Hello Fabrice, Thank you for clarifying the "Mac-Detection Vlan" concept, appreciated.
After removing the access VLAN 4 (mac-detection) and Port-Security with Static-Mac address configuration from the switchport configuration, I was able to get 802.1X/MAB and Port Security working together. Haven't tested 802.1X with a properly configured 802.1X client but it should work. Now, my client machine gets assigned to registration VLAN through MAB authentication after 802.1X fails over to MAB in two seconds. I have another question for the PacketFence users though :) Does PacketFence come with any kind of email server in default installation on Ubuntu 12.04 ? So, once my Unregistered Client gets assigned a DHCP IP address from the Registration VLAN, it goes to the Captive Portal with a browser. In the Captive Portal, it has 3 options to Register; 1-) Register through emailing a Sponsor (and wait in the Reg VLAN until Sponsor activates the access through clicking the link in the email sent by PF) 2-) Register through sending an activation email to client's email account. ( Client gets 10 minutes of Normal VLAN IP address to let him get into his email account in order to get the activation code sent by PacketFence) 3-) Register through SMS. I tried all, but PacketFence was not able to send email to client's gmail.com account nor sponsor's email account. Here is the error messages from /usr/local/pf/logs/packetfence.log file Jun 10 17:10:23 httpd.portal(2561) INFO: mac : 00:23:5a:47:21:78 (captiveportal::PacketFence::Controller::CaptivePortal::validateMac) Jun 10 17:10:23 httpd.portal(2561) INFO: registering 00:23:5a:47:21:78 guest by email (captiveportal::PacketFence::Controller::Signup::doEmailSelfRegistration) Jun 10 17:10:23 httpd.portal(2561) INFO: Matched rule (catchall) in source email, returning actions. (pf::Authentication::Source::match) Jun 10 17:10:23 httpd.portal(2561) INFO: person [email protected] modified to [email protected] (pf::person::person_modify) Jun 10 17:10:23 httpd.portal(2561) INFO: re-evaluating access for node 00:23:5a:47:21:78 (manage_register called) (pf::enforcement::reevaluate_access) Jun 10 17:10:23 httpd.portal(2561) INFO: switch port for 00:23:5a:47:21:78 is 192.168.3.10 ifIndex 10033 connection type: Wired MAC Auth (pf::enforcement::_vlan_reevaluation) Jun 10 17:10:24 httpd.portal(2561) INFO: new activation code successfully generated (pf::email_activation::create) Jun 10 17:10:24 httpd.portal(2561) ERROR: Can't send email to [email protected]: Connection refused (pf::email_activation::__ANON__) I have checked the Perl Module ( lib/pf/email_activation.pm ) but there is no sub routine called _ANON_. Thank you for all the help and suggestions, Regards, --ali > Hi Guys, > > i think there is a misunderstood about pf work. > > There is no need of mac-detection vlan for port-sec mac-auth and 802.1x. > > You can try first only port-security, this technique use only snmp to > talk to the switch (so configure snmp community public private and > snmptrap to pf, also configure snmp in the pf switch config). > If a device plug in a port security enabled port then packetfence will > receive a snmp trap and check if the device is reg or no (answer a role > based vlan id or registration vlan) > > In case of unreg device, your device will be in the reg vlan and pf will > give you ip configuration and your device will hit the portal. > Once register in the portal pf will send a snmp write on the switch to > change the vlan of the port where the device is. > > In the case of mac-auth, pf will receive a radius request and check if > the device is reg or no and follow the same workflow as before (snmp + > radius config to do on each side). > > In the case of 802.1x, radius will check your username and password and > if it is ok then send ask packetfence for the vlan to return and follow > the same workflow as before (snmp + radius config to do on each side). > > So try first port-sec (it?s really simple) and try after the other > method and you will be able to understand how it work and you will be > able to mix different method. > > regards > Fabrice ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
