Hello Matteo, Thanks for your reply,
> Anyway: > I saw that you specify the access vlan for this port. This is not needed I > think. dot1x will make this work for you. > Just to configure "Normal" vlan in packetfence switch configuration, in > order to forward the correct information to the switch. > Try to do this... As far as I understand, by stating following in the switch configuration for each port; interface FastEthernet0/33 switchport access vlan 4 switchport mode access we are using the "Mac Detection Vlan", as stated in the conf/switches.conf. In the [default] section of conf/switches.conf, we define; macDetectionVlan=4 This is an empty vlan, when a new user plugs-in to the switch its in Mac Detection Vlan, if it authenticates through 802.1X it goes to access VLAN, or if 802.1X fails then it authenticates with Mac Access Bypass (MAB) and gets into Registration VLAN. After MAB succeeds, its supposed to access to Captive Portal and register itself to be able to get into Access/Normal/Default VLAN. > Anyway, some other question that maybe will help me too: > 1) I have also cisco 3560, but no possibility to perform commands that > start with "authentication xxx" ...In which way were you able to do this? If you mean the "authentication" command for each switchport on Cisco 3560, it worked in my case. I did the following; Switch> enable Switch# configure terminal Switch(config)# interface FastEthernet 0/33 Switch(config-if)# authentication order dot1x mab If you can't get authentication when you are at (config-if) command prompt in the switch, my guess is that you might have to configure the global config commands for Authentication first. Commands like following might have to be issued in global config; aaa authentication login default local aaa authentication dot1x default group packetfence aaa authorization network default group packetfence > 2) Why do you wanna MAB? Isn't enough dot1x + SNMP in order to send and > change port configuration? > ok... in my case is not working at all... I able to see the portal... > make the self registration... but the last and "dream" switch vlan is not > working! :-S :-< I decided to use 802.1x/MAB without PortSecurity (Static MAC addresses) > NOTE: > If Our configuration is similar.... what do you think to share the > information and files configuration between us? Definitely, we can exchange the configs, Regards... --ali ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
