Thank you for your reply! I am new to switch configuration, bet seems like i have tagged VLAN 2 on switch ports 2-3. Here is info about vlan2:
ProCurveSwitch# show vlan 2 Status and Counters - VLAN Information - Ports - VLAN 2 VLAN ID : 2 Name : Registration Status : Port-based Voice : No Jumbo : No Port Information Mode Unknown VLAN Status ---------------- -------- ------------ ---------- 2 MACAUTH Learn Up 3 Tagged Learn Down Trk1 Tagged Learn Up Overridden Port VLAN configuration Port Mode ---- ------------ 2 Tagged ProCurveSwitch# show vlans Status and Counters - VLAN Information Maximum VLANs to support : 8 Primary VLAN : Default Management VLAN : VLAN ID Name | Status Voice Jumbo ------- -------------------------------- + ---------- ----- ----- 1 Default | Port-based No No 2 Registration | Port-based No No 3 Isolation | Port-based No No 10 Normal | Port-based No No 2015-10-16 1:12 GMT+03:00 Durand fabrice <[email protected]>: > Hello, > > you issue is on the eth0 interface, it looks that the vlan 2 is not tagged > on the switch port. > If you check all the vlan interfaces there is no RX packets. > > Regards > Fabrice > > > > Le 2015-10-15 16:31, Kristaps Dambergs a écrit : > > Hello, > > > I am using PF 5.3 802.1x + MAC auth. When I plug a device in the switch > port ehich is set on VLAN 2 (reg) nothin happens after. Unable to get IP > address from DHCP. No access to authorization portal. I posted my config > below. > > > Any help would be much appreciated. > > Thanks > > > > > [root@PacketFence-ZEN-5-3 ~]# tail -f /usr/local/pf/logs/packetfence.log > > > Oct 15 15:57:26 httpd.aaa(1948) INFO: [e8:9a:8f:ec:cb:bf] handling radius > autz request: from switch_ip => (192.168.0.3), connection_type => > WIRED_MAC_AUTH,switch_mac => (c0:91:34:64:62:f3), mac => > [e8:9a:8f:ec:cb:bf], port => 13, username => "e89a8feccbbf" > (pf::radius::authorize) > > Oct 15 15:57:26 httpd.aaa(1948) INFO: [e8:9a:8f:ec:cb:bf] is of status > unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan) > > Oct 15 15:57:26 httpd.aaa(1948) WARN: Role-based Network Access Control is > not supported on network device type pf::Switch::HP::Procurve_2600. > (pf::Switch::supportsRoleBasedEnforcement) > > Oct 15 15:57:26 httpd.aaa(1948) INFO: [e8:9a:8f:ec:cb:bf] (192.168.0.3) > Returning ACCEPT with VLAN 2 and role > (pf::Switch::returnRadiusAccessAccept) > > > [root@PacketFence-ZEN-5-3 pf]# tail -f > /usr/local/pf/logs/pfdhcplistener.log > > Oct 15 15:43:22 pfdhcplistener(2008) INFO: Matched MAC '00:1d:7d:07:a1:16' > to IP address '192.168.0.103' using SQL 'iplog' table (pf::iplog::mac2ip) > > Oct 15 15:43:22 pfdhcplistener(2008) INFO: Matched IP '192.168.0.103' to > MAC address '00:1d:7d:07:a1:16' using SQL 'iplog' table (pf::iplog::ip2mac) > > Oct 15 15:43:30 pfdhcplistener(2008) INFO: 00:1d:7d:07:a1:16 requested an > IP with the following informations: last_dhcp = 2015-10-15 > 15:43:22,computername = ZALMAN,dhcp_fingerprint = > 1,15,3,6,44,46,47,31,33,121,249,252,43,dhcp_vendor = MSFT 5.0 > (main::listen_dhcp) > > Oct 15 15:43:30 pfdhcplistener(2008) INFO: DHCPREQUEST from > 00:1d:7d:07:a1:16 (192.168.0.103) (main::parse_dhcp_request) > > Oct 15 15:43:30 pfdhcplistener(2008) INFO: Matched MAC '00:1d:7d:07:a1:16' > to IP address '192.168.0.103' using SQL 'iplog' table (pf::iplog::mac2ip) > > Oct 15 15:43:30 pfdhcplistener(2008) INFO: Matched IP '192.168.0.103' to > MAC address '00:1d:7d:07:a1:16' using SQL 'iplog' table (pf::iplog::ip2mac) > > Oct 15 15:43:31 pfdhcplistener(2008) INFO: 00:1d:7d:07:a1:16 requested an > IP with the following informations: last_dhcp = 2015-10-15 > 15:43:30,computername = ZALMAN,dhcp_fingerprint = > 1,15,3,6,44,46,47,31,33,121,249,252,43,dhcp_vendor = MSFT 5.0 > (main::listen_dhcp) > > Oct 15 15:43:31 pfdhcplistener(2008) INFO: DHCPACK from 192.168.0.1 > (f8:d1:11:af:83:24) to host 00:1d:7d:07:a1:16 (192.168.0.103) for 7200 > seconds (main::parse_dhcp_ack) > > Oct 15 15:43:31 pfdhcplistener(2008) INFO: Matched MAC '00:1d:7d:07:a1:16' > to IP address '192.168.0.103' using SQL 'iplog' table (pf::iplog::mac2ip) > > Oct 15 15:43:31 pfdhcplistener(2008) INFO: Matched IP '192.168.0.103' to > MAC address '00:1d:7d:07:a1:16' using SQL 'iplog' table (pf::iplog::ip2mac) > > > [root@PacketFence-ZEN-5-3 pf]# ifconfig > > eth0 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB > > inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0 > > inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:243373 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:163313 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:66422609 (63.3 MiB) TX bytes:40397839 (38.5 MiB) > > > eth0.2 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB > > inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0 > > inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:0 (0.0 b) TX bytes:636 (636.0 b) > > > eth0.3 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB > > inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0 > > inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:0 (0.0 b) TX bytes:636 (636.0 b) > > > eth0.4 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB > > inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0 > > inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:0 (0.0 b) TX bytes:636 (636.0 b) > > > eth0.10 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB > > inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 > > inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:0 (0.0 b) TX bytes:636 (636.0 b) > > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > inet6 addr: ::1/128 Scope:Host > > UP LOOPBACK RUNNING MTU:65536 Metric:1 > > RX packets:334900 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:334900 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:64297397 (61.3 MiB) TX bytes:64297397 (61.3 MiB) > > > > [root@PacketFence-ZEN-5-3 ~]# sudo vi /usr/local/pf/conf/switches.conf > > RoleMap=Y > > mode=testing > > macSearchesMaxNb=30 > > macSearchesSleepInterval=2 > > uplink=dynamic > > # > > # Command Line Interface > > # > > # cliTransport could be: Telnet, SSH or Serial > > cliTransport=Telnet > > cliUser= > > cliPwd= > > cliEnablePwd= > > # > > # SNMP section > > # > > # PacketFence -> Switch > > SNMPVersion=1 > > SNMPCommunityRead=public > > SNMPCommunityWrite=private > > #SNMPEngineID = 0000000000000 > > #SNMPUserNameRead = readUser > > #SNMPAuthProtocolRead = MD5 > > #SNMPAuthPasswordRead = authpwdread > > #SNMPPrivProtocolRead = DES > > #SNMPPrivPasswordRead = privpwdread > > #SNMPUserNameWrite = writeUser > > #SNMPAuthProtocolWrite = MD5 > > #SNMPAuthPasswordWrite = authpwdwrite > > #SNMPPrivProtocolWrite = DES > > #SNMPPrivPasswordWrite = privpwdwrite > > # Switch -> PacketFence > > SNMPVersionTrap=1 > > SNMPCommunityTrap=public > > #SNMPAuthProtocolTrap = MD5 > > #SNMPAuthPasswordTrap = authpwdread > > #SNMPPrivProtocolTrap = DES > > #SNMPPrivPasswordTrap = privpwdread > > # > > # Web Services Interface > > # > > # wsTransport could be: http or https > > wsTransport=http > > wsUser= > > wsPwd= > > # > > # RADIUS NAS Client config > > # > > # RADIUS shared secret with switch > > radiusSecret= > > > > [192.168.0.3] > > mode=production > > deauthMethod=RADIUS > > AccessListMap=N > > description=2610 > > SNMPVersionTrap=1 > > type=HP::Procurve_2600 > > VoIPEnabled=N > > radiusSecret="PASSWD" > > uplink_dynamic=0 > > uplink=23,24 > > > > > > My procurve 2610 config: > > > > Running configuration: > > > > ; J9086A Configuration Editor; Created on release #R.11.60 > > > > hostname "ProCurveSwitch" > > time timezone 180 > > no telnet-server > > interface 23 > > name "pfserver" > > exit > > trunk 23 Trk1 Trunk > > timesync sntp > > vlan 1 > > name "Default" > > untagged 1-2,4-22,24-28,Trk1 > > ip address 192.168.0.3 255.255.255.0 > > no untagged 3 > > exit > > vlan 2 > > name "Registration" > > untagged 3 > > ip address 192.168.2.1 255.255.255.0 > > tagged Trk1 > > exit > > vlan 3 > > name "Isolation" > > ip address 192.168.3.1 255.255.255.0 > > tagged Trk1 > > exit > > vlan 10 > > name "Normal" > > ip address 192.168.1.1 255.255.255.0 > > tagged Trk1 > > exit > > radius-server host 192.168.0.10 key Parole321 > > aaa server-group radius "packetfence" host 192.168.0.10 > > aaa authentication port-access eap-radius server-group "packetfence" > > aaa authentication mac-based chap-radius server-group "packetfence" > > port-security 1 learn-mode port-access action send-alarm > > port-security 2 learn-mode port-access action send-alarm > > port-security 3 learn-mode port-access action send-alarm > > port-security 4 learn-mode port-access action send-alarm > > port-security 5 learn-mode port-access action send-alarm > > port-security 6 learn-mode port-access action send-alarm > > port-security 7 learn-mode port-access action send-alarm > > port-security 8 learn-mode port-access action send-alarm > > port-security 9 learn-mode port-access action send-alarm > > port-security 10 learn-mode port-access action send-alarm > > port-security 11 learn-mode port-access action send-alarm > > port-security 12 learn-mode port-access action send-alarm > > port-security 13 learn-mode port-access action send-alarm > > port-security 14 learn-mode port-access action send-alarm > > port-security 15 learn-mode port-access action send-alarm > > port-security 16 learn-mode port-access action send-alarm > > port-security 17 learn-mode port-access action send-alarm > > port-security 18 learn-mode port-access action send-alarm > > port-security 19 learn-mode port-access action send-alarm > > port-security 20 learn-mode port-access action send-alarm > > port-security 21 learn-mode port-access action send-alarm > > port-security 22 learn-mode port-access action send-alarm > > snmp-server host 192.168.0.10 community "public" informs trap-level > Not-INFO > > no snmp-server enable traps link-change 1-22 > > sntp unicast > > sntp server 129.6.15.30 > > aaa port-access authenticator 1-22 > > aaa port-access authenticator 1 client-limit 1 > > aaa port-access authenticator 2 client-limit 1 > > aaa port-access authenticator 3 client-limit 1 > > aaa port-access authenticator 4 client-limit 1 > > aaa port-access authenticator 5 client-limit 1 > > aaa port-access authenticator 6 client-limit 1 > > aaa port-access authenticator 7 client-limit 1 > > aaa port-access authenticator 8 client-limit 1 > > aaa port-access authenticator 9 client-limit 1 > > aaa port-access authenticator 10 client-limit 1 > > aaa port-access authenticator 11 client-limit 1 > > aaa port-access authenticator 12 client-limit 1 > > aaa port-access authenticator 13 client-limit 1 > > aaa port-access authenticator 14 client-limit 1 > > aaa port-access authenticator 15 client-limit 1 > > aaa port-access authenticator 16 client-limit 1 > > aaa port-access authenticator 17 client-limit 1 > > aaa port-access authenticator 18 client-limit 1 > > aaa port-access authenticator 19 client-limit 1 > > aaa port-access authenticator 20 client-limit 1 > > aaa port-access authenticator 21 client-limit 1 > > aaa port-access authenticator 22 client-limit 1 > > aaa port-access authenticator active > > aaa port-access mac-based 1-22 > > aaa port-access mac-based 1 addr-moves > > aaa port-access mac-based 1 reauth-period 14400 > > aaa port-access mac-based 2 addr-moves > > aaa port-access mac-based 2 reauth-period 14400 > > aaa port-access mac-based 3 addr-moves > > aaa port-access mac-based 3 reauth-period 14400 > > aaa port-access mac-based 4 addr-moves > > aaa port-access mac-based 4 reauth-period 14400 > > aaa port-access mac-based 5 addr-moves > > aaa port-access mac-based 5 reauth-period 14400 > > aaa port-access mac-based 6 addr-moves > > aaa port-access mac-based 6 reauth-period 14400 > > aaa port-access mac-based 7 addr-moves > > aaa port-access mac-based 7 reauth-period 14400 > > aaa port-access mac-based 8 addr-moves > > aaa port-access mac-based 8 reauth-period 14400 > > aaa port-access mac-based 9 addr-moves > > aaa port-access mac-based 9 reauth-period 14400 > > aaa port-access mac-based 10 addr-moves > > aaa port-access mac-based 10 reauth-period 14400 > > aaa port-access mac-based 11 addr-moves > > aaa port-access mac-based 11 reauth-period 14400 > > aaa port-access mac-based 12 addr-moves > > aaa port-access mac-based 12 reauth-period 14400 > > aaa port-access mac-based 13 addr-moves > > aaa port-access mac-based 13 reauth-period 14400 > > aaa port-access mac-based 14 addr-moves > > aaa port-access mac-based 14 reauth-period 14400 > > aaa port-access mac-based 15 addr-moves > > aaa port-access mac-based 15 reauth-period 14400 > > aaa port-access mac-based 16 addr-moves > > aaa port-access mac-based 16 reauth-period 14400 > > aaa port-access mac-based 17 addr-moves > > aaa port-access mac-based 17 reauth-period 14400 > > aaa port-access mac-based 18 addr-moves > > aaa port-access mac-based 18 reauth-period 14400 > > aaa port-access mac-based 19 addr-moves > > aaa port-access mac-based 19 reauth-period 14400 > > aaa port-access mac-based 20 addr-moves > > aaa port-access mac-based 20 reauth-period 14400 > > aaa port-access mac-based 21 addr-moves > > aaa port-access mac-based 21 reauth-period 14400 > > aaa port-access mac-based 22 addr-moves > > aaa port-access mac-based 22 reauth-period 14400 > > aaa port-access 1 controlled-direction in > > aaa port-access 2 controlled-direction in > > aaa port-access 3 controlled-direction in > > aaa port-access 4 controlled-direction in > > aaa port-access 5 controlled-direction in > > aaa port-access 6 controlled-direction in > > aaa port-access 7 controlled-direction in > > aaa port-access 8 controlled-direction in > > aaa port-access 9 controlled-direction in > > aaa port-access 10 controlled-direction in > > aaa port-access 11 controlled-direction in > > aaa port-access 12 controlled-direction in > > aaa port-access 13 controlled-direction in > > aaa port-access 14 controlled-direction in > > aaa port-access 15 controlled-direction in > > aaa port-access 16 controlled-direction in > > aaa port-access 17 controlled-direction in > > aaa port-access 18 controlled-direction in > > aaa port-access 19 controlled-direction in > > aaa port-access 20 controlled-direction in > > aaa port-access 21 controlled-direction in > > aaa port-access 22 controlled-direction in > > spanning-tree Trk1 priority 4 > > ip ssh > > password manager > > password operator > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > PacketFence-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > >
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
