I am working on a new 4.3 server. I have run into an issue where radius will
authenticate the port, but the snmp will not change the vlan on the switch.
Which log will give me more info about why the switch isn’t happening. I can
change the vlan on the switch manually by executing the pfcmd_vlan command, it
just doesn’t do it automatically
VLAN 600 is the registration vlan
From the Packetfence.log file I get this
Aug 08 08:27:37 httpd.webservices(1478) INFO: handling radius autz request:
from switch_ip => 192.168.*.*, connection_type => WIRED_MAC_AUTH,switch_mac =>
64:e9:50:*:*:*, mac => 00:23:18:*:*:*, port => 10102, username => 002318******
(pf::radius::authorize)
Aug 08 08:27:38 httpd.webservices(1478) INFO: Could not find any IP phones
through discovery protocols for ifIndex 10102 (pf::Switch::getPhonesDPAtIfIndex)
Aug 08 08:27:38 httpd.webservices(1478) INFO: MAC: 00:23:18:*:*:* is of status
unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Aug 08 08:27:38 httpd.webservices(1478) INFO: [192.168.*.*] Returning ACCEPT
with VLAN 600 and role (pf::Switch::returnRadiusAccessAccept)
From the radius.log file I get this
Fri Aug 8 08:22:38 2014 : Auth: Login OK: [002318******] (from client
192.168.*.* port 50002 cli 00-23-18-*-*-*)
Fri Aug 8 08:22:39 2014 : Auth: rlm_perl: Returning vlan 600 to request from
00:23:18:*:*:* port 50002
From the switch it shows this
Aug 8 15:32:42.467: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/2, changed state to down
Aug 8 15:32:43.465: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed
state to down
Aug 8 15:32:47.752: %AUTHMGR-5-START: Starting 'mab' for client (0023.18*.*)
on Interface Gi0/2 AuditSessionID C0A85A020000000D054E2877
Aug 8 15:32:48.490: %MAB-5-SUCCESS: Authentication successful for client
(0023.18*.*) on Interface Gi0/2 AuditSessionID C0A85A020000000D054E2877
Aug 8 15:32:48.490: %AUTHMGR-7-RESULT: Authentication result 'success' from
'mab' for client (0023.18*.*) on Interface Gi0/2 AuditSessionID
C0A85A020000000D054E2877
Aug 8 15:32:49.337: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed
state to up
Aug 8 15:32:49.522: %AUTHMGR-5-SUCCESS: Authorization succeeded for client
(0023.18*.*) on Interface Gi0/2 AuditSessionID C0A85A020000000D054E2877
Aug 8 15:32:50.344: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/2, changed state to up
If someone could help me get more debugging info I would appreciate it.
Thanks
Dan Nelson
Network Administrator
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
