Hello Mohan, > The reason why I didn't opted for Radius is, I would like to use existing > Microsoft NPS radius for authentication. But iam not getting proper > documentation to configure that to talk with packetfence for authenticating > and role assignment. Could you please share me if you have documents.
If I understand correctly, you want to users to authenticate at connection time using 802.1X with your existing Microsoft NPS right ? What we can do is the following: - Have the network equipment configured to point to PacketFence for RADIUS 802.1x. - Configure your existing Microsoft NPS as a RADIUS proxy in PacketFence. - All authentication would go to PacketFence which will proxy them to Microsoft NPS - PacketFence will get the Microsoft NPS answer, then based on that answer, will return a Reject or an Access with the VLAN/ Roles attributes. That would be the way I’ll do it with RADIUS. That, of course, implies that connecting devices does have a WPA supplicant. Cheers! dw. — Derek Wuelfrath [email protected] :: www.inverse.ca +1.514.447.4918 (x110) :: +1.866.353.6153 (x110) Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) > On Aug 3, 2015, at 10:59, Mohanram <[email protected]> wrote: > > Hello Fabrice, > > I used the configuration mentioned in packetfence documentation, I believe > that is MAC security. > > snmp-server authentication-trap disable > snmp-server host 192.168.1.5 "public" > snmp trap link-status port 1-24 disable > no mac-security mac-address-table > interface FastEthernet ALL > mac-security port ALL disable > mac-security port 1-24 enable > default mac-security auto-learning port ALL max-addrs > exit > mac-security enable > mac-security snmp-lock disable > mac-security intrusion-detect disable > mac-security filtering enable > mac-security snmp-trap enable > mac-security auto-learning aging-time 60 > mac-security learning-ports NONE > mac-security learning disable > VoIPsupport > YouneedtoensurethatallyourportsaretaggedwiththevoiceVLAN.Theswitchshoulddoth > e > restforyou. > vlan create 6 name "Telephone" type port learning ivl > vlan members 6 1-20,23-24 > > > The reason why I didn't opted for Radius is, I would like to use existing > Microsoft NPS radius for authentication. But iam not getting proper > documentation to configure that to talk with packetfence for authenticating > and role assignment. Could you please share me if you have documents. > > Thanks > Mohan > > -----Original Message----- > From: Fabrice DURAND [mailto:[email protected]] > Sent: Friday, July 31, 2015 3:37 PM > To: Mohanram <[email protected]>; > [email protected] > Subject: Re: [PacketFence-users] first board index error in Nortel 2526T-PWR > switch > > Hello Mohanram, > > port sec doesn't work very well because of the borad index. > Don't you want to try mac-auth/802.1x ? > > I did a new branch on github and it works very well on my side. > https://github.com/inverse-inc/packetfence/compare/feature/avaya_radius > > regards > Fabrice > > Le 2015-07-31 09:27, Mohanram a écrit : >> Hello Fdurand, >> >> Yes I used avaya ERS 2500 while creating switch, still I get similar >> error logs >> >> Jul 30 12:13:37 pfsetvlan(6) WARN: Trap ifIndex is invalid. Should >> this switch be factory-reset? See Nortel's BayStack Stacking issues in >> module documentation for more information. >> (pf::Switch::Avaya::parseTrap) Jul 30 >> 12:13:37 pfsetvlan(6) ERROR: Use of uninitialized value $trapVlan in >> concatenation (.) or string at /usr/local/pf/sbin/pfsetvlan line 730. >> (main::parseTrap) >> Jul 30 12:13:37 pfsetvlan(6) ERROR: Use of uninitialized value in >> pattern match (m//) at /usr/local/pf/lib/pf/Switch/Avaya.pm line 120. >> (pf::Switch::Avaya::getBoardPortFromIfIndex) >> Jul 30 12:13:37 pfsetvlan(6) ERROR: Use of uninitialized value >> $portIndx in concatenation (.) or string at >> /usr/local/pf/lib/pf/Switch/Nortel.pm line 706. >> (pf::Switch::Nortel::isPortSecurityEnabled) >> Jul 30 12:13:37 pfsetvlan(4) WARN: unable to parse trapLine.. here's >> the >> line: 172.16.210.40||secureMacAddrViolation|||58:16:26:bf:e8:d2|||| >> (main::startTrapHandlers) Jul 30 12:13:37 pfsetvlan(4) INFO: nb of >> items in >> queue: 1; nb of threads running: 0 (main::startTrapHandlers) Jul 30 >> 12:13:37 >> pfsetvlan(4) INFO: Memory configuration is not valid anymore for key >> config::Switch in local cached_hash (pfconfig::cached::is_valid) Jul >> 30 >> 12:13:37 pfsetvlan(4) ERROR: Use of uninitialized value $ifType in >> numeric eq (==) at /usr/local/pf/lib/pf/vlan.pm line 170. >> (pf::vlan::doWeActOnThisTrap) >> Jul 30 12:13:37 pfsetvlan(4) ERROR: Use of uninitialized value $ifType >> in numeric eq (==) at /usr/local/pf/lib/pf/vlan.pm line 170. >> (pf::vlan::doWeActOnThisTrap) >> Jul 30 12:13:37 pfsetvlan(4) INFO: secureMacAddrViolation trap >> received on >> (172.16.210.40) ifindex which is not ethernetCsmacd >> (pf::vlan::doWeActOnThisTrap) Jul 30 12:13:37 pfsetvlan(4) INFO: >> doWeActOnThisTrap returns false. Stop secureMacAddrViolation handling >> (main::handleTrap) Jul 30 12:13:37 pfsetvlan(4) INFO: finished >> (main::cleanupAfterThread) >> >> Thanks >> Mohan >> >> > > > -- > Fabrice Durand > [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse > inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > > ------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
