Hi Andi, here the patch : https://github.com/inverse-inc/packetfence/commit/863ec03218da769c6d4227331c42d9699ea2721d.diff
Regards Fabrice Le 2015-05-18 09:24, Morris, Andi a écrit : > > I’ve found a way to change the CoA port on the WLC from 1700 to 3799, > and I’m now seeing the radius disconnect successful messages and my > clients are being disconnected. > > > > However, if at all possible I’d like to be able to configure > PacketFence to be able to use the configured port, rather than > changing default options on the WLC, as we have a few different WLC > flavours, and I’m not sure if it’s an changeable option on the older > types. > > > > Cheers, > > Andi > > > > *From:*Morris, Andi [mailto:[email protected]] > *Sent:* 18 May 2015 13:58 > *To:* '[email protected]' > *Subject:* Re: [PacketFence-users] radius disconnect in Cisco WLC > > > > An update. I think that my WLC might be using a different port for the > CoA. Running a /show ip connections /from the CLI I see that the > controller is listening on port 1700 on the IP 192.168.199.101, which > is the switches management IP address (I was mistaken in my previous > reply when I said 192.168.196.13 was the management IP. That is the IP > of one of the wireless interfaces. I just happen to use that IP for my > management of the WLC). > > > > I have updated the switch config in PF to use 192.168.199.101 and port > 1700 and restarted the PF services. However PF seems to not be taking > into account the port config and is still sending to port 3799. > > > > May 18 13:47:10 httpd.webservices(9990) INFO: [30:10:b3:13:be:37] > DesAssociating mac on switch (192.168.196.13) (pf::api::desAssociate) > > May 18 13:47:10 httpd.webservices(9990) INFO: [30:10:b3:13:be:37] > deauthenticating (pf::Switch::radiusDisconnect) > > May 18 13:47:10 httpd.webservices(9990) INFO: controllerIp is set, we > will use controller 192.168.199.101 to perform deauth > (pf::Switch::radiusDisconnect) > > May 18 13:47:10 httpd.webservices(9990) WARN: Unable to perform RADIUS > Disconnect-Request: No answer from 192.168.199.101 on port 3799 at > /usr/local/pf/lib/pf/util/radius.pm line 145. (pf::Switch::__ANON__) > > > > Switch config is: > > [192.168.196.13] > > mode=production > > description=WLC > > type=Cisco::WLC_5500 > > RoleMap=N > > controllerIp=192.168.199.101 > > controllerPort=1700 > > > > Cheers, > > Andi > > > > *From:*Morris, Andi [mailto:[email protected]] > *Sent:* 18 May 2015 10:50 > *To:* '[email protected]' > *Subject:* Re: [PacketFence-users] radius disconnect in Cisco WLC > > > > Hi, > > Yes I can ping the management interface of the WLC from the PF box. > > > > Still struggling to get any usable debug information from the WLC. > > > > Cheers, > > Andi > > > > *From:*Fletcher Haynes [mailto:[email protected]] > *Sent:* 15 May 2015 16:44 > *To:* [email protected] > <mailto:[email protected]> > *Subject:* Re: [PacketFence-users] radius disconnect in Cisco WLC > > > > I can confirm RADIUS disconnect works on WiSM 2s, with various > software versions from 7.x to 8.x.... > > Can you ping the WLC management IP from your PF box? > > > > On Fri, May 15, 2015 at 7:35 AM, Morris, Andi > <[email protected] <mailto:[email protected]>> wrote: > > Hi all, > > A while back I remember that there was an issue with Cisco WLC > controllers not behaving when PF sends a radius disconnect message to > them. Does anybody know if this was ever resolved by Cisco, or has a > work around been found? I have 5.0.1 in dev at the moment, using a > Cisco WLC 5760 (version 03.06.01E RELEASE SOFTWARE (fc3)). When > unregistering devices from my nodes tab I see the following in > packetfence.log: > > > > May 15 14:51:23 httpd.webservices(4941) WARN: Unable to perform RADIUS > Disconnect-Request: No answer from 192.168.196.13 on port 3799 at > /usr/local/pf/lib/pf/util/radius.pm <http://radius.pm> line 145. > (pf::Switch::__ANON__) > > May 15 14:51:33 httpd.webservices(4941) WARN: Unable to perform RADIUS > Disconnect-Request: Timeout waiting for a reply from 192.168.196.13 on > port 3799 at /usr/local/pf/lib/pf/util/radius.pm <http://radius.pm> > line 163. (pf::Switch::__ANON__) > > May 15 14:51:33 httpd.webservices(4941) ERROR: Wrong RADIUS secret or > unreachable network device... (pf::Switch::__ANON__) > > > > I have RFC 3576 support enabled on the WLC. > > > > Cheers, > > Andi > > > > ------------------------------------- > > Andi Morris > > IT Security Officer > Cardiff Metropolitan University > > T: 02920 205720 > E: [email protected] <mailto:[email protected]> > > -------------------------------------- > > > > ------------------------------------------------------------------------ > > > Image removed by sender. Cardiff Metropolitan University - 150 years > of nurturing talent <http://www.cardiffmet.ac.uk/cardiffmet150> > > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > _______________________________________________ > PacketFence-users mailing list > [email protected] > <mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > > -- > > Fletcher Haynes <[email protected] <mailto:[email protected]>> > > Systems Administrator/Network Services Consultant > > Willamette Integrated Technology Services > > Willamette University, Salem, OR > > Phone: 503.370.6016 > > > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
0xF78F957E.asc
Description: application/pgp-keys
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
