Hello Ludovic,
here is the relevant config:
aaa new-model
!
!
aaa authentication login default local
aaa authentication dot1x default group radius
aaa authorization console
aaa authorization exec default local if-authenticated
aaa authorization network default group radius
aaa accounting update newinfo periodic 1
aaa accounting dot1x default start-stop group radius
!
!
aaa server radius dynamic-author
client 'IP of packetfence' server-key 'here is the key'
port 3799
auth-type all
!
aaa session-id common
!
radius-server host 'IP of packetfence' auth-port 1812 acct-port 1813 key
'here is the key'
Cheers, Hubert
Am 29.09.2015 um 15:07 schrieb Ludovic Zammit:
Hello Hubert,
Can you post your switch configuration ?
Thanks,
Ludovic Zammit
[email protected] :: +1.514.447.4918 (x145) ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
Le 2015-09-29 à 08:41, Hubert Kupper <[email protected]
<mailto:[email protected]>> a écrit :
Hi Ludovic,
I use an cisco 2960G Switch.
Here is the output of tcpdump -i any port 3799:
[root@pfence4 conf]# tcpdump -i any port 3799
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size
65535 bytes
08:12:17.134578 IP pfence4.test.uni-landau.de
<http://pfence4.test.uni-landau.de>.38815 >
testswitch.test.uni-landau.de.radius-dynauth: UDP, length 92
08:12:17.140665 IP testswitch.test.uni-landau.de.radius-dynauth >
pfence4.test.uni-landau.de <http://pfence4.test.uni-landau.de>.38815:
UDP, length 20
08:12:17.140665 IP testswitch.test.uni-landau.de.radius-dynauth >
pfence4.test.uni-landau.de <http://pfence4.test.uni-landau.de>.38815:
UDP, length 20
08:15:44.705858 IP pfence4.test.uni-landau.de
<http://pfence4.test.uni-landau.de>.40237 >
testswitch.test.uni-landau.de.radius-dynauth: UDP, length 92
08:15:44.711223 IP testswitch.test.uni-landau.de.radius-dynauth >
pfence4.test.uni-landau.de <http://pfence4.test.uni-landau.de>.40237:
UDP, length 20
08:15:44.711223 IP testswitch.test.uni-landau.de.radius-dynauth >
pfence4.test.uni-landau.de <http://pfence4.test.uni-landau.de>.40237:
UDP, length 20
08:26:59.235022 IP pfence4.test.uni-landau.de
<http://pfence4.test.uni-landau.de>.58591 >
testswitch.test.uni-landau.de.radius-dynauth: UDP, length 92
08:26:59.241013 IP testswitch.test.uni-landau.de.radius-dynauth >
pfence4.test.uni-landau.de <http://pfence4.test.uni-landau.de>.58591:
UDP, length 20
08:26:59.241013 IP testswitch.test.uni-landau.de.radius-dynauth >
pfence4.test.uni-landau.de <http://pfence4.test.uni-landau.de>.58591:
UDP, length 20
Regards, Hubert
Am 25.09.2015 um 19:24 schrieb Ludovic Zammit:
Hubert,
Which type of switch access point are you using ?
If you are using radius for the deauthentication you should have
configure the CoA on your device or check if your device support the
Change of Authorization (CoA).
You can check if the radius is reaching the PacketFence box using :
- tcpdump -i any port 3799 (It’s very common to have the CoA on 3799)
or
- radsniff -p 3799
Thanks,
Ludovic Zammit
[email protected] :: +1.514.447.4918 (x145) ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
Le 2015-09-25 à 12:47, HK <[email protected]> a écrit :
Hi Ludovic,
the de-authentication method is radius. How can I check it?
Regards, Hubert
Am 25.09.2015 14:58 schrieb Ludovic Zammit <[email protected]>:
Hello Hubert,
Your issue seems to lay in the deauthentication process after the
registration.
Check for the de-authentication method used, it should be either a
radius Change of Authorization, a shutdown/ no shutdown on the
port via SNMP or SSH or telnet access to the switch/AP.
Thanks,
Ludovic Zammit
[email protected] <mailto:[email protected]> :: +1.514.447.4918
(x145) :: www.inverse.ca <http://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
Le 2015-09-25 à 02:02, Hubert Kupper <[email protected]
<mailto:[email protected]>> a écrit :
Hi,
we have packetfence zen-531 running with cisco switches. If users
are
registrated succesfully, they have to reconnect their devices to the
network so that the devices become the new IP for network access.
Restarting the web browser is not working. For bandwidth
violation it is
the same. Only after reconnecting, they are in the isolation
vlan. Is
there any other solution as reconnecting?
Regards,
Hubert
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
_____________________________________________
Hubert Kupper
Universitaetsrechenzentrum in Landau
Fortstrasse 7, D-76829 Landau
Tel: +49 6341/28031173 Fax: +49 6341/28031267
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
_____________________________________________
Hubert Kupper
Universitaetsrechenzentrum in Landau
Fortstrasse 7, D-76829 Landau
Tel: +49 6341/28031173 Fax: +49 6341/28031267
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
