Hello Again!
in PF 5.1.0 when I plug a device in the switch where i've configured mab
and 802.1X MAC auth! the port is set on VLAN 2 (registration) but Nothing
happens after!
like if the eth0.2 isn't listening or I don't know! no DHCP request is
answered
I've tried to set the port to vlan 2 manually and set a static ip address
to the device in the, but it's stuck there, no captive portal no nothing...
I'll attach the log files and the switch port config! hopping for a quick
answer!
And thanks in advance.
Best regards
pfdhcplistener.log:
Jun 16 09:32:26 pfdhcplistener(3553) INFO: pfdhcplistener_eth0.2 starting
and writing 3556 to /usr/local/pf/var/run/pfdhcplistener_eth0.2.pid
(pf::services::util::createpid)
Jun 16 09:32:26 pfdhcplistener(3553) INFO: DHCP detector on eth0.2 enabled
(main::)
Jun 16 09:32:27 pfdhcplistener(3560) INFO: pfdhcplistener_eth0.3 starting
and writing 3563 to /usr/local/pf/var/run/pfdhcplistener_eth0.3.pid
(pf::services::util::createpid)
Jun 16 09:32:27 pfdhcplistener(3560) INFO: DHCP detector on eth0.3 enabled
(main::)
Jun 16 09:32:29 pfdhcplistener(3566) INFO: pfdhcplistener_eth0 starting and
writing 3569 to /usr/local/pf/var/run/pfdhcplistener_eth0.pid
(pf::services::util::createpid)
Jun 16 09:32:29 pfdhcplistener(3566) WARN: Unable to open VLAN proc
description for eth0: Aucun fichier ou dossier de ce type
(pf::util::get_vlan_from_int)
Jun 16 09:32:29 pfdhcplistener(3566) INFO: DHCP detector on eth0 enabled
(main::)
===========================================================================
packetfence.log:
Jun 16 09:38:15 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] handling radius
autz request: from switch_ip => (192.168.0.254), connection_type =>
WIRED_MAC_AUTH,switch_mac => (f4:7f:35:2d:55:0e), mac =>
[00:25:64:ab:a0:ac], port => 10014, username => "002564aba0ac"
(pf::radius::authorize)
Jun 16 09:38:15 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] is of status
unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Jun 16 09:38:15 httpd.aaa(3479) WARN: Role-based Network Access Control is
not supported on network device type pf::Switch::Cisco::Catalyst_2960.
(pf::Switch::supportsRoleBasedEnforcement)
Jun 16 09:38:15 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] (192.168.0.254)
Returning ACCEPT with VLAN 2 and role
(pf::Switch::Cisco::Catalyst_2960::returnRadiusAccessAccept)
Jun 16 09:41:23 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] handling radius
autz request: from switch_ip => (192.168.0.254), connection_type =>
WIRED_MAC_AUTH,switch_mac => (f4:7f:35:2d:55:0e), mac =>
[00:25:64:ab:a0:ac], port => 10014, username => "002564aba0ac"
(pf::radius::authorize)
Jun 16 09:41:23 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] is of status
unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Jun 16 09:41:23 httpd.aaa(3479) WARN: Role-based Network Access Control is
not supported on network device type pf::Switch::Cisco::Catalyst_2960.
(pf::Switch::supportsRoleBasedEnforcement)
@
============================================================================
/pf/var/conf/dhcpd.conf :
omapi-port 7911;
key pf_omapi_key {
algorithm HMAC-MD5;
secret "Zop2OvYAwVao7hTz+kBx/w==";
};
omapi-key pf_omapi_key;
subnet 192.168.3.0 netmask 255.255.255.0 {
option routers 192.168.3.1;
option subnet-mask 255.255.255.0;
option domain-name "vlan-isolation.fssm.local";
option domain-name-servers 192.168.3.1;
range 192.168.3.100 192.168.3.200;
default-lease-time 30;
max-lease-time 30;
}
subnet 192.168.2.0 netmask 255.255.255.0 {
option routers 192.168.2.1;
option subnet-mask 255.255.255.0;
option domain-name "vlan-registration.fssm.local";
option domain-name-servers 192.168.2.1;
range 192.168.2.100 192.168.2.200;
default-lease-time 30;
max-lease-time 30;
}
============================================================================
networks.conf:
[192.168.2.0]
dns=192.168.2.1
dhcp_start=192.168.2.100
gateway=192.168.2.1
domain-name=vlan-registration.fssm.local
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=30
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.2.200
type=vlan-registration
netmask=255.255.255.0
dhcp_default_lease_time=30
[192.168.3.0]
dns=192.168.3.1
dhcp_start=192.168.3.100
gateway=192.168.3.1
domain-name=vlan-isolation.fssm.local
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=30
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.3.200
type=vlan-isolation
netmask=255.255.255.0
dhcp_default_lease_time=30
========================================================================
My Cisco 2960 configuration:
interface FastEthernet0/1
switchport mode trunk
!
!
interface FastEthernet0/12
!
interface FastEthernet0/13
description NAC_controlled
switchport mode access
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
switchport port-security
authentication order mab dot1x
authentication priority mab dot1x
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 10800
mab
mls qos trust cos
no snmp trap link-status
dot1x pae authenticator
dot1x timeout quiet-period 2
dot1x timeout tx-period 3
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
spanning-tree guard loop
!
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
