I am actually out of the office this week, our campus is shut down for spring break and I'm getting some time off! WOOT! However, I will try to take some time to surf the list a bit.
If your device is getting correctly placed into your registration vlan then that is a very good sign. If you are not getting a DHCP address fixing that problem depends on how you are assigning the IPs. If you are using PF as your DHCP server you need to make sure that the DHCP requests are making it to the server as well as the DHCP service is started. Try disabling the firewall on your PF box to see if it is blocking the requests. Verify the DHCP traffic to/from your DHCP server with tshark or wireshark. Also, it never hurts to reboot your PF box just to make sure all the necessary services get restarted when you make any configuration changes. A good rule of thumb is to put your PF server into debugging or trace level logging mode and follow log files like packetfence.log, radiusd.log, etc. Be warned! Trace level logging can give you too much info and most of it will not be helpful to anyone but a programmer. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ________________________________ From: sampath jayashantha [[email protected]] Sent: Monday, March 10, 2014 10:40 PM To: [email protected] Subject: Re: [PacketFence-users] Adding switch to packet fence, Hi sallee, Any updates if u don't mind. :) Regards, Sampath Jayashantha On Sat, Mar 8, 2014 at 5:35 PM, sampath jayashantha <[email protected]<mailto:[email protected]>> wrote: Hi sallee, First thank you very much for your reply. I did the configuration according to your template. When i plug a new device switch goes to vlan 2. But device dosent get a IP address from registration vlan. Wondering where i should do the troubleshooting. Before i go more deeper into configuration stuff could you please help me to understand the basic behavior of the pf. I have below few concerns. 1 ) When i plug a new device to wired port what is the process actually gone through it. I just need to identify the steps which involve for device registration. I know there is a radius authentication with MAB. And then switch should go to registration vlan according to snmp traps. Registration vlan ip should assign to the device and we should able to get the registration portal through web. If registration is success switch should go to production vlan. otherwise it should go to isolation vlan. 2) Am i correct ? Other than pf switch configuration, do i need to do any additional configuration on packet fence for device ? 3) And lets assume i need to put my new device to vlan 10 if the authentication success. where should i configure that information on the packet fence web portal ? I know this is kind a nerd question serious. But I i know i'm missing something and i don't know what it is. Hope understating basics will guide me to the exact problem. :) Thank you very much for your valuable time. On Wed, Mar 5, 2014 at 11:03 PM, Sallee, Jake <[email protected]<mailto:[email protected]>> wrote: I'm sorry, one of my users decided to start sending thousands of spam messages and I got very busy cleaning up the mess :) Could you tell me again exactly what your question was? You were wanting to add a switch to PF and were asking the best method, right? If you are adding switches to PF in my opinion the best way is to use VLan enforcement with MAB or 802.1x. MAB is simpler by far to setup but is less secure than 802.1x. I just re-posted the necessary config bits for a cisco switch using MAB and the Admin guide explains how to add the switch into PF. I hope that helps, if you need more assistance just post your questions to the list. I will do what I can. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ________________________________ From: sampath jayashantha [[email protected]<mailto:[email protected]>] Sent: Wednesday, March 05, 2014 10:29 AM To: [email protected]<mailto:[email protected]> Subject: Re: [PacketFence-users] Adding switch to packet fence, Dear Users, Any updates :( On Mon, Mar 3, 2014 at 10:13 PM, sampath jayashantha <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> wrote: Hi sallee, This one ? Help with Cisco 2960 and 1242<http://sourceforge.net/p/packetfence/mailman/message/29744760> Regards, Sampath On Mon, Mar 3, 2014 at 9:46 PM, Sallee, Jake <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> wrote: Search for my name and 2960 in the archives, I posted the necessary config bits to make PF work with MAB on just about any cisco switch. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ________________________________ From: sampath jayashantha [[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>] Sent: Monday, March 03, 2014 9:24 AM To: [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> Subject: Re: [PacketFence-users] Adding switch to packet fence, Dear Jason, I just followed the packet fence device configuration guide to configure the switch. I can see there are lot of methods like, telnet, ssh, snmp, radius etc on packet fence switch add GUI. But i'm little bit confuse with those options Which are how to relate to each other. :( To make packet fence up and running with a vary basic configuration could you please tell me which configuration i need to do in switch side and the packet fence side. Same time what is the different between port-security method and full 802.1x with RADIUS de-auth. Little bit confused with those terminologies. And what will be the role for SNMP traps ? What is actually does ? Note: No need to explain in a very detail manner. Just briefing will be enough to find the right path for me. Regards, Sampath On Mon, Mar 3, 2014 at 8:40 PM, Jason Frisvold <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>><mailto:[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>>> wrote: sampath jayashantha wrote: > Hi fellow people, > > After getting tired with old cisco 2950 old switch i found a new switch > 2960 as my new packet fence switch. I have completed the switch > configuration according to the support document. But the problem is when > i plug in a device to switch port 4 nothing happen. I cant see any event > on switch and packet fence side logs. Any particular reason you're using the port-security method? The 2960 is fully capable of full 802.1x with RADIUS de-auth. For your current configuration, you need to make sure that traps from the switch are making it to the server. Is iptables on the packetfence server open for incoming 162/udp connections? Did you restart radiusd after adding the new switch config? > Am i missing anything ? -- --------------------------- Jason 'XenoPhage' Frisvold [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>><mailto:[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> --------------------------- "Any sufficiently advanced magic is indistinguishable from technology.\" - Niven's Inverse of Clarke's Third Law ------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>><mailto:[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- .......................................................................................... There is always some one who know more Than us out there. Wê Lïvê †ð §hårê : Wê Lðvê †ð §hårê SAM ------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- .......................................................................................... There is always some one who know more Than us out there. Wê Lïvê †ð §hårê : Wê Lðvê †ð §hårê SAM -- .......................................................................................... There is always some one who know more Than us out there. Wê Lïvê †ð §hårê : Wê Lðvê †ð §hårê SAM ------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users -- .......................................................................................... There is always some one who know more Than us out there. Wê Lïvê †ð §hårê : Wê Lðvê †ð §hårê SAM -- .......................................................................................... There is always some one who know more Than us out there. Wê Lïvê †ð §hårê : Wê Lðvê †ð §hårê SAM ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
