[PacketFence-users] Error in parsing of RADIUS VLAN entry

Wed, 15 Jul 2015 11:09:13 -0700 

Hello,

I'm working to fit Packetfence into a community college network as a NAC to 
manage wired devices. The install and basic configuration has been easy, but I 
have been unsuccessful at getting a working system with Brocade switches. Could 
anyone shed some light on this "Error in parsing of RADIUS VLAN entry"?

Platform VMware 6.x / CENTOS 6.6 x64 / Packetfence 5.2
Brocade 6450-48-POE on 8.30a (latest code -though I've tried the 7.x with no 
success)

Brocade Switch and Packetfence Roles
registration VLAN            101
isolation VLAN                   102
macDetection VLAN       103
inline VLAN                         104
voice VLAN                         105
default VLAN                     106

Brocade 6450 switch is configured 802.1x/MAC bypass via the network devices 
guide. Switch fails VLAN steer:

Debug dot1x output:
ICX6450-48P Router#[T:157274] [VLAN] [MGMT-POR] : 802.1X: vlan_name (String): 
101 is now converted to vlan id (Decimal): 101

Show log output:
Jan  1 04:22:18:A:MAC Authentication failed for [f0de.f170.1dc5 ] on port 
1/1/37 (Error in parsing of RADIUS VLAN entry)
Jan  1 04:22:18:I:System: Interface ethernet 1/1/37, state up
Jan  1 04:22:15:I:System: Interface ethernet 1/1/37, state down

Packetfence.log output:
ul 15 12:43:42 httpd.aaa(1968) INFO: [f0:de:f1:70:1d:c5] handling radius autz 
request: from switch_ip => (172.21.255.2), connection_type => 
WIRED_MAC_AUTH,switch_mac => (Unknown), mac => [f0:de:f1:70:1d:c5], port => 37, 
username => "f0def1701dc5" (pf::radius::authorize)
Jul 15 12:43:42 httpd.aaa(1968) INFO: [f0:de:f1:70:1d:c5] is of status unreg; 
belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Jul 15 12:43:42 httpd.aaa(1968) INFO: [f0:de:f1:70:1d:c5] Returning ACCEPT with 
VLAN: 101 (pf::Switch::Brocade::returnRadiusAccessAccept)

I have even tried a new packetfence install with the same results. It appears 
that Packetfence is returning the radius ACCEPT with vlan 101, but the switch 
will not correctly parse the reply. Any help?

Thanks,

Jason Guntharp


------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to