Hello Abdelghafour,
Can you paste the switch port configuration where packetfence has been
plugged ?
The result of: ifconfig
If you use "tcpdump -i eth0.2" do you have traffic ?
Regards
Fabrice
Le 2015-06-17 20:56, Abdelghafour Rakhma a écrit :
Can Someone help! I'm really stuck here..!
Regards
On Tue, Jun 16, 2015 at 4:16 PM, Abdelghafour Rakhma
<rakhma.abdelghaf...@gmail.com <mailto:rakhma.abdelghaf...@gmail.com>>
wrote:
Hello Again!
in PF 5.1.0 when I plug a device in the switch where i've
configured mab and 802.1X MAC auth! the port is set on VLAN 2
(registration) but Nothing happens after!
like if the eth0.2 isn't listening or I don't know! no DHCP
request is answered
I've tried to set the port to vlan 2 manually and set a static ip
address to the device in the, but it's stuck there, no captive
portal no nothing...
I'll attach the log files and the switch port config! hopping for
a quick answer!
And thanks in advance.
Best regards
pfdhcplistener.log:
Jun 16 09:32:26 pfdhcplistener(3553) INFO: pfdhcplistener_eth0.2
starting and writing 3556 to
/usr/local/pf/var/run/pfdhcplistener_eth0.2.pid
(pf::services::util::createpid)
Jun 16 09:32:26 pfdhcplistener(3553) INFO: DHCP detector on eth0.2
enabled (main::)
Jun 16 09:32:27 pfdhcplistener(3560) INFO: pfdhcplistener_eth0.3
starting and writing 3563 to
/usr/local/pf/var/run/pfdhcplistener_eth0.3.pid
(pf::services::util::createpid)
Jun 16 09:32:27 pfdhcplistener(3560) INFO: DHCP detector on eth0.3
enabled (main::)
Jun 16 09:32:29 pfdhcplistener(3566) INFO: pfdhcplistener_eth0
starting and writing 3569 to
/usr/local/pf/var/run/pfdhcplistener_eth0.pid
(pf::services::util::createpid)
Jun 16 09:32:29 pfdhcplistener(3566) WARN: Unable to open VLAN
proc description for eth0: Aucun fichier ou dossier de ce type
(pf::util::get_vlan_from_int)
Jun 16 09:32:29 pfdhcplistener(3566) INFO: DHCP detector on eth0
enabled (main::)
===========================================================================
packetfence.log:
Jun 16 09:38:15 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] handling
radius autz request: from switch_ip => (192.168.0.254),
connection_type => WIRED_MAC_AUTH,switch_mac =>
(f4:7f:35:2d:55:0e), mac => [00:25:64:ab:a0:ac], port => 10014,
username => "002564aba0ac" (pf::radius::authorize)
Jun 16 09:38:15 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] is of
status unreg; belongs into registration VLAN
(pf::vlan::getRegistrationVlan)
Jun 16 09:38:15 httpd.aaa(3479) WARN: Role-based Network Access
Control is not supported on network device type
pf::Switch::Cisco::Catalyst_2960.
(pf::Switch::supportsRoleBasedEnforcement)
Jun 16 09:38:15 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac]
(192.168.0.254) Returning ACCEPT with VLAN 2 and role
(pf::Switch::Cisco::Catalyst_2960::returnRadiusAccessAccept)
Jun 16 09:41:23 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] handling
radius autz request: from switch_ip => (192.168.0.254),
connection_type => WIRED_MAC_AUTH,switch_mac =>
(f4:7f:35:2d:55:0e), mac => [00:25:64:ab:a0:ac], port => 10014,
username => "002564aba0ac" (pf::radius::authorize)
Jun 16 09:41:23 httpd.aaa(3479) INFO: [00:25:64:ab:a0:ac] is of
status unreg; belongs into registration VLAN
(pf::vlan::getRegistrationVlan)
Jun 16 09:41:23 httpd.aaa(3479) WARN: Role-based Network Access
Control is not supported on network device type
pf::Switch::Cisco::Catalyst_2960.
(pf::Switch::supportsRoleBasedEnforcement)
@
============================================================================
/pf/var/conf/dhcpd.conf :
omapi-port 7911;
key pf_omapi_key {
algorithm HMAC-MD5;
secret "Zop2OvYAwVao7hTz+kBx/w==";
};
omapi-key pf_omapi_key;
subnet 192.168.3.0 netmask 255.255.255.0 {
option routers 192.168.3.1;
option subnet-mask 255.255.255.0;
option domain-name "vlan-isolation.fssm.local";
option domain-name-servers 192.168.3.1;
range 192.168.3.100 192.168.3.200;
default-lease-time 30;
max-lease-time 30;
}
subnet 192.168.2.0 netmask 255.255.255.0 {
option routers 192.168.2.1;
option subnet-mask 255.255.255.0;
option domain-name "vlan-registration.fssm.local";
option domain-name-servers 192.168.2.1;
range 192.168.2.100 192.168.2.200;
default-lease-time 30;
max-lease-time 30;
}
============================================================================
networks.conf:
[192.168.2.0]
dns=192.168.2.1
dhcp_start=192.168.2.100
gateway=192.168.2.1
domain-name=vlan-registration.fssm.local
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=30
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.2.200
type=vlan-registration
netmask=255.255.255.0
dhcp_default_lease_time=30
[192.168.3.0]
dns=192.168.3.1
dhcp_start=192.168.3.100
gateway=192.168.3.1
domain-name=vlan-isolation.fssm.local
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=30
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.3.200
type=vlan-isolation
netmask=255.255.255.0
dhcp_default_lease_time=30
========================================================================
My Cisco 2960 configuration:
interface FastEthernet0/1
switchport mode trunk
!
!
interface FastEthernet0/12
!
interface FastEthernet0/13
description NAC_controlled
switchport mode access
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
switchport port-security
authentication order mab dot1x
authentication priority mab dot1x
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 10800
mab
mls qos trust cos
no snmp trap link-status
dot1x pae authenticator
dot1x timeout quiet-period 2
dot1x timeout tx-period 3
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
spanning-tree guard loop
!
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
