Re: [PacketFence-users] dhcplistener configuration

[Josep M . Torné]

Hi,

 

Anyone has tried this configuration and got it to work?

Listening to DHCP traffic through VLAN interface configured 
/usr/local/pf/conf/pf.conf as “type=dhcp-listener”?

 

At this point, I have packetfence running an assigning VLANs correctly based on 
MACs (not 802.1x) on Cisco switches.

BUT once the VLAN is assigned to the client, I can’t keep track of assigned IP 
addresses.

That’s the missing part to get this to work.

 

Any advice would be greatly appreciated!

Thanks,

 

 

 

De: Josep M. Torné [mailto:jm.to...@tsiic.com] 
Enviado el: lunes, 16 de noviembre de 2015 18:26
Para: packetfence-users@lists.sourceforge.net
Asunto: Re: [PacketFence-users] dhcplistener configuration

 

Hi Derek,

 

Thanks for your answer.

Here you have the requested output.

 

VLAN1 (management VLAN): subnet 192.168.110.0/24

VLAN100 (production VLAN): subnet 192.168.100.0/24

VLAN200 (registration VLAN): subnet 172.22.0.0/24

 

I’ve slightly changed the numbers for VLAN and IP subnet for security reasons 
(call me paranoid :).

 

-- BEGIN --

# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:50:56:9A:AA:53

          inet addr:192.168.110.156  Bcast:192.168.110.255  Mask:255.255.255.0

          inet6 addr: fe80::250:56ff:fe9a:aa53/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:1991164 errors:0 dropped:0 overruns:0 frame:0

          TX packets:209700 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:181578443 (173.1 MiB)  TX bytes:250558804 (238.9 MiB)

 

eth0.100  Link encap:Ethernet  HWaddr 00:50:56:9A:AA:53

          inet addr:192.168.100.1  Bcast:192.168.100.255  Mask:255.255.255.0

          inet6 addr: fe80::250:56ff:fe9a:aa53/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:215311 errors:0 dropped:0 overruns:0 frame:0

          TX packets:34 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:14085396 (13.4 MiB)  TX bytes:1644 (1.6 KiB)

 

eth0.200  Link encap:Ethernet  HWaddr 00:50:56:9A:AA:53

          inet addr:172.22.0.2  Bcast:172.22.0.255  Mask:255.255.255.0

          inet6 addr: fe80::250:56ff:fe9a:aa53/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:3129 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1677 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:294083 (287.1 KiB)  TX bytes:305954 (298.7 KiB)

 

 

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:65536  Metric:1

          RX packets:3291151 errors:0 dropped:0 overruns:0 frame:0

          TX packets:3291151 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:2415838425 (2.2 GiB)  TX bytes:2415838425 (2.2 GiB)

 

-- END –

 

-- BEGIN –

# service packetfence status

service|shouldBeStarted|pid

carbon-cache|1|2525

carbon-relay|1|2532

collectd|1|2535

dhcpd|1|2552

haproxy|0|0

httpd.aaa|1|2554

httpd.admin|1|2497

httpd.graphite|1|2565

httpd.portal|1|2581

httpd.proxy|0|0

httpd.webservices|1|2605

iptables|1|-1

memcached|1|2481

pfbandwidthd|0|0

pfdetect|0|0

pfdhcplistener_eth0.200|1|2639

pfdhcplistener_eth0|1|2648

pfdhcplistener_eth0.100|1|0

pfdns|1|2651

pfmon|1|2677

pfsetvlan|0|0

radiusd|1|2723

radsniff3|1|2732

snmptrapd|0|0

snort|0|0

statsd|1|0

suricata|0|0

keepalived|0|0

-- END –

 

The line “pfdhcplistener_eth0.100|1|0” is actually in red.

 

In Pfence web GUI, Configuration --> interfaces, what should be the type for 
the interface? Right now, eth0 is set to Management, eth0.100 is set to Other, 
and eth0.200 is set to Registration.

I actually did create the new interface eth0.100 through the web GUI, and later 
modified the /usr/local/pf/conf/pf.conf file to add the “type=dhcp-listener” to 
the section “eth0.100”. 

Is this correct?

 

 

Is there any way to improve logging level, to help debugging?

Any clue about what could be wrong?

 

 

Best regards,

 

 

 

Josep M. Torne

 

De: Derek Wuelfrath [mailto:dwuelfr...@inverse.ca] 
Enviado el: lunes, 16 de noviembre de 2015 16:44
Para: ML PF
Asunto: Re: [PacketFence-users] dhcplistener configuration

 

Josep,

 

Can you send output of ‘ifconfig’ and ’service packetfence status’

 

Thanks


Cheers!

dw.

 

—

Derek Wuelfrath

dwuelfr...@inverse.ca <mailto:dwuelfr...@inverse.ca>  :: +1.514.447.4918 (x110) 
:: +1.866.353.6153 (x110)

Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu> ) and 
PacketFence (www.packetfence.org <http://www.packetfence.org> )

 


------------------------------------------------------------------------------

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users