Dear Fabrice,
Many thanks for your very quick answer. Seems to be easy... I have tried the
configuration but I'm facing following problems (or challenges):
1. The switch keep replying in the radius answer that the switch is not in
production, even if the switch is configured as "Production", below the
information got from the configuration file switch.conf and a dump of the
radius request:
[10.52.15.28]
RoleMap=N
AccessListMap=N
description=ICH-E-A-SW-028
type=Brocade
VoIPEnabled=N
radiusSecret=radius1234
defaultVlan=-1
labor-devicesVlan=110
macDetectionVlan=-1
isolationVlan=-1
registrationVlan=-1
voiceVlan=-1
inlineVlan=-1
mode=production
#SNMPVersion = 3
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
#SNMPVersionTrap = 3
#SNMPUserNameTrap = readUser
#SNMPAuthProtocolTrap = MD5
#SNMPAuthPasswordTrap = authpwdread
#SNMPPrivProtocolTrap = DES
#SNMPPrivPasswordTrap = privpwdread
17:31:57.267890 IP (tos 0x0, ttl 61, id 7465, offset 0, flags [none], proto UDP
(17), length 145)
10.52.15.28.cplscrambler-in > 172.22.20.24.radius: [udp sum ok] RADIUS,
length: 117
Access Request (1), id: 0x6c, Authenticator:
1408c56424ed432d223e36e83b439168
Username Attribute (1), length: 14, Value: 001ae8598517
0x0000: 3030 3161 6538 3539 3835 3137
Password Attribute (2), length: 18, Value:
0x0000: 0ee2 0327 a85b acda 0ed3 622a f568 2974
Service Type Attribute (6), length: 6, Value: Framed
0x0000: 0000 0002
Framed MTU Attribute (12), length: 6, Value: 1500
0x0000: 0000 05dc
NAS IP Address Attribute (4), length: 6, Value: 10.52.15.28
0x0000: 0a34 0f1c
NAS Port Type Attribute (61), length: 6, Value: Ethernet
0x0000: 0000 000f
NAS Port Attribute (5), length: 6, Value: 5
0x0000: 0000 0005
NAS ID Attribute (32), length: 16, Value: ICH-E-A-SW-028
0x0000: 4943 482d 452d 412d 5357 2d30 3238
Calling Station Attribute (31), length: 19, Value: 00-1A-E8-59-85-17
0x0000: 3030 2d31 412d 4538 2d35 392d 3835 2d31
0x0010: 37
17:31:59.267162 IP (tos 0x0, ttl 64, id 1543, offset 0, flags [none], proto UDP
(17), length 103)
172.22.20.24.radius > 10.52.15.28.cplscrambler-in: [bad udp cksum 68d8!]
RADIUS, length: 75
Access Accept (2), id: 0x6c, Authenticator:
359e6c58bb50e6115642443615ad70f2
Reply Attribute (18), length: 55, Value: Switch is not in production,
so we allow this request
0x0000: 5377 6974 6368 2069 7320 6e6f 7420 696e
0x0010: 2070 726f 6475 6374 696f 6e2c 2073 6f20
0x0020: 7765 2061 6c6c 6f77 2074 6869 7320 7265
0x0030: 7175 6573 74
2. For the "registration" of the MAC addresses. Does this need to be over the
admin interface or would it be possible to do it via a self service portal (I
would suppose the registration interface). If yes, I'm facing the problem that
because the registration VLAN is kind of a dummy VLAN which is not reachable, I
cannot reach the registration interface over the management VLAN. Is there a
solution to that?
Many thanks for your help.
Best regards
Laurent
>Date: Thu, 26 Mar 2015 09:15:33 -0400
>From: Durand fabrice <[email protected]>
>Subject: Re: [PacketFence-users] Functionality question regarding MAC
>authentication and VLAN assignment
>To: [email protected]
>Message-ID: <[email protected]>
>Content-Type: text/plain; charset=utf-8; format=flowed
>
>Hello Laurent,
>
>yes it's possible to have this setup in packetfence.
>But when you configure packetfence by the configurator you must create a
>reg and isol interface (these will be never used)
>
>So the next steps are:
>- create all the roles you need (Staff, Student, VIP ...)
>- add the switch in packetfence (ip, radius secret, ...) and assign the
>correct vlan id to each role (role by vlan id only) and assign -1 for
>reg and isol role (it will reject connection for unknow devices).
>
>Then create all the node (mac address) in packetfence and assign them a
>role, and reg them.
>
>That's all.
>
>Regards
>Fabrice
>
--
--
--
Laurent Bourqui, Solutions Architect - [email protected]
BNC - Business Network Communication AG - http://www.bnc.ch/
Grubenstrasse 7b, CH-3322 Urtenen-Schönbühl
tel: +41 31 858 58 58 / fax: +41 31 858 58 50
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
