Hello Håkan, You have to way to configure PacketFence with an Aruba controller, by role by vlan id or role by switch role (Configuration -> Switch -> Roles).
So first if you use role by VLAN ID let´s uncheck role by switch role first. Then configure: registration role with the vlan id of your registration vlan guest role : 1216 secured: 1217 Then on the Aruba side: Configuration -> Security -> Authentication -> Servers -> Radius Server: define 192.168.1.12 (mgmt ip of packetfence) + secret as a radius server. Configuration -> Security -> Authentication -> Servers -> Server Group: create a new group (PacketFence) and add 192.168.1.12 inside Configuration -> Security -> Authentication -> Servers -> RFC3576: define 192.168.1.12 (mgmt ip of packetfence) + secret (same as above) Configuration -> Security -> Authentication -> AAA Profiles: Create a new profile like PacketFence In this profile : MAC Authentication Server Group : PacketFence RFC3576: 192.168.1.12 Then in Wireless -> AP Configuration -> Wireless LAN -> Virtual AP: add a profile PacketFence with AAA Profile PacketFence and with your ssid profile. So now each time a device will try to connect to the network packetfence will receive a radius request and return the vlan id depending of the device role/reg_status. You can also add a 802.1x Authentication Server Group (PacketFence) in your AAA profile. The other way is to use User Role (Security -> Access Control -> USer Roles) and the user role correspond to Switch By Role in packetfence. Regards Fabrice Le 2015-03-12 05:12, Håkan Olofsson a écrit : > Hello people > > Pakcetfence is an awesome product. > I wonder if there is a complete setup on how-to make an Aruba 3600 > with IAP-105s play together with packetfence for authentication. I > been testing this back and forward now for a couple of days and > starting to get a little less hair on the head. > i was redirected to the PF-portal earlier but now it seems to got > stuck and i cannot get pass the aruba at all. Probably some > misconfiguration that i starred myself blind on. > > > Configuration > > I have to vlans for guest and secured (vlan 1216 (10.0.216.0/24 and > 1217 (10.0.217.0/24)). The aruba controller has 192.168.0.200/24 as > IP. PF has 192.168,1.12 as ip number > Those vlans are configured on the Aruba controller. SO i want the PF > to pass on the logon request to and AD, the authentication towards the > AD. At the moment the clients get their ipnumbers from the ADserver > and i can ping the PF. > Also the authentication against the AD works > > So tho my questions. > > Do i have to configure a captiveportal on the aruba with redirection, > if so, how will this configuration look like. How about the roles? > > I been reading in some of the thread s here about switch.conf and > there been mentioned about registration,isloation and several other > vlans. Shall those vlans also be configured on the aruba aswell or > just on the pf? > > But i would be very grateful for a simple working example on how it > will look on both sides , which can be built out. > > > > > //Haakan > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
0xF78F957E.asc
Description: application/pgp-keys
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
