Well, I have a little experience with Xirrus ... about 7 years : ) We have about ~150 Xirrus arrays running with PF enabled.
My thoughts on Xirrus as a product ... that may be a conversation for another time. Short, short version? 90/10 positive. As to your problem, it looks like you have PF and Xirrus configured fine. But without knowing more about the situation I cannot say for sure. I would take PF AND Xirrus out of the picture for the moment and make sure a workstation on vlan 500 can get a DHCP address. If that works then start with a station using only the Xirrus array, etc. Also, what do the logs on the Xirrus array say? Xirrus maps the RADIUS AV Pair for the vlan assignment to a group that must be declared on the array, if the group is not configured on the array the connection will not finish. For example: If you are assigning vlan 500 you should have a group called 500 with the radius id and vlan number all set to 500 as well. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ________________________________ From: Max McGrath [[email protected]] Sent: Thursday, May 14, 2015 3:50 PM To: [email protected] Subject: [PacketFence-users] Xirrus and PF Hi all - Just curious if anyone out there is successfully using Xirrus with PF? Also, does anyone have ANY experience with Xirrus that would like to share their thoughts on the product? We are a Motorola shop -- but have three Xirrus demo units. I think I've configured it to work properly with PF as I'm seeing this in the logs: May 14 11:40:22 httpd.webservices(3201) INFO: [cc:3a:61:38:42:c2] handling radius autz request: from switch_ip => (10.200.5.1), connection_type => Wireless-802.11-NoEAP,switch_mac => (48:c0:93:01:e2:89), mac => [cc:3a:61:38:42:c2], port => 0, username => "cc3a613842c2" (pf::radius::authorize) May 14 11:40:22 httpd.webservices(3201) INFO: [cc:3a:61:38:42:c2] (10.200.5.1) Returning ACCEPT with VLAN 500 and role (pf::Switch::returnRadiusAccessAccept) May 14 11:40:32 httpd.webservices(3201) INFO: [cc:3a:61:38:42:c2] handling radius autz request: from switch_ip => (10.200.5.1), connection_type => Wireless-802.11-NoEAP,switch_mac => (48:c0:93:01:e2:91), mac => [cc:3a:61:38:42:c2], port => 0, username => "cc3a613842c2" (pf::radius::authorize) May 14 11:40:32 httpd.webservices(3201) INFO: [cc:3a:61:38:42:c2] (10.200.5.1) Returning ACCEPT with VLAN 500 and role (pf::Switch::returnRadiusAccessAccept) It appears that it's working since I'm getting an ACCEPT and a VLAN returned....I'm just not getting an IP on my client device: May 14 14:04:00 DHCP-Academic dhcpd: DHCPDISCOVER from cc:3a:61:38:42:c2 (android-f093ca85756d27d4) via 10.200.0.1 May 14 14:04:01 DHCP-Academic dhcpd: DHCPOFFER on 10.200.53.120 to cc:3a:61:38:42:c2 (android-f093ca85756d27d4) via 10.200.0.1 May 14 14:04:16 DHCP-Academic dhcpd: DHCPDISCOVER from cc:3a:61:38:42:c2 (android-f093ca85756d27d4) via 10.200.0.1 May 14 14:04:16 DHCP-Academic dhcpd: DHCPOFFER on 10.200.53.120 to cc:3a:61:38:42:c2 (android-f093ca85756d27d4) via 10.200.0.1 May 14 14:04:35 DHCP-Academic dhcpd: DHCPDISCOVER from cc:3a:61:38:42:c2 (android-f093ca85756d27d4) via 10.200.0.1 May 14 14:04:35 DHCP-Academic dhcpd: DHCPOFFER on 10.200.53.120 to cc:3a:61:38:42:c2 (android-f093ca85756d27d4) via 10.200.0.1 May 14 14:04:52 DHCP-Academic dhcpd: DHCPDISCOVER from cc:3a:61:38:42:c2 (android-f093ca85756d27d4) via 10.200.0.1 May 14 14:04:52 DHCP-Academic dhcpd: DHCPOFFER on 10.200.53.120 to cc:3a:61:38:42:c2 (android-f093ca85756d27d4) via 10.200.0.1 May 14 14:04:54 DHCP-Academic dhcpd: DHCPDISCOVER from cc:3a:61:38:42:c2 (android-f093ca85756d27d4) via 10.200.0.1 May 14 14:04:54 DHCP-Academic dhcpd: DHCPOFFER on 10.200.53.120 to cc:3a:61:38:42:c2 (android-f093ca85756d27d4) via 10.200.0.1 You can see I go DISCOVER, OFFER over and over again -- never an ACK. Is this an issue with PF -- or somewhere else? Thanks! Max -- Max McGrath Network Administrator Carthage College 262-552-5512 [email protected]<mailto:[email protected]> ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
