Can Someone help! I'm really stuck here..! Regards
On Tue, Jun 16, 2015 at 4:16 PM, Abdelghafour Rakhma < [email protected]> wrote: > Hello Again! > in PF 5.1.0 when I plug a device in the switch where i've configured mab > and 802.1X MAC auth! the port is set on VLAN 2 (registration) but Nothing > happens after! > like if the eth0.2 isn't listening or I don't know! no DHCP request is > answered > > I've tried to set the port to vlan 2 manually and set a static ip address > to the device in the, but it's stuck there, no captive portal no nothing... > > I'll attach the log files and the switch port config! hopping for a quick > answer! > And thanks in advance. > Best regards > > pfdhcplistener.log: > > Jun 16 09:32:26 pfdhcplistener(3553) INFO: pfdhcplistener_eth0.2 starting > and writing 3556 to /usr/local/pf/var/run/pfdhcplistener_eth0.2.pid > (pf::services::util::createpid) > Jun 16 09:32:26 pfdhcplistener(3553) INFO: DHCP detector on eth0.2 enabled > (main::) > Jun 16 09:32:27 pfdhcplistener(3560) INFO: pfdhcplistener_eth0.3 starting > and writing 3563 to /usr/local/pf/var/run/pfdhcplistener_eth0.3.pid > (pf::services::util::createpid) > Jun 16 09:32:27 pfdhcplistener(3560) INFO: DHCP detector on eth0.3 enabled > (main::) > Jun 16 09:32:29 pfdhcplistener(3566) INFO: pfdhcplistener_eth0 starting > and writing 3569 to /usr/local/pf/var/run/pfdhcplistener_eth0.pid > (pf::services::util::createpid) > Jun 16 09:32:29 pfdhcplistener(3566) WARN: Unable to open VLAN proc > description for eth0: Aucun fichier ou dossier de ce type > (pf::util::get_vlan_from_int) > Jun 16 09:32:29 pfdhcplistener(3566) INFO: DHCP detector on eth0 enabled > (main::) > =========================================================================== > packetfence.log: > Jun 16 09:38:15 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] handling radius > autz request: from switch_ip => (192.168.0.254), connection_type => > WIRED_MAC_AUTH,switch_mac => (f4:7f:35:2d:55:0e), mac => > [00:25:64:ab:a0:ac], port => 10014, username => "002564aba0ac" > (pf::radius::authorize) > Jun 16 09:38:15 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] is of status > unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan) > Jun 16 09:38:15 httpd.aaa(3479) WARN: Role-based Network Access Control is > not supported on network device type pf::Switch::Cisco::Catalyst_2960. > (pf::Switch::supportsRoleBasedEnforcement) > Jun 16 09:38:15 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] (192.168.0.254) > Returning ACCEPT with VLAN 2 and role > (pf::Switch::Cisco::Catalyst_2960::returnRadiusAccessAccept) > Jun 16 09:41:23 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] handling radius > autz request: from switch_ip => (192.168.0.254), connection_type => > WIRED_MAC_AUTH,switch_mac => (f4:7f:35:2d:55:0e), mac => > [00:25:64:ab:a0:ac], port => 10014, username => "002564aba0ac" > (pf::radius::authorize) > Jun 16 09:41:23 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] is of status > unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan) > Jun 16 09:41:23 httpd.aaa(3479) WARN: Role-based Network Access Control is > not supported on network device type pf::Switch::Cisco::Catalyst_2960. > (pf::Switch::supportsRoleBasedEnforcement) > @ > > ============================================================================ > /pf/var/conf/dhcpd.conf : > > omapi-port 7911; > key pf_omapi_key { > algorithm HMAC-MD5; > secret "Zop2OvYAwVao7hTz+kBx/w=="; > }; > omapi-key pf_omapi_key; > > > > > subnet 192.168.3.0 netmask 255.255.255.0 { > option routers 192.168.3.1; > option subnet-mask 255.255.255.0; > option domain-name "vlan-isolation.fssm.local"; > option domain-name-servers 192.168.3.1; > range 192.168.3.100 192.168.3.200; > default-lease-time 30; > max-lease-time 30; > } > subnet 192.168.2.0 netmask 255.255.255.0 { > option routers 192.168.2.1; > option subnet-mask 255.255.255.0; > option domain-name "vlan-registration.fssm.local"; > option domain-name-servers 192.168.2.1; > range 192.168.2.100 192.168.2.200; > default-lease-time 30; > max-lease-time 30; > } > > ============================================================================ > networks.conf: > > [192.168.2.0] > dns=192.168.2.1 > dhcp_start=192.168.2.100 > gateway=192.168.2.1 > domain-name=vlan-registration.fssm.local > nat_enabled=disabled > named=enabled > dhcp_max_lease_time=30 > fake_mac_enabled=disabled > dhcpd=enabled > dhcp_end=192.168.2.200 > type=vlan-registration > netmask=255.255.255.0 > dhcp_default_lease_time=30 > > [192.168.3.0] > dns=192.168.3.1 > dhcp_start=192.168.3.100 > gateway=192.168.3.1 > domain-name=vlan-isolation.fssm.local > nat_enabled=disabled > named=enabled > dhcp_max_lease_time=30 > fake_mac_enabled=disabled > dhcpd=enabled > dhcp_end=192.168.3.200 > type=vlan-isolation > netmask=255.255.255.0 > dhcp_default_lease_time=30 > ======================================================================== > My Cisco 2960 configuration: > > interface FastEthernet0/1 > switchport mode trunk > > ! > ! > interface FastEthernet0/12 > ! > interface FastEthernet0/13 > description NAC_controlled > switchport mode access > switchport port-security maximum 2 > switchport port-security maximum 1 vlan access > switchport port-security > authentication order mab dot1x > authentication priority mab dot1x > authentication port-control auto > authentication periodic > authentication timer restart 10800 > authentication timer reauthenticate 10800 > mab > mls qos trust cos > no snmp trap link-status > dot1x pae authenticator > dot1x timeout quiet-period 2 > dot1x timeout tx-period 3 > spanning-tree portfast > spanning-tree bpdufilter enable > spanning-tree bpduguard enable > spanning-tree guard loop > ! > >
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
