Hi Fabrice,
Many thanks for this link, unfortunately we are on an earlier AeroHive version
so it doesn't apply to us. I will go through all of the AeroHive documentation
again and see if I can find anything that I missed.
Regards
Darren Morgan
From: Durand fabrice [mailto:[email protected]]
Sent: 16 January 2016 02:42
To: [email protected]
Subject: Re: [PacketFence-users] PacketFence setup with Aerohive
Hi Morgan,
i just find that:
https://community.aerohive.com/aerohive/topics/vlan-assignment-through-radius-stopped-working-after-updating-ap121-to-hiveos-6-5r3-honolulu-2530
Regards
Fabrice
Le 2016-01-15 04:21, Morgan, Darren a écrit :
Hi Fabrice - Another update. I've amended the switch config but I still cannot
get the device to move to VLAN 214. Any ideas?
Jan 15 09:17:16 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] handling radius autz
request: from switch_ip => (192.168.214.9), connection_type =>
Wireless-802.11-NoEAP,switch_mac => (40:18:b1:83:1d:a8), mac =>
[60:57:18:94:4d:a0], port => 0, username => "605718944da0"
(pf::radius::authorize)
Jan 15 09:17:17 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] is of status unreg;
belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Jan 15 09:17:17 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] (192.168.214.9)
Returning ACCEPT with Role: registration
(pf::Switch::AeroHIVE::returnRadiusAccessAccept)
Jan 15 09:17:17 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Returning ACCEPT with
VLAN: 120 (pf::Switch::AeroHIVE::returnRadiusAccessAccept)
Jan 15 09:18:04 httpd.webservices(2022) INFO: Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:04 httpd.webservices(2022) INFO: Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:05 httpd.portal(21372) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:05 httpd.portal(21372) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:05 httpd.portal(21372) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [60:57:18:94:4d:a0] Updating node user_agent with
useragent: 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/47.0.2526.106 Safari/537.36'
(captiveportal::PacketFence::Controller::CaptivePortal::nodeRecordUserAgent)
Jan 15 09:18:05 httpd.portal(21372) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [60:57:18:94:4d:a0] redirected to authentication page on
default portal
(captiveportal::PacketFence::Controller::CaptivePortal::checkIfNeedsToRegister)
Jan 15 09:18:06 httpd.webservices(2022) INFO: Memory configuration is not valid
anymore for key config::Pf in local cached_hash (pfconfig::cached::is_valid)
Jan 15 09:18:10 httpd.portal(23189) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] URI
'/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab' (URL:
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab)
match proxy passthrough configuration. (pf::web::dispatcher::handler)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:17 httpd.portal(23187) WARN: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [OS_Staff] No entries found (0) with filter
(sAMAccountName=smith.f) from OU=Oundle,DC=oundleschool,DC=local on
192.168.100.42:389 (pf::Authentication::Source::LDAPSource::authenticate)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [OS_Pupils] Authentication successful for smith.f
(pf::Authentication::Source::LDAPSource::authenticate)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Authentication successful for smith.f in source OS_Pupils
(AD) (pf::authentication::authenticate)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Successfully authenticated
smith.f/192.168.120.227/60:57:18:94:4d:a0
(captiveportal::PacketFence::Controller::Authenticate::authenticationLogin)
Jan 15 09:18:17 httpd.portal(23187) WARN: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Calling match with empty/invalid rule class. Defaulting to
'authentication' (pf::authentication::match)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [OS_Pupils Pupils_Default] Found a match (CN=Fred
Smith,OU=2020OU,OU=Pupils,OU=OS,DC=oundleschool,DC=local)
(pf::Authentication::Source::LDAPSource::match_in_subclass)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Matched rule (Pupils_Default) in source OS_Pupils,
returning actions. (pf::Authentication::Source::match)
Jan 15 09:18:17 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Memory configuration is not valid anymore for key
config::Switch in local cached_hash (pfconfig::cached::is_valid)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [60:57:18:94:4d:a0] re-evaluating access (manage_register
called) (pf::enforcement::reevaluate_access)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [60:57:18:94:4d:a0] is currentlog connected at
(192.168.214.9) ifIndex 0 in VLAN 120
(pf::enforcement::_should_we_reassign_vlan)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [60:57:18:94:4d:a0] Connection type is WIRELESS_MAC_AUTH.
Getting role from node_info (pf::vlan::getNormalVlan)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [60:57:18:94:4d:a0] Username was defined "605718944da0" -
returning role 'OS_Pupils' (pf::vlan::getNormalVlan)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [60:57:18:94:4d:a0] PID: "smith.f", Status: reg Returned
VLAN: 214, Role: OS_Pupils (pf::vlan::fetchVlanForNode)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [60:57:18:94:4d:a0] VLAN reassignment required (current
VLAN = 120 but should be in VLAN 214)
(pf::enforcement::_should_we_reassign_vlan)
Jan 15 09:18:18 httpd.portal(23187) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] [60:57:18:94:4d:a0] switch port is (192.168.214.9) ifIndex
unknown connection type: WiFi MAC Auth (pf::enforcement::_vlan_reevaluation)
Jan 15 09:18:18 httpd.portal(21372) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:18 httpd.portal(21372) INFO: [ mac:60:57:18:94:4d:a0
ip:192.168.120.227 ] Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:19 httpd.webservices(2022) INFO: [60:57:18:94:4d:a0]
DesAssociating mac on switch (192.168.214.9) (pf::api::desAssociate)
Jan 15 09:18:19 httpd.webservices(2022) INFO: [60:57:18:94:4d:a0]
deauthenticating (pf::Switch::radiusDisconnect)
Jan 15 09:18:19 httpd.webservices(2022) INFO: Memory configuration is not valid
anymore for key interfaces::management_network in local cached_hash
(pfconfig::cached::is_valid)
Jan 15 09:18:19 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] handling radius autz
request: from switch_ip => (192.168.214.9), connection_type =>
Wireless-802.11-NoEAP,switch_mac => (40:18:b1:83:1d:94), mac =>
[60:57:18:94:4d:a0], port => 0, username => "605718944da0"
(pf::radius::authorize)
Jan 15 09:18:19 httpd.aaa(1986) INFO: Instantiate profile default
(pf::Portal::ProfileFactory::instantiate)
Jan 15 09:18:19 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Connection type is
WIRELESS_MAC_AUTH. Getting role from node_info (pf::vlan::getNormalVlan)
Jan 15 09:18:19 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Username was defined
"605718944da0" - returning role 'OS_Pupils' (pf::vlan::getNormalVlan)
Jan 15 09:18:19 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] PID: "smith.f",
Status: reg Returned VLAN: 214, Role: OS_Pupils (pf::vlan::fetchVlanForNode)
Jan 15 09:18:19 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] (192.168.214.9)
Returning ACCEPT with Role: OS_Pupils
(pf::Switch::AeroHIVE::returnRadiusAccessAccept)
Jan 15 09:18:19 httpd.aaa(1986) INFO: [60:57:18:94:4d:a0] Returning ACCEPT with
VLAN: 214 (pf::Switch::AeroHIVE::returnRadiusAccessAccept)
[root@localhost ~]#
Darren
From: Durand fabrice [mailto:[email protected]]
Sent: 15 January 2016 01:08
To:
[email protected]<mailto:[email protected]>
Subject: Re: [PacketFence-users] PacketFence setup with Aerohive
Hello Morgan,
what is missing is probably the deauth, can you paste the packetfence.log when
you login ?
Regards
Fabrice
Le 2016-01-14 12:06, Morgan, Darren a écrit :
Hi,
I'm trying to set up our PacketFence system with our Wi-Fi. I have managed to
find some information online
(https://community.aerohive.com/aerohive/topics/aerohive-integration-with-packetfence
)
I can get Wi-Fi laptops to connect to the open SSID and they can reach the
PacketFence Authentication portal on the registration VLAN, but once
authenticated it does not seem to move the device to the Authenticated VLAN.
Does anyone have any experience with connecting PF to Aerohive through the
online hivemanager? Has anyone got any tips for fault-finding this sort of
issue?
Kind regards
Darren Morgan
Systems Manager
Oundle School
This email is sent from either Oundle School or Laxton Junior School for The
Corporation of Oundle School and is intended only for the addressee named
above. The Corporation of Oundle School is a Charity incorporated under Royal
Charter RC000396 and charity number 309921.
www.oundleschool.org.uk<http://www.oundleschool.org.uk>
________________________________
Scanned by iCritical.
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
This email is sent from either Oundle School or Laxton Junior School for The
Corporation of Oundle School and is intended only for the addressee named
above. The Corporation of Oundle School is a Charity incorporated under Royal
Charter RC000396 and charity number 309921.
www.oundleschool.org.uk<http://www.oundleschool.org.uk>
________________________________
Scanned by iCritical.
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
