Re: [PacketFence-users] registration vlan question

Mon, 05 Oct 2015 05:24:34 -0700 

Is there anything wrong or missing with the config?

Cheers, Hubert

Am 30.09.2015 um 07:40 schrieb Hubert Kupper:

Hello Ludovic,

here is the relevant config:

aaa new-model
!
!
aaa authentication login default local
aaa authentication dot1x default group radius
aaa authorization console
aaa authorization exec default local if-authenticated
aaa authorization network default group radius
aaa accounting update newinfo periodic 1
aaa accounting dot1x default start-stop group radius
!
!
aaa server radius dynamic-author
 client 'IP of packetfence' server-key 'here is the key'
 port 3799
 auth-type all
!
aaa session-id common
!
radius-server host 'IP of packetfence' auth-port 1812 acct-port 1813 key 'here is the key' 

Cheers, Hubert

Am 29.09.2015 um 15:07 schrieb Ludovic Zammit:

Hello Hubert,

Can you post your switch configuration ?

Thanks,


Ludovic Zammit
[email protected]  ::  +1.514.447.4918 (x145) ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)






Le 2015-09-29 à 08:41, Hubert Kupper <[email protected]> a écrit :

Hi Ludovic,

I use an cisco 2960G Switch.

Here is the output of tcpdump -i any port 3799:

[root@pfence4 conf]# tcpdump -i any port 3799
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes 08:12:17.134578 IP pfence4.test.uni-landau.de <http://pfence4.test.uni-landau.de>.38815 > testswitch.test.uni-landau.de.radius-dynauth: UDP, length 92 08:12:17.140665 IP testswitch.test.uni-landau.de.radius-dynauth > pfence4.test.uni-landau.de <http://pfence4.test.uni-landau.de>.38815: UDP, length 20 08:12:17.140665 IP testswitch.test.uni-landau.de.radius-dynauth > pfence4.test.uni-landau.de <http://pfence4.test.uni-landau.de>.38815: UDP, length 20 08:15:44.705858 IP pfence4.test.uni-landau.de <http://pfence4.test.uni-landau.de>.40237 > testswitch.test.uni-landau.de.radius-dynauth: UDP, length 92 08:15:44.711223 IP testswitch.test.uni-landau.de.radius-dynauth > pfence4.test.uni-landau.de <http://pfence4.test.uni-landau.de>.40237: UDP, length 20 08:15:44.711223 IP testswitch.test.uni-landau.de.radius-dynauth > pfence4.test.uni-landau.de <http://pfence4.test.uni-landau.de>.40237: UDP, length 20 08:26:59.235022 IP pfence4.test.uni-landau.de <http://pfence4.test.uni-landau.de>.58591 > testswitch.test.uni-landau.de.radius-dynauth: UDP, length 92 08:26:59.241013 IP testswitch.test.uni-landau.de.radius-dynauth > pfence4.test.uni-landau.de <http://pfence4.test.uni-landau.de>.58591: UDP, length 20 08:26:59.241013 IP testswitch.test.uni-landau.de.radius-dynauth > pfence4.test.uni-landau.de <http://pfence4.test.uni-landau.de>.58591: UDP, length 20 

Regards, Hubert

Am 25.09.2015 um 19:24 schrieb Ludovic Zammit:

Hubert,

Which type of switch access point are you using ?
If you are using radius for the deauthentication you should have configure the CoA on your device or check if your device support the Change of Authorization (CoA). 

You can check if the radius is reaching the PacketFence box using :

- tcpdump -i any port 3799 (It’s very common to have the CoA on 3799)
or
- radsniff -p 3799

Thanks,
Ludovic Zammit
[email protected]  ::  +1.514.447.4918 (x145) ::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)






Le 2015-09-25 à 12:47, HK <[email protected]> a écrit :

Hi Ludovic,

the de-authentication method is radius. How can I check it?

Regards, Hubert

Am 25.09.2015 14:58 schrieb Ludovic Zammit <[email protected]>:


Hello Hubert,
Your issue seems to lay in the deauthentication process after the registration.
Check for the de-authentication method used, it should be either a radius Change of Authorization, a shutdown/ no shutdown on the port via SNMP or SSH or telnet access to the switch/AP. 

Thanks,

Ludovic Zammit
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
Le 2015-09-25 à 02:02, Hubert Kupper <[email protected]> a écrit : 

Hi,
we have packetfence zen-531 running with cisco switches. If users are registrated succesfully, they have to reconnect their devices to the 
network so that the devices become the new IP for network access.
Restarting the web browser is not working. For bandwidth violation it is the same. Only after reconnecting, they are in the isolation vlan. Is 
there any other solution as reconnecting?

Regards,
Hubert



------------------------------------------------------------------------------





------------------------------------------------------------------------------

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to