Hi, Yes, I can ping and also can ssh connection from pf server (10.1.2.28) to juniper switch (10.1.32.245). Please specify if any configuration file should I provide for troubleshooting.
Thank you, ------ Regards, Kishore Thapa System Administrator, The Village, United Distribution Nepal Pvt.Ltd., Trade Tower Thapathali -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Friday, July 24, 2015 6:24 PM To: [email protected] Subject: PacketFence-users Digest, Vol 87, Issue 62 Send PacketFence-users mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/packetfence-users or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of PacketFence-users digest..." Today's Topics: 1. 3. Re: pf server and juniper switch communication (Kishore) 2. Re: 3. Re: pf server and juniper switch communication (Durand fabrice) 3. Change IP Address for RADIUS CoA Messages (Michael Stone) ---------------------------------------------------------------------- Message: 1 Date: Thu, 23 Jul 2015 21:19:48 +0545 From: "Kishore" <[email protected]> Subject: [PacketFence-users] 3. Re: pf server and juniper switch communication To: <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" Hi Fabrice, Yes, there is an interface between vlan 11 and juniper switch. Thank you, ------ Regards, Kishore Thapa System Administrator, The Village, United Distribution Nepal Pvt.Ltd., Trade Tower Thapathali -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Thursday, July 23, 2015 6:12 PM To: [email protected] Subject: PacketFence-users Digest, Vol 87, Issue 59 Send PacketFence-users mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/packetfence-users or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of PacketFence-users digest..." Today's Topics: 1. pf server and juniper switch communication (Kishore) 2. Re: Rate limiting / Throttling (Fabrice DURAND) 3. Re: pf server and juniper switch communication (Fabrice DURAND) ---------------------------------------------------------------------- Message: 1 Date: Thu, 23 Jul 2015 12:30:32 +0545 From: "Kishore" <[email protected]> Subject: [PacketFence-users] pf server and juniper switch communication To: <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" Hi all, I have installed packetfence server in a VM of zen host. I have installed packetfence version 5.2 and ip address use for the server is 10.1.2.28. the content of pf.conf is as follows:- [interface eth0.10] enforcement=inlinel2 ip=192.168.10.1 type=internal mask=255.255.255.0 [interface eth0.11] ip=10.1.2.28 type=management,high-availability mask=255.255.255.240 [interface eth0.132] enforcement=vlan ip=192.168.132.1 type=internal mask=255.255.255.0 [interface eth0.12] ip=192.168.12.1 type=portal mask=255.255.255.0 [interface eth0.13] enforcement=vlan ip=192.168.13.1 type=internal mask=255.255.255.0 and the content of switch.conf is [10.1.32.245] RoleMap=N mode=registration VlanMap=N AccessListMap=N description=Juniper Ex 2200 type=Juniper::EX2200 VoIPEnabled=N uplink_dynamic=0 uplink=1 inlineTrigger=always::1 and i have a juniper ex 2200 switch. i have configure juniper to start getting a copy of all the DHCP traffic and start populating its database. So i use below command The IP address of switch is 10.1.32.245 and I can ping and ssh to switch from pf server. forwarding-options { helpers { bootp { server 10.1.2.28; Now i can see some Mac addresses in juniper switch port ge-0/0/2 but it not being forwarde to the Nodes of packetfence. #run show ethernet-switching table Ethernet-switching table: 27 entries, 26 learned, 0 persistent entries VLAN MAC address Type Age Interfaces default * Flood - All-members default 00:03:0f:10:3e:a3 Learn 0 ge-0/0/2.0 default 00:03:0f:12:18:1a Learn 33 ge-0/0/2.0 default 00:0c:29:fc:c5:b9 Learn 0 ge-0/0/2.0 default 00:0e:5e:14:f2:7a Learn 0 ge-0/0/2.0 default 00:0e:5e:15:13:2a Learn 0 ge-0/0/2.0 default 00:15:65:46:83:f3 Learn 51 ge-0/0/4.0 default 00:1a:64:94:06:a8 Learn 4:44 ge-0/0/2.0 default 00:e0:2b:00:00:01 Learn 1:06 ge-0/0/2.0 default 00:e0:4c:41:05:77 Learn 1:03 ge-0/0/2.0 default 00:e0:4c:50:ae:9a Learn 0 ge-0/0/2.0 default 00:e0:4c:80:a3:57 Learn 0 ge-0/0/2.0 default 08:86:3b:8d:e8:b3 Learn 51 ge-0/0/2.0 default 10:78:d2:81:8e:51 Learn 54 ge-0/0/2.0 default 14:f6:5a:ee:7f:fa Learn 0 ge-0/0/2.0 default 3c:61:04:6a:e7:c1 Learn 0 ge-0/0/2.0 default 3c:61:04:fa:9f:c1 Learn 0 ge-0/0/2.0 default 9c:4e:20:2e:92:8d Learn 0 ge-0/0/2.0 default 9c:4e:20:2e:92:98 Learn 0 ge-0/0/2.0 default 9c:ad:97:6b:27:b5 Learn 0 ge-0/0/2.0 default b0:00:b4:0e:ee:80 Learn 0 ge-0/0/2.0 default bc:5f:f4:bf:95:95 Learn 1:27 ge-0/0/2.0 default bc:67:1c:c8:26:ac Learn 1:35 ge-0/0/2.0 default bc:67:1c:c8:26:ae Learn 41 ge-0/0/2.0 default cc:e1:7f:8c:06:18 Learn 0 ge-0/0/2.0 default cc:e1:7f:8c:b1:ff Learn 0 ge-0/0/22.0 default dc:85:de:32:e1:9d Learn 0 ge-0/0/2.0 I am not able to communicate between switch and the packetfence server. Can anybody help me? Thank you, ------ Regards, Kishore Thapa System Administrator, The Village, United Distribution Nepal Pvt.Ltd., Trade Tower Thapathali ********************************* ------------------------------ Message: 2 Date: Thu, 23 Jul 2015 08:25:30 -0400 From: Fabrice DURAND <[email protected]> Subject: Re: [PacketFence-users] Rate limiting / Throttling To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1252" >From the prompt, there is no configuration file yet. Regards Fabrice Le 2015-07-23 05:01, Andy A a ?crit : > Great, you guys are using tc too! That's perfect. I read the PDF, but > it wasn't clear where exactly am I applying the tc rules or which > configuration file? > Can you tell me? > > ------------------------------------------------------------------------ > Date: Wed, 22 Jul 2015 19:16:07 -0400 > From: [email protected] > To: [email protected] > Subject: Re: [PacketFence-users] Rate limiting / Throttling > > Hi Andy, > > check that > http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Inline_Depl oyment_Quick_Guide_ZEN-5.3.0.pdf > (Traffic shaping) > > Regards > Fabrice > > > Le 2015-07-22 19:09, Andy A a ?crit : > > I am using PF 5.2.0 on CentOS 6.6 in inline mode. > > 1. Can PF do rate limiting or throttling / bandwidth shaping for a > connected client device i.e. on a per user/device basis? > 2. If so, how do I do it? > 3. If not, what are my best options to implement something like > this? One option could be through tc? > > > ---------------------------------------------------------------------------- -- > > > > _______________________________________________ > PacketFence-users mailing list > [email protected] <mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > ---------------------------------------------------------------------------- -- > _______________________________________________ PacketFence-users > mailing list [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > ---------------------------------------------------------------------------- -- > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) -------------- next part -------------- An HTML attachment was scrubbed... -------------- next part -------------- A non-text attachment was scrubbed... Name: 0xF78F957E.asc Type: application/pgp-keys Size: 3108 bytes Desc: not available ------------------------------ Message: 3 Date: Thu, 23 Jul 2015 08:26:49 -0400 From: Fabrice DURAND <[email protected]> Subject: Re: [PacketFence-users] pf server and juniper switch communication To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset="windows-1252" Do you have an interface in the vlan 11 for juniper switch ? Regards Fabrice Le 2015-07-23 02:45, Kishore a ?crit : > Hi all, > > I have installed packetfence server in a VM of zen host. I have installed > packetfence version 5.2 and ip address use for the server is 10.1.2.28. > the content of pf.conf is as follows:- > > [interface eth0.10] > enforcement=inlinel2 > ip=192.168.10.1 > type=internal > mask=255.255.255.0 > > [interface eth0.11] > ip=10.1.2.28 > type=management,high-availability > mask=255.255.255.240 > > [interface eth0.132] > enforcement=vlan > ip=192.168.132.1 > type=internal > mask=255.255.255.0 > > [interface eth0.12] > ip=192.168.12.1 > type=portal > mask=255.255.255.0 > > [interface eth0.13] > enforcement=vlan > ip=192.168.13.1 > type=internal > mask=255.255.255.0 > > > and the content of switch.conf is > > [10.1.32.245] > RoleMap=N > mode=registration > VlanMap=N > AccessListMap=N > description=Juniper Ex 2200 > type=Juniper::EX2200 > VoIPEnabled=N > uplink_dynamic=0 > uplink=1 > inlineTrigger=always::1 > > and i have a juniper ex 2200 switch. i have configure juniper to start > getting a copy of all the DHCP traffic and start populating its database. So > i use below command > The IP address of switch is 10.1.32.245 and I can ping and ssh to switch > from pf server. > > forwarding-options { > helpers { > bootp { > server 10.1.2.28; > > > Now i can see some Mac addresses in juniper switch port ge-0/0/2 but it not > being forwarde to the Nodes of packetfence. > > #run show ethernet-switching table > Ethernet-switching table: 27 entries, 26 learned, 0 persistent entries > VLAN MAC address Type Age Interfaces > default * Flood - All-members > default 00:03:0f:10:3e:a3 Learn 0 ge-0/0/2.0 > default 00:03:0f:12:18:1a Learn 33 ge-0/0/2.0 > default 00:0c:29:fc:c5:b9 Learn 0 ge-0/0/2.0 > default 00:0e:5e:14:f2:7a Learn 0 ge-0/0/2.0 > default 00:0e:5e:15:13:2a Learn 0 ge-0/0/2.0 > default 00:15:65:46:83:f3 Learn 51 ge-0/0/4.0 > default 00:1a:64:94:06:a8 Learn 4:44 ge-0/0/2.0 > default 00:e0:2b:00:00:01 Learn 1:06 ge-0/0/2.0 > default 00:e0:4c:41:05:77 Learn 1:03 ge-0/0/2.0 > default 00:e0:4c:50:ae:9a Learn 0 ge-0/0/2.0 > default 00:e0:4c:80:a3:57 Learn 0 ge-0/0/2.0 > default 08:86:3b:8d:e8:b3 Learn 51 ge-0/0/2.0 > default 10:78:d2:81:8e:51 Learn 54 ge-0/0/2.0 > default 14:f6:5a:ee:7f:fa Learn 0 ge-0/0/2.0 > default 3c:61:04:6a:e7:c1 Learn 0 ge-0/0/2.0 > default 3c:61:04:fa:9f:c1 Learn 0 ge-0/0/2.0 > default 9c:4e:20:2e:92:8d Learn 0 ge-0/0/2.0 > default 9c:4e:20:2e:92:98 Learn 0 ge-0/0/2.0 > default 9c:ad:97:6b:27:b5 Learn 0 ge-0/0/2.0 > default b0:00:b4:0e:ee:80 Learn 0 ge-0/0/2.0 > default bc:5f:f4:bf:95:95 Learn 1:27 ge-0/0/2.0 > default bc:67:1c:c8:26:ac Learn 1:35 ge-0/0/2.0 > default bc:67:1c:c8:26:ae Learn 41 ge-0/0/2.0 > default cc:e1:7f:8c:06:18 Learn 0 ge-0/0/2.0 > default cc:e1:7f:8c:b1:ff Learn 0 ge-0/0/22.0 > default dc:85:de:32:e1:9d Learn 0 ge-0/0/2.0 > > I am not able to communicate between switch and the packetfence server. > > Can anybody help me? > > > > Thank you, > > ------ > Regards, > > Kishore Thapa > System Administrator, > The Village, > United Distribution Nepal Pvt.Ltd., > Trade Tower Thapathali > > > ********************************* > > > ---------------------------------------------------------------------------- -- > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) -------------- next part -------------- A non-text attachment was scrubbed... Name: 0xF78F957E.asc Type: application/pgp-keys Size: 3108 bytes Desc: not available ------------------------------ ---------------------------------------------------------------------------- -- ------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users End of PacketFence-users Digest, Vol 87, Issue 59 ************************************************* ------------------------------ Message: 2 Date: Thu, 23 Jul 2015 13:16:41 -0400 From: Durand fabrice <[email protected]> Subject: Re: [PacketFence-users] 3. Re: pf server and juniper switch communication To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset=windows-1252; format=flowed Ok so from packetfence are you able to ping 10.1.32.245 ? Le 2015-07-23 11:34, Kishore a ?crit : > Hi Fabrice, > > Yes, there is an interface between vlan 11 and juniper switch. > > Thank you, > > ------ > Regards, > > Kishore Thapa > System Administrator, > The Village, > United Distribution Nepal Pvt.Ltd., > Trade Tower Thapathali > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] > Sent: Thursday, July 23, 2015 6:12 PM > To: [email protected] > Subject: PacketFence-users Digest, Vol 87, Issue 59 > > Send PacketFence-users mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/packetfence-users > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of PacketFence-users digest..." > > > Today's Topics: > > 1. pf server and juniper switch communication (Kishore) > 2. Re: Rate limiting / Throttling (Fabrice DURAND) > 3. Re: pf server and juniper switch communication (Fabrice DURAND) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 23 Jul 2015 12:30:32 +0545 > From: "Kishore" <[email protected]> > Subject: [PacketFence-users] pf server and juniper switch > communication > To: <[email protected]> > Message-ID: <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > Hi all, > > I have installed packetfence server in a VM of zen host. I have installed > packetfence version 5.2 and ip address use for the server is 10.1.2.28. > the content of pf.conf is as follows:- > > [interface eth0.10] > enforcement=inlinel2 > ip=192.168.10.1 > type=internal > mask=255.255.255.0 > > [interface eth0.11] > ip=10.1.2.28 > type=management,high-availability > mask=255.255.255.240 > > [interface eth0.132] > enforcement=vlan > ip=192.168.132.1 > type=internal > mask=255.255.255.0 > > [interface eth0.12] > ip=192.168.12.1 > type=portal > mask=255.255.255.0 > > [interface eth0.13] > enforcement=vlan > ip=192.168.13.1 > type=internal > mask=255.255.255.0 > > > and the content of switch.conf is > > [10.1.32.245] > RoleMap=N > mode=registration > VlanMap=N > AccessListMap=N > description=Juniper Ex 2200 > type=Juniper::EX2200 > VoIPEnabled=N > uplink_dynamic=0 > uplink=1 > inlineTrigger=always::1 > > and i have a juniper ex 2200 switch. i have configure juniper to start > getting a copy of all the DHCP traffic and start populating its database. So > i use below command > The IP address of switch is 10.1.32.245 and I can ping and ssh to switch > from pf server. > > forwarding-options { > helpers { > bootp { > server 10.1.2.28; > > > Now i can see some Mac addresses in juniper switch port ge-0/0/2 but it not > being forwarde to the Nodes of packetfence. > > #run show ethernet-switching table > Ethernet-switching table: 27 entries, 26 learned, 0 persistent entries > VLAN MAC address Type Age Interfaces > default * Flood - All-members > default 00:03:0f:10:3e:a3 Learn 0 ge-0/0/2.0 > default 00:03:0f:12:18:1a Learn 33 ge-0/0/2.0 > default 00:0c:29:fc:c5:b9 Learn 0 ge-0/0/2.0 > default 00:0e:5e:14:f2:7a Learn 0 ge-0/0/2.0 > default 00:0e:5e:15:13:2a Learn 0 ge-0/0/2.0 > default 00:15:65:46:83:f3 Learn 51 ge-0/0/4.0 > default 00:1a:64:94:06:a8 Learn 4:44 ge-0/0/2.0 > default 00:e0:2b:00:00:01 Learn 1:06 ge-0/0/2.0 > default 00:e0:4c:41:05:77 Learn 1:03 ge-0/0/2.0 > default 00:e0:4c:50:ae:9a Learn 0 ge-0/0/2.0 > default 00:e0:4c:80:a3:57 Learn 0 ge-0/0/2.0 > default 08:86:3b:8d:e8:b3 Learn 51 ge-0/0/2.0 > default 10:78:d2:81:8e:51 Learn 54 ge-0/0/2.0 > default 14:f6:5a:ee:7f:fa Learn 0 ge-0/0/2.0 > default 3c:61:04:6a:e7:c1 Learn 0 ge-0/0/2.0 > default 3c:61:04:fa:9f:c1 Learn 0 ge-0/0/2.0 > default 9c:4e:20:2e:92:8d Learn 0 ge-0/0/2.0 > default 9c:4e:20:2e:92:98 Learn 0 ge-0/0/2.0 > default 9c:ad:97:6b:27:b5 Learn 0 ge-0/0/2.0 > default b0:00:b4:0e:ee:80 Learn 0 ge-0/0/2.0 > default bc:5f:f4:bf:95:95 Learn 1:27 ge-0/0/2.0 > default bc:67:1c:c8:26:ac Learn 1:35 ge-0/0/2.0 > default bc:67:1c:c8:26:ae Learn 41 ge-0/0/2.0 > default cc:e1:7f:8c:06:18 Learn 0 ge-0/0/2.0 > default cc:e1:7f:8c:b1:ff Learn 0 ge-0/0/22.0 > default dc:85:de:32:e1:9d Learn 0 ge-0/0/2.0 > > I am not able to communicate between switch and the packetfence server. > > Can anybody help me? > > > > Thank you, > > ------ > Regards, > > Kishore Thapa > System Administrator, > The Village, > United Distribution Nepal Pvt.Ltd., > Trade Tower Thapathali > > > ********************************* > > > > > ------------------------------ > > Message: 2 > Date: Thu, 23 Jul 2015 08:25:30 -0400 > From: Fabrice DURAND <[email protected]> > Subject: Re: [PacketFence-users] Rate limiting / Throttling > To: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset="windows-1252" > > >From the prompt, there is no configuration file yet. > > Regards > Fabrice > > Le 2015-07-23 05:01, Andy A a ?crit : >> Great, you guys are using tc too! That's perfect. I read the PDF, but >> it wasn't clear where exactly am I applying the tc rules or which >> configuration file? >> Can you tell me? >> >> ------------------------------------------------------------------------ >> Date: Wed, 22 Jul 2015 19:16:07 -0400 >> From: [email protected] >> To: [email protected] >> Subject: Re: [PacketFence-users] Rate limiting / Throttling >> >> Hi Andy, >> >> check that >> > http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Inline_Depl > oyment_Quick_Guide_ZEN-5.3.0.pdf >> (Traffic shaping) >> >> Regards >> Fabrice >> >> >> Le 2015-07-22 19:09, Andy A a ?crit : >> >> I am using PF 5.2.0 on CentOS 6.6 in inline mode. >> >> 1. Can PF do rate limiting or throttling / bandwidth shaping for a >> connected client device i.e. on a per user/device basis? >> 2. If so, how do I do it? >> 3. If not, what are my best options to implement something like >> this? One option could be through tc? >> >> >> > ---------------------------------------------------------------------------- > -- >> >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] > <mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >> >> > ---------------------------------------------------------------------------- > -- >> _______________________________________________ PacketFence-users >> mailing list [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >> > ---------------------------------------------------------------------------- > -- >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------ Message: 3 Date: Fri, 24 Jul 2015 12:01:04 +0000 From: Michael Stone <[email protected]> Subject: [PacketFence-users] Change IP Address for RADIUS CoA Messages To: "[email protected]" <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset=WINDOWS-1252 Hi all, I'm running a Ruckus ZoneDirector WLC behind a router on an internal, NAT'd IP address in our office. Our PacketFence server is on a totally separate network in our data centre. We are using WebAuth and authorization works perfectly but there is a problem with deauthorizing users. Looking at the RADIUS messages, during the accept operation the Ruckus ZD sends the internal IP address in the NAS-IP-Address field rather than the external IP address. When PF later tries to deauthorize a user, it sends the message to the internal IP address so the Ruckus ZD does not receive it. I've already talked with Ruckus but there is no way to configure the NAS-IP-Address. Is there any way to change the IP address that FreeRadius uses to send the CoA message? Thanks, Michael Invigor Group Limited is a company registered in Australia (ABN 75 081 368 274). This email and any attachments are intended solely for the use of the addressee(s) and may contain information that is confidential, subject to copyright and subject to legal professional privilege. If you have received this email in error, please notify the sender immediately, delete it and destroy all copies. Any views expressed are those of the individual sender unless expressly stated otherwise. In respect of this email and any attachments, to the extent permitted by law, no warranty is given and all liability is excluded,including, without limitation, liability for any loss or damage caused by way of computer virus, defect, delay, or interruption. ------------------------------ ---------------------------------------------------------------------------- -- ------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users End of PacketFence-users Digest, Vol 87, Issue 62 ************************************************* ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
