Re: [PacketFence-users] Apply to Vlan

[Minh Trung]

Hello Fabrice,

I was successful in configured the vmware machine in tag the vlan as above
we discussed (it take long time to figure out [?])  and i also see the
portal on device which is plugged in the port testing.
But on radius log still show the error:









*Tue Apr 28 16:53:57 2015 : Auth: Login OK: [c80aa930b31f] (from client
10.126.123.10 port 50001 cli C8-0A-A9-30-B3-1F)Tue Apr 28 16:53:58 2015 :
Auth: rlm_perl: Returning vlan 210 to request from c8:0a:a9:30:b3:1f port
50001Tue Apr 28 16:53:58 2015 : Error: [sql] Couldn't insert SQL accounting
START record - PROCEDURE pf.acct_start does not existTue Apr 28 16:54:00
2015 : Error: [sql] Couldn't update SQL accounting STOP record - PROCEDURE
pf.acct_stop does not existTue Apr 28 16:54:00 2015 : Error: rlm_sql_mysql:
Cannot store resultTue Apr 28 16:54:00 2015 : Error: rlm_sql_mysql: MySQL
error 'PROCEDURE pf.acct_stop does not exist'Tue Apr 28 16:54:05 2015 :
Error: [sql] Couldn't update SQL accounting STOP record - PROCEDURE
pf.acct_stop does not existTue Apr 28 16:54:05 2015 : Error: rlm_sql_mysql:
Cannot store resultTue Apr 28 16:54:05 2015 : Error: rlm_sql_mysql: MySQL
error 'PROCEDURE pf.acct_stop does not exist'*
Do i miss configured any on database?

I have DHCP(windows OS) existed with DHCP range 10.126.123.x how to make
clients will retrieved DHCP from Windows OS after clients finished
register?
Should i need change all ports on switch L2 to default(Vlan1)?
Any help is appreciated,

Thanks & regards,



On 2 April 2015 at 00:46, Durand fabrice <fdur...@inverse.ca> wrote:

>  Hello Minh,
>
> you have to tag the vlan 210 and 220 on the switch port where packetfence
> has been plugged on the vswitch.
> I don't have the exact way to do it but it look like there is
> documentation on internet to do that.
>
> Regards
> Fabrice
>
>
>
> Le 2015-03-31 23:11, Minh Trung a écrit :
>
>   Hello Fabrice,
>
>  You are right, my VMware connected 4500 via gi7/6, here is the
> spaning-tree command:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *VLAN0210   Spanning tree enabled protocol ieee   Root ID    Priority
> 32978              Address     5475.d0c3.e100              This bridge is
> the root              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15
> sec   Bridge ID  Priority    32978  (priority 32768 sys-id-ext 210)
>              Address     5475.d0c3.e100              Hello Time   2 sec
> Max Age 20 sec  Forward Delay 15 sec              Aging Time 300
> Interface           Role Sts Cost      Prio.Nbr Type -------------------
> ---- --- --------- -------- --------------------------------
> Gi2/4               Desg FWD 4         128.68   P2p Gi7/3
> Desg FWD 4         128.387  P2p Gi7/6               Desg FWD 4
> 128.390  P2p Po1                 Desg FWD 3         128.641  P2p
> VLAN0220   Spanning tree enabled protocol ieee   Root ID    Priority
> 32988              Address     5475.d0c3.e100              This bridge is
> the root              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15
> sec   Bridge ID  Priority    32988  (priority 32768 sys-id-ext 220)
>              Address     5475.d0c3.e100              Hello Time   2 sec
> Max Age 20 sec  Forward Delay 15 sec              Aging Time 300
> Interface           Role Sts Cost      Prio.Nbr Type -------------------
> ---- --- --------- -------- --------------------------------
> Gi2/4               Desg FWD 4         128.68   P2p Gi7/3
> Desg FWD 4         128.387  P2p Gi7/6               Desg FWD 4
> 128.390  P2p Po1                 Desg FWD 3         128.641  P2p *
>  Also, Vlan122 is native, new Vlan210,220 is created for PF.
>  The picture will show where is the PF connection(Serverfarm_A is one of
> Vlan122.). Do i need reconfigure vmware? How it look like?
>
>  Thanks and Best regards,
>
> On 31 March 2015 at 20:48, Durand fabrice <fdur...@inverse.ca> wrote:
>
>>  Hello Minh,
>>
>> based on what i can see and suppose packetfence has been plugged on Gi7/6
>> (vmware).
>> So check :
>> 'show spanning-tree' if vlan 210 and 220 are forwarded to gi7/6
>>
>> Where packetfence is connected on vmware ? is it connected to a trunk
>> port  where the vlan 220 and 230 are allowed and the vlan 122 is the native
>> one ?
>>
>> Also HSRP is a layer 3 protocol and we talk about a layer 2 network.
>>
>> Check all these items and from the laptop connected on the vlan 210,
>> retry a ping, check the arp table.
>>
>>
>> Regards
>> Fabrice
>>
>>
>>
>>
>>
>> Le 2015-03-31 03:38, Minh Trung a écrit :
>>
>>    Hello Fabrice,
>>
>>  I changed reg and iso interface back to 10.126.210.1, 10.126.220.1 but
>> still no luck.
>>
>>  As you comment could we call PF as a switch L2? Then after plug a device
>> to 4500 i am not able ping to 10.126.210.1 even from 4500 can not ping
>> 10.126.210.1 also.
>>  Do i misconfiguration on vmware? But other vlan are still fine excluded
>> some new vlan for PF.
>>  Here is the interface configured on 4500 to vmware:
>>  *The first 4500:*
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *interface GigabitEthernet7/4  description ### To KFVNVM02_NIC1 ###
>>  switchport access vlan 122  switchport mode access  speed 1000  duplex
>> full ! interface GigabitEthernet7/5  description ### To KFVNVM02_NIC3 ###
>>  switchport access vlan 122  switchport mode access  speed 1000  duplex
>> full ! interface GigabitEthernet7/6  description ### To KFVNVM02_NIC4 ###
>>  switchport trunk allowed vlan 122,126,127,210,220,230  switchport mode
>> trunk  speed 1000  duplex full *
>>
>>  *The second 4500:( I has 2 switches 4500 and HSRP configured)*
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *interface GigabitEthernet7/4  description ### To KFVNVM02_NIC2 ###
>>  switchport access vlan 122  switchport mode access  speed 1000  duplex
>> full ! interface GigabitEthernet7/5  description ### To KFVNVM02_NIC5 ###
>>  switchport access vlan 122  switchport mode access  speed 1000  duplex
>> full ! interface GigabitEthernet7/6  description ### To KFVNVM02_NIC6 ###
>>  switchport trunk allowed vlan 122,126,127,210,220,230  switchport mode
>> trunk  speed 1000  duplex full*
>>
>>  Any help is appreciated,
>>
>>  Best regards,
>>
>>
>>
>> On 30 March 2015 at 23:01, Durand fabrice <fdur...@inverse.ca> wrote:
>>
>>>  Hi Minh,
>>>
>>> Keep in mind that reg and isol vlan are layer 2 networks, so you don't
>>> have to assign an ip address for these 2 vlan on the cisco config
>>> (packetfence is the only one who manage what happen on these 2 networks).
>>>
>>> So the the ip address of the reg interface is 10.126.210.1 (ifconfig)
>>> not 10.126.210.5 so change that in pf.conf and networks.conf and restart
>>> packetfence (same thing for isol).
>>>
>>> Now plug a device in a port on the 4500 configured like that:
>>>
>>> switchport mode access
>>> switch port access vlan 210
>>>
>>> with a device with a static ip :
>>> 10.126.210.33
>>>
>>> and try to ping  10.126.210.1.
>>>
>>> If this doesn't work then fix the vmware/cisco config to make it work
>>> (trunk, allowed vlan...).
>>>
>>> Regards
>>> Fabrice
>>>
>>>
>>> Le 2015-03-30 03:06, Minh Trung a écrit :
>>>
>>> Hello Fabrice,
>>>
>>> I already check trunk port but still problem as previously posted.
>>>
>>> My PF as below:
>>>
>>> PC ---+ --> Switch_L2(2960- Cisco) ---trunk--> Switch_L3(4500) ---trunk--->
>>> PF(VMware- ESX)
>>>
>>> Here is the config interface that L2 connected on Core switch:
>>>
>>> i
>>>
>>>
>>>
>>>
>>> *nterface GigabitEthernet2/4 description ### Testing Network Security
>>> ### switchport trunk allowed vlan
>>> 110,123,124,127,128,135,210,220,230 switchport mode trunk*
>>> I has 2 core switches and configured HSRP so all Vlan will be take 3 ip
>>> addresses for HSRP eg:
>>> Vlan123: x.x.x.1, x.x.x.2, x.x.x..3 are assign for core switches, other
>>> Vlan will be same.
>>> So i changed 2 interface Vlan on PF as below:
>>> *networks.conf*
>>> [10.126.210.0]
>>> dns=10.126.210.5
>>> dhcp_start=10.126.210.10
>>> *gateway=10.126.210.5*
>>> domain-name=vlan-registration.global
>>> nat_enabled=disabled
>>> named=enabled
>>> dhcp_max_lease_time=30
>>> fake_mac_enabled=disabled
>>> dhcpd=enabled
>>> dhcp_end=10.126.210.246
>>> type=vlan-registration
>>> netmask=255.255.255.0
>>> dhcp_default_lease_time=30
>>>
>>> [10.126.220.0]
>>> dns=10.126.220.5
>>> dhcp_start=10.126.220.10
>>> *gateway=10.126.220.5*
>>> domain-name=vlan-isolation.global
>>> nat_enabled=disabled
>>> named=enabled
>>> dhcp_max_lease_time=30
>>> fake_mac_enabled=disabled
>>> dhcpd=enabled
>>> dhcp_end=10.126.220.246
>>> type=vlan-isolation
>>> netmask=255.255.255.0
>>> dhcp_default_lease_time=30
>>>
>>> But still no luck
>>>
>>> Do i misconfiguration of any parts?
>>>
>>> Any help is appreciated,
>>>
>>> Regards,
>>>
>>> On 28 March 2015 at 23:17, Durand fabrice <fdur...@inverse.ca> 
>>> <fdur...@inverse.ca> wrote:
>>>
>>>
>>>   Hello Minh,
>>>
>>> has you probably notice there is no RX traffic on eth0.210 and eth0.220
>>> and eth0.230 so it's probably a switch configuration issue.
>>>
>>> Check on the switch port where packetfence's eth0 has been plugged that
>>> 'switch port mode trunk' (cisco syntax) has been configured and check in
>>> all uplink port that the vlan 210 and 220 are allowed.
>>>
>>> Regards
>>>
>>>
>>>
>>>
>>>
>>>  
>>> ------------------------------------------------------------------------------
>>> Dive into the World of Parallel Programming The Go Parallel Website, 
>>> sponsored
>>> by Intel and developed in partnership with Slashdot Media, is your hub for 
>>> all
>>> things parallel software development, from weekly thought leadership blogs 
>>> to
>>> news, videos, case studies, tutorials and more. Take a look and join the
>>> conversation now. http://goparallel.sourceforge.net/
>>>
>>>
>>>
>>> _______________________________________________
>>> PacketFence-users mailing 
>>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Dive into the World of Parallel Programming The Go Parallel Website,
>>> sponsored
>>> by Intel and developed in partnership with Slashdot Media, is your hub
>>> for all
>>> things parallel software development, from weekly thought leadership
>>> blogs to
>>> news, videos, case studies, tutorials and more. Take a look and join the
>>> conversation now. http://goparallel.sourceforge.net/
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> PacketFence-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website, 
>> sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub for 
>> all
>> things parallel software development, from weekly thought leadership blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now. http://goparallel.sourceforge.net/
>>
>>
>>
>> _______________________________________________
>> PacketFence-users mailing 
>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website,
>> sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub
>> for all
>> things parallel software development, from weekly thought leadership
>> blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now. http://goparallel.sourceforge.net/
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for all
> things parallel software development, from weekly thought leadership blogs to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
>
>
>
> _______________________________________________
> PacketFence-users mailing 
> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users