Re: [PacketFence-users] routed networks help

[Durand fabrice]

Hi Andi,
sorry for the delay.

So on the PacketFence side all looks good.
Can you sniff on eth0 to see if you can see dhcp request from 10.101.0.2 ?

tshark -i eth0 -f "host 10.101.0.2"


Regards
Fabrice

Le 2014-07-23 14:49, Morris, Andi a écrit :

Yep,
subnet 10.101.0.0 netmask 255.255.240.0 {
  option routers 10.101.0.2;
  option subnet-mask 255.255.240.0;
  option domain-name "vlan-registration.internal.uwic.ac.uk";
  option domain-name-servers 192.168.208.4;
  range 10.101.0.10 10.101.15.254;
  default-lease-time 30;
  max-lease-time 30;
}

------------------------------------------------------------------------
*From:* Fabrice DURAND [fdur...@inverse.ca]
*Sent:* 23 July 2014 19:38
*To:* packetfence-users@lists.sourceforge.net
*Subject:* Re: [PacketFence-users] routed networks help

Ok looks good.

and what about /usr/local/pf/var/conf/dhcpd.conf ?, do you have the subnet inside ?

Fabrice

Le 2014-07-23 14:17, Morris, Andi a écrit :

Hi Fabrice,
yes I can ping 10.101.0.2 from the pfence server.

Routing table is:
[root@pfence01 ~]# ip route
192.168.225.16/30 dev eth2  proto kernel  scope link  src 192.168.225.17
192.168.101.0/24 dev eth1  proto kernel  scope link  src 192.168.101.101
192.168.212.0/24 dev eth3  proto kernel  scope link  src 192.168.212.4
192.168.216.0/23 via 192.168.208.2 dev eth0
192.168.208.0/22 dev eth0  proto kernel  scope link  src 192.168.208.4
10.101.0.0/20 via 192.168.208.2 dev eth0
169.254.0.0/16 dev eth0  scope link  metric 1002
169.254.0.0/16 dev eth1  scope link  metric 1003
169.254.0.0/16 dev eth2  scope link  metric 1004
169.254.0.0/16 dev eth3  scope link  metric 1005
default via 192.168.101.2 dev eth1

Cheers,
Andi
------------------------------------------------------------------------
*From:* Fabrice DURAND [fdur...@inverse.ca]
*Sent:* 23 July 2014 18:55
*To:* packetfence-users@lists.sourceforge.net
*Subject:* Re: [PacketFence-users] routed networks help

Hi Andi,

>From 192.168.208.4 are you able to ping 10.101.0.2 ?

Can you check the routing table ?

Regards
Fabrice

Le 2014-07-23 13:50, Morris, Andi a écrit :

Hi all,

I’m having some trouble configuring one of my remote sites to talk to the central site’s packetfence registration interface. I’ve successfully setup another routed network but when I try and mimic the setup on the second network the clients joining the registration network don’t get an IP address.

Network communication between the sites seems ok, I can ping the gateway of the vlans from each of the respective network cores.

Networks.conf (10.101.0.0/20 is the troublesome network, 192.168.216.0/23 is working fine):

[192.168.208.0]

dns=192.168.208.4

dhcp_start=192.168.208.10

gateway=192.168.208.4

domain-name=vlan-registration.internal.uwic.ac.uk

named=enabled

dhcp_max_lease_time=30

dhcpd=enabled

dhcp_end=192.168.211.246

type=vlan-registration

netmask=255.255.252.0

dhcp_default_lease_time=30

[192.168.212.0]

dns=192.168.212.4

dhcp_start=192.168.212.10

gateway=192.168.212.4

domain-name=vlan-isolation.internal.uwic.ac.uk

named=enabled

dhcp_max_lease_time=30

dhcpd=enabled

dhcp_end=192.168.212.246

type=vlan-isolation

netmask=255.255.255.0

dhcp_default_lease_time=30

[192.168.216.0]

dns=192.168.208.4

next_hop=192.168.208.2

gateway=192.168.216.2

dhcp_start=192.168.216.10

domain-name=vlan-registration.internal.uwic.ac.uk

named=enabled

dhcp_max_lease_time=30

dhcpd=enabled

netmask=255.255.254.0

type=vlan-registration

dhcp_end=192.168.217.254

dhcp_default_lease_time=30

[10.101.0.0]

dns=192.168.208.4

next_hop=192.168.208.2

gateway=10.101.0.2

dhcp_start=10.101.0.10

domain-name=vlan-registration.internal.uwic.ac.uk

named=enabled

dhcp_max_lease_time=30

dhcpd=enabled

netmask=255.255.240.0

type=vlan-registration

dhcp_end=10.101.15.254

dhcp_default_lease_time=30

From 192.168.208.2 I can ping 10.101.0.2, and vice-versa.

DHCP is configured on the WLC wireless controller on the remote site to use 192.168.208.4

I haven't had a second to do any packet sniffing on the network objects yet, but I wondered whether there was anything glaringly missing that people can see?

Cheers,

Andi

-------------------------------------

Andi Morris

IT Security Officer
Cardiff Metropolitan University

T: 02920 205720
E: amor...@cardiffmet.ac.uk<mailto:amor...@cardiffmet.ac.uk>

--------------------------------------



------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds


_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Fabrice Durand
fdur...@inverse.ca  ::  +1.514.447.4918 (x135) ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)


------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds


_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

--
Fabrice Durand
fdur...@inverse.ca  ::  +1.514.447.4918 (x135) ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)


------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds


_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users