Hi Luis, Got it.
Bryand, Can you post your packetfence.log when you plug a machine to the switch?. Please remove private IP adresses and info that is not relevant for the problem. Regards, On Mon, Aug 11, 2014 at 12:08 PM, Louis Munro <[email protected]> wrote: > Gentlemen, > Please do not cc the packetfence-devel or packetfence-announce lists on > user support questions. > > Those lists are reserved to development and release announcements related > issues. > > Regards, > -- > Louis Munro > [email protected] :: www.inverse.ca > +1.514.447.4918 *125 :: +1 (866) 353-6153 > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( > www.packetfence.org) > > On 2014-08-11, at 12:42 , Bryand Eduardo Sánchez Palacios < > [email protected]> wrote: > > Hi Juan, > > Thanks you for your quickly reply, > > We have tried with several deauthentication methods, on the web config > page (RADIUS, SSH, SNMP), without get any succesful result. However the > port authentication is succesful, because switch automatically allocate > this in the registration VLAN. > > Here is one print screen, about that. > > > <packetfence_deathetincation_method.jpg> > > > > > Best regards. > > > > > > *Bryand Eduardo Sánchez Palacios. * > MCP, CCNA, SCSA > Mobile: +57 300 666 37 33 > Bogotá, Colombia. > > > > > > > ------------------------------ > Date: Fri, 8 Aug 2014 15:23:24 -0500 > From: [email protected] > To: [email protected] > CC: [email protected]; > [email protected] > Subject: Re: [PacketFence-devel] ref. Problems with PF m Port is not > flapping automatically between VLANS. > > HI Bryand, > > I think that the root cause of your problem is based on the way that you > are doing the deauthentication method, what I see is that you are using > SNMP, however and if I'm not wrong the best method to do this is with > Radius CoA, you should see in the Network configuration Devices how to > configure the switch in order to send the authentication and deauth through > Radius. I hope if I'm wrong the guys at Inverse can correct what I'm saying. > > I hope that this can give you a start point. > > Best regards > > > On Fri, Aug 8, 2014 at 11:24 AM, Bryand <[email protected]> wrote: > > > Hi, Good morning everyone, > > We have a requirement in the company, about NAC access for applying to > users to get control about the connections to the resources that they > currently have. > We already set up our packet fence server with Ubuntu Server 12.04 LTE, > and it is partially working with the authentication and 802.1 Protocol for > VLAN assignment on the Switch, also We have the following infrastructure: > - One server with all VLANs Trunking on it and it is connected to a > Switch Dell Force10 S50. > - One Laptop (On Client side) connected to a Gi 1/7. > - DHCP service is running on switch, per VLAN. > - VLANS created on the switch are: 800 Production with Internet > access, 910 Registration, 911 Isolation and 913 MAC Detection. > - The Subnetworks for each VLAN are: 910 (192.168.210.0/24), 911 ( > 192.168.211.0/24), 913 (192.168.213.0/24). > After all configuration, we are experience the following issues: > When we connect the laptop to a port configured with 801.1 X, the switch > allocates this on the VLAN 910 (Registration), and the captive portal > appears on the browser, then we can authenticate the user. However, in the > Switch log, the port doesn’t flip to the production VLAN (800) > automatically, until we reconnected the port to the Switch or we executed > shut /no shut down port command. > Also, the Laptop which is on VLAN production, can work without any > problem. > > To try to solve this problem, we thought that could be a sentence with the > vlan.pm, according to PF logs, or the modules that are used for our > switches, these are some S50 Dell Force 10, but we can't see the light at > the end of the tunnel, right now. Jeje > > We appreciate a lot, your comments or opinions about this issue in order > to try to solve the problem. > > Thank you. > Sincerely > > -- > <FirmaBryandSanchez.ok.png> > > > > > *PF Logs:* > > root@packetfence:~# tail -f /usr/local/pf/logs/packetfence.log > Aug 06 09:57:41 pfsetvlan(18) INFO: reAssignVlan trap received on > 192.168.212.3 ifindex 1007 which is not ethernetCsmacd > (pf::vlan::doWeActOnT hisTrap) > Aug 06 09:57:41 pfsetvlan(18) INFO: doWeActOnThisTrap returns false. Stop > reAssignVlan handling (main::handleTrap) > Aug 06 09:57:41 pfsetvlan(18) INFO: finished (main::cleanupAfterThread) > Aug 06 10:16:57 pfsetvlan(21) INFO: local (127.0.0.1) trap for switch > 192.168.212.3 (main::parseTrap) > Aug 06 10:16:57 pfsetvlan(20) INFO: nb of items in queue: 1; nb of threads > running: 0 (main::startTrapHandlers) > Aug 06 10:16:57 pfsetvlan(20) ERROR: Argument "noSuchInstance" isn't > numeric in numeric eq (==) at /usr/local/pf/lib/pf/vlan.pm line 139. > (pf::vlan::doWeActOnThisTrap) > Aug 06 10:16:57 pfsetvlan(20) INFO: reAssignVlan trap received on > 192.168.212.3 ifindex 1007 which is not ethernetCsmacd > (pf::vlan::doWeActOnT hisTrap) > Aug 06 10:16:57 pfsetvlan(20) INFO: doWeActOnThisTrap returns false. Stop > reAssignVlan handling (main::handleTrap) > Aug 06 10:16:57 pfsetvlan(20) INFO: finished (main::cleanupAfterThread) > Aug 06 10:17:45 httpd.portal(12119) INFO: mac : 00:0c:29:61:62:fe > (captiveportal::PacketFence::Controller::CaptivePortal::validateMac) > Aug 06 10:17:45 httpd.portal(12119) INFO: Updating node 00:0c:29:61:62:fe > user_agent with useragent: 'Mozilla/5.0 (X11; Linux x86_64; rv:24.0) > Gecko/20140722 Firefox/24.0 Iceweasel/24.7.0' > (captiveportal::PacketFence::Controller::CaptivePortal::nodeRecordUserAgent) > Aug 06 10:17:45 httpd.portal(12119) INFO: Static User-Agent lookup data > initialized (pf::useragent::_init) > Aug 06 10:17:45 httpd.portal(12119) INFO: 00:0c:29:61:62:fe redirected to > default > (captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister) > Aug 06 10:17:45 httpd.portal(12119) INFO: 00:0c:29:61:62:fe redirected to > authentication page > (captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister) > Aug 06 10:18:56 httpd.portal(12128) INFO: mac : 00:0c:29:61:62:fe > (captiveportal::PacketFence::Controller::CaptivePortal::validateMac) > Aug 06 10:18:56 httpd.portal(12128) INFO: Authentication successful for > bsanchez in source local (SQL) (pf::authentication::authenticate) > Aug 06 10:18:56 httpd.portal(12128) INFO: person bsanchez modified to > bsanchez (pf::person::person_modify) > Aug 06 10:18:56 httpd.portal(12128) INFO: re-evaluating access for node > 00:0c:29:61:62:fe (manage_register called) > (pf::enforcement::reevaluate_access) > Aug 06 10:18:56 httpd.portal(12128) INFO: switch port for > 00:0c:29:61:62:fe is 192.168.212.3 ifIndex 1007 connection type: Wired MAC > Auth (pf::enforcement::_vlan_reevaluation) > Aug 06 10:18:59 pfsetvlan(22) INFO: local (127.0.0.1) trap for switch > 192.168.212.3 (main::parseTrap) > Aug 06 10:18:59 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads > running: 0 (main::startTrapHandlers) > Aug 06 10:18:59 pfsetvlan(1) ERROR: Argument "noSuchInstance" isn't > numeric in numeric eq (==) at /usr/local/pf/lib/pf/vlan.pm line 139. > (pf::vlan::doWeActOnThisTrap) > Aug 06 10:18:59 pfsetvlan(1) INFO: reAssignVlan trap received on > 192.168.212.3 ifindex 1007 which is not ethernetCsmacd > (pf::vlan::doWeActOnThisTrap) > Aug 06 10:18:59 pfsetvlan(1) INFO: doWeActOnThisTrap returns false. Stop > reAssignVlan handling (main::handleTrap) > Aug 06 10:18:59 pfsetvlan(1) INFO: finished (main::cleanupAfterThread) > > > > *After user Authentication the user was moved to Production VLAN, when we > shut/no shut the port, it doesn't flipping autpmatically * > > Aug 06 10:22:48 pfsetvlan(5) WARN: couldn't get MAC at ifIndex 69256450. > This is a problem. (pf::Switch::_getMacAtIfIndex) > Aug 06 10:22:49 pfsetvlan(5) WARN: couldn't get MAC at ifIndex 69256450. > This is a problem. (pf::Switch::_getMacAtIfIndex) > > > *Swtich config:* > > SW_RD_07#show running-config snmp > ! > snmp-server community > snmp-server community testing rw > snmp-server enable traps bgp > snmp-server enable traps snmp authentication coldstart linkdown linkup > snmp-server enable traps vrrp > snmp-server enable traps stp > snmp-server enable traps ecfm > snmp-server enable traps xstp > snmp-server enable traps envmon fan supply temperature > snmp-server enable traps eoam > snmp-server host 192.168.212.1 traps version 2c testing udp-port 162 > > SW_RD_07#show running-config interface gigabitethernet 1/7 > ! > interface GigabitEthernet 1/7 > no ip address > switchport > dot1x authentication > dot1x mac-auth-bypass > dot1x auth-type mab-only > no shutdown > SW_RD_07# > > SW_RD_07#show running-config radius > ! > radius-server host 192.168.212.1 key 7 a56fd6b9b796eb74 auth-port 1812 > SW_RD_07# > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > _______________________________________________ > PacketFence-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-devel > > > > > -- > > *“Choose a job you love, and you will never have to work a day in your > life”* > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck Code > Sight - the same software that powers the world's largest code search on > Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds > _______________________________________________ PacketFence-devel mailing > list [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-devel > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-devel > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- *“Choose a job you love, and you will never have to work a day in your life”*
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
