Hello Hubert, Can you post your switch configuration ?
Thanks, Ludovic Zammit [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: www.inverse.ca <http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > Le 2015-09-29 à 08:41, Hubert Kupper <[email protected]> a écrit : > > Hi Ludovic, > > I use an cisco 2960G Switch. > > Here is the output of tcpdump -i any port 3799: > > [root@pfence4 conf]# tcpdump -i any port 3799 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes > 08:12:17.134578 IP pfence4.test.uni-landau.de.38815 > > testswitch.test.uni-landau.de.radius-dynauth: UDP, length 92 > 08:12:17.140665 IP testswitch.test.uni-landau.de.radius-dynauth > > pfence4.test.uni-landau.de.38815: UDP, length 20 > 08:12:17.140665 IP testswitch.test.uni-landau.de.radius-dynauth > > pfence4.test.uni-landau.de.38815: UDP, length 20 > 08:15:44.705858 IP pfence4.test.uni-landau.de.40237 > > testswitch.test.uni-landau.de.radius-dynauth: UDP, length 92 > 08:15:44.711223 IP testswitch.test.uni-landau.de.radius-dynauth > > pfence4.test.uni-landau.de.40237: UDP, length 20 > 08:15:44.711223 IP testswitch.test.uni-landau.de.radius-dynauth > > pfence4.test.uni-landau.de.40237: UDP, length 20 > 08:26:59.235022 IP pfence4.test.uni-landau.de.58591 > > testswitch.test.uni-landau.de.radius-dynauth: UDP, length 92 > 08:26:59.241013 IP testswitch.test.uni-landau.de.radius-dynauth > > pfence4.test.uni-landau.de.58591: UDP, length 20 > 08:26:59.241013 IP testswitch.test.uni-landau.de.radius-dynauth > > pfence4.test.uni-landau.de.58591: UDP, length 20 > > Regards, Hubert > > Am 25.09.2015 um 19:24 schrieb Ludovic Zammit: >> Hubert, >> >> Which type of switch access point are you using ? >> >> If you are using radius for the deauthentication you should have configure >> the CoA on your device or check if your device support the Change of >> Authorization (CoA). >> >> You can check if the radius is reaching the PacketFence box using : >> >> - tcpdump -i any port 3799 (It’s very common to have the CoA on 3799) >> or >> - radsniff -p 3799 >> >> Thanks, >> Ludovic Zammit >> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: >> www.inverse.ca <http://www.inverse.ca/> >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >> <http://packetfence.org/>) >> >> >> >> >> >>> Le 2015-09-25 à 12:47, HK < >>> <mailto:[email protected]>[email protected] >>> <mailto:[email protected]>> a écrit : >>> >>> Hi Ludovic, >>> >>> the de-authentication method is radius. How can I check it? >>> >>> Regards, Hubert >>> >>> Am 25.09.2015 14:58 schrieb Ludovic Zammit < >>> <mailto:[email protected]>[email protected] <mailto:[email protected]>>: >>>> >>>> Hello Hubert, >>>> >>>> Your issue seems to lay in the deauthentication process after the >>>> registration. >>>> >>>> Check for the de-authentication method used, it should be either a radius >>>> Change of Authorization, a shutdown/ no shutdown on the port via SNMP or >>>> SSH or telnet access to the switch/AP. >>>> >>>> Thanks, >>>> >>>> Ludovic Zammit >>>> >>>> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) >>>> :: www.inverse.ca <http://www.inverse.ca/> >>>> >>>> Inverse inc. :: Leaders behind SOGo ( >>>> <http://www.sogo.nu/>http://www.sogo.nu <http://www.sogo.nu/>) and >>>> PacketFence ( <http://packetfence.org/>http://packetfence.org >>>> <http://packetfence.org/>) >>>> >>>> >>>> >>>> >>>> >>>> >>>>> Le 2015-09-25 à 02:02, Hubert Kupper <[email protected] >>>>> <mailto:[email protected]>> a écrit : >>>>> >>>>> Hi, >>>>> >>>>> we have packetfence zen-531 running with cisco switches. If users are >>>>> registrated succesfully, they have to reconnect their devices to the >>>>> network so that the devices become the new IP for network access. >>>>> Restarting the web browser is not working. For bandwidth violation it is >>>>> the same. Only after reconnecting, they are in the isolation vlan. Is >>>>> there any other solution as reconnecting? >>>>> >>>>> Regards, >>>>> Hubert >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> <mailto:[email protected]> >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >>>> >>>> >>> ------------------------------------------------------------------------------ >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> <mailto:[email protected]> >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >> >> >> >> ------------------------------------------------------------------------------ >> >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> > > > -- > _____________________________________________ > Hubert Kupper > Universitaetsrechenzentrum in Landau > Fortstrasse 7, D-76829 Landau > Tel: +49 6341/28031173 Fax: +49 6341/28031267 > > ------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
