to do any
additional configuration on packet fence for device ?
3) And lets assume i need to put my new device to vlan 10 if the
authentication success. where should i configure that information on the
packet fence web portal ?
I know this is kind a nerd question serious. But I i know i'm missing
something and i don't know what it is. Hope understating basics will guide
me to the exact problem. :)
Thank you very much for your valuable time.
On Wed, Mar 5, 2014 at 11:03 PM, Sallee, Jake <[email protected]> wrote:
> I'm sorry, one of my users decided to start sending thousands of spam
> messages and I got very busy cleaning up the mess :)
>
> Could you tell me again exactly what your question was? You were wanting
> to add a switch to PF and were asking the best method, right?
>
> If you are adding switches to PF in my opinion the best way is to use VLan
> enforcement with MAB or 802.1x. MAB is simpler by far to setup but is less
> secure than 802.1x.
>
> I just re-posted the necessary config bits for a cisco switch using MAB
> and the Admin guide explains how to add the switch into PF.
>
> I hope that helps, if you need more assistance just post your questions to
> the list. I will do what I can.
>
> Jake Sallee
> Godfather of Bandwidth
> System Engineer
> University of Mary Hardin-Baylor
>
> 900 College St.
> Belton, Texas
> 76513
>
> Fone: 254-295-4658
> Phax: 254-295-4221
> ________________________________
> From: sampath jayashantha [[email protected]]
> Sent: Wednesday, March 05, 2014 10:29 AM
> To: [email protected]
> Subject: Re: [PacketFence-users] Adding switch to packet fence,
>
> Dear Users,
>
> Any updates :(
>
>
> On Mon, Mar 3, 2014 at 10:13 PM, sampath jayashantha <[email protected]
> <mailto:[email protected]>> wrote:
> Hi sallee,
>
> This one ? Help with Cisco 2960 and 1242<
> http://sourceforge.net/p/packetfence/mailman/message/29744760>
>
> Regards,
> Sampath
>
>
> On Mon, Mar 3, 2014 at 9:46 PM, Sallee, Jake <[email protected]<mailto:
> [email protected]>> wrote:
> Search for my name and 2960 in the archives, I posted the necessary config
> bits to make PF work with MAB on just about any cisco switch.
>
> Jake Sallee
> Godfather of Bandwidth
> System Engineer
> University of Mary Hardin-Baylor
>
> 900 College St.
> Belton, Texas
> 76513
>
> Fone: 254-295-4658
> Phax: 254-295-4221
> ________________________________
> From: sampath jayashantha [[email protected]<mailto:[email protected]
> >]
> Sent: Monday, March 03, 2014 9:24 AM
> To: [email protected]<mailto:
> [email protected]>
> Subject: Re: [PacketFence-users] Adding switch to packet fence,
>
> Dear Jason,
>
> I just followed the packet fence device configuration guide to
> configure the switch. I can see there are lot of methods like, telnet, ssh,
> snmp, radius etc on packet fence switch add GUI. But i'm little bit confuse
> with those options Which are how to relate to each other. :(
> To make packet fence up and running with a vary basic configuration
> could you please tell me which configuration i need to do in switch side
> and the packet fence side.
> Same time what is the different between port-security method and full
> 802.1x with RADIUS de-auth. Little bit confused with those terminologies.
> And what will be the role for SNMP traps ? What is actually does ?
>
> Note:
> No need to explain in a very detail manner. Just briefing will be enough
> to find the right path for me.
>
> Regards,
> Sampath
>
>
> On Mon, Mar 3, 2014 at 8:40 PM, Jason Frisvold <[email protected]
> <mailto:[email protected]><mailto:[email protected]<mailto:
> [email protected]>>> wrote:
> sampath jayashantha wrote:
> > Hi fellow people,
> >
> > After getting tired with old cisco 2950 old switch i found a new switch
> > 2960 as my new packet fence switch. I have completed the switch
> > configuration according to the support document. But the problem is when
> > i plug in a device to switch port 4 nothing happen. I cant see any event
> > on switch and packet fence side logs.
>
> Any particular reason you're using the port-security method? The 2960
> is fully capable of full 802.1x with RADIUS de-auth.
>
> For your current configuration, you need to make sure that traps from
> the switch are making it to the server. Is iptables on the packetfence
> server open for incoming 162/udp connections? Did you restart radiusd
> after adding the new switch config?
>
> > Am i missing anything ?
>
> --
> ---------------------------
> Jason 'XenoPhage' Frisvold
> [email protected]<mailto:[email protected]><mailto:
> [email protected]<mailto:[email protected]>>
> ---------------------------
>
> "Any sufficiently advanced magic is indistinguishable from technology.\"
> - Niven's Inverse of Clarke's Third Law
>
>
> ------------------------------------------------------------------------------
> Subversion Kills Productivity. Get off Subversion & Make the Move to
> Perforce.
> With Perforce, you get hassle-free workflows. Merge that actually works.
> Faster operations. Version large binaries. Built-in WAN optimization and
> the
> freedom to use Git, Perforce or both. Make the move to Perforce.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
> _______________________________________________
> PacketFence-users mailing list
> [email protected]<mailto:
> [email protected]><mailto:
> [email protected]<mailto:
> [email protected]>>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> --
>
> ..........................................................................................
>
> There is always some one who know more Than us out there.
>
> Wê Lïvê †ð §hårê : Wê Lðvê †ð §hårê
>
>
>
> SAM
>
>
> ------------------------------------------------------------------------------
> Subversion Kills Productivity. Get off Subversion & Make the Move to
> Perforce.
> With Perforce, you get hassle-free workflows. Merge that actually works.
> Faster operations. Version large binaries. Built-in WAN optimization and
> the
> freedom to use Git, Perforce or both. Make the move to Perforce.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
> _______________________________________________
> PacketFence-users mailing list
> [email protected]<mailto:
> [email protected]>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> --
>
> ..........................................................................................
>
> There is always some one who know more Than us out there.
>
> Wê Lïvê †ð §hårê : Wê Lðvê †ð §hårê
>
>
>
> SAM
>
>
>
> --
>
> ..........................................................................................
>
> There is always some one who know more Than us out there.
>
> Wê Lïvê †ð §hårê : Wê Lðvê †ð §hårê
>
>
>
> SAM
>
>
> ------------------------------------------------------------------------------
> Subversion Kills Productivity. Get off Subversion & Make the Move to
> Perforce.
> With Perforce, you get hassle-free workflows. Merge that actually works.
> Faster operations. Version large binaries. Built-in WAN optimization and
> the
> freedom to use Git, Perforce or both. Make the move to Perforce.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
--
..........................................................................................
There is always some one who know more Than us out there.
Wê Lïvê †ð §hårê : Wê Lðvê †ð §hårê
SAM
------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
