Hi Louis,
I'm testing this against a Juniper EX4200-48PX running Junos 13.2X51-D35.3
(latest branch of 13.2).
Here's the relevant part of packetfence.log
May 11 13:07:06 httpd.aaa(1693) INFO: [mac:00:21:cc:be:a1:3f] Found method
CODE(0x7f89ee7ba2c8) for REST path /radius/rest/authorize
(pf::WebAPI::REST::handler)
May 11 13:07:07 httpd.aaa(1693) WARN: [mac:00:21:cc:be:a1:3f] Couldn't
match interface name for NAS-Port. VLAN re-assignment and switch/port
accounting will be affected. (pf::Switch::Juniper::NasPortToIfIndex)
May 11 13:07:07 httpd.aaa(1693) INFO: [mac:00:21:cc:be:a1:3f] handling
radius autz request: from switch_ip => (172.22.0.201), connection_type =>
Ethernet-EAP,switch_mac => (54:e0:32:9c:1d:80), mac => [00:21:cc:be:a1:3f],
port => 94, username => "FCC\dberube" (pf::radius::authorize)
May 11 13:07:07 httpd.aaa(1693) WARN: [mac:00:21:cc:be:a1:3f]
(172.22.0.201) Sending REJECT since switch is unsupported
(pf::radius::_switchUnsupportedReply)
May 11 13:07:08 httpd.aaa(1693) WARN: [mac:00:21:cc:be:a1:3f] Couldn't
match interface name for NAS-Port. VLAN re-assignment and switch/port
accounting will be affected. (pf::Switch::Juniper::NasPortToIfIndex)
May 11 13:09:41 httpd.aaa(1693) WARN: [mac:00:21:cc:be:a1:3f] Couldn't
match interface name for NAS-Port. VLAN re-assignment and switch/port
accounting will be affected. (pf::Switch::Juniper::NasPortToIfIndex)
May 11 13:09:41 httpd.aaa(1693) INFO: [mac:00:21:cc:be:a1:3f] handling
radius autz request: from switch_ip => (172.22.0.201), connection_type =>
WIRED_MAC_AUTH,switch_mac => (54:e0:32:9c:1d:80), mac =>
[00:21:cc:be:a1:3f], port => 94, username => "0021ccbea13f"
(pf::radius::authorize)
May 11 13:09:41 httpd.aaa(1693) INFO: [mac:00:21:cc:be:a1:3f] is of status
unreg; belongs into registration VLAN (pf::role::getRegistrationRole)
May 11 13:09:41 httpd.aaa(1693) INFO: [mac:00:21:cc:be:a1:3f]
(172.22.0.201) Added VLAN 98 to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)
May 11 13:09:41 httpd.aaa(1693) INFO: [mac:00:21:cc:be:a1:3f] Updating
locationlog from accounting request (pf::api::handle_accounting_metadata)
Here's the config from switches.conf
[172.22.0.201]
mode=production
Technology ServicesVlan=51
VoIPCDPDetect=N
VoIPDHCPDetect=N
AccessListMap=N
description=EX 4200
SNMPVersionTrap=2c
cliPwd=<redacted>
cliTransport=SSH
UrlMap=N
registrationVlan=98
Technology ServicesRole=techsvcs_51
cliUser=packetfence
deauthMethod=RADIUS
type=Juniper::EX
VoIPLLDPDetect=N
isolationVlan=97
radiusSecret=<redacted>
SNMPVersion=2c
cliEnablePwd=<redacted>
voiceVlan=99
Thanks,
Dustin
On Wed, May 11, 2016 at 12:35 PM, Louis Munro <[email protected]> wrote:
> Hi Dustin,
>
> This looks like a potential connection type mismatch.
>
> Can you provide relevant parts of packetfence.log and the configuration of
> that switch as defined in conf/switches.conf?
>
> Regards,
> --
> Louis Munro
> [email protected] :: www.inverse.ca
> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
> www.packetfence.org)
>
> On May 11, 2016, at 11:59 , Dustin Berube <[email protected]> wrote:
>
>
> (18) Wed May 11 11:25:31 2016: ERROR: rest: {"Reply-Message":"Network
> device does not support this mode of
> operation","control:PacketFence-Eap-Type":26,"control:PacketFence-Mac":"00:21:cc:be:a1:3f","control:PacketFence-Switch-Ip-Address":"172.22.0.201","control:PacketFence-Request-Time":1462980331,"control:PacketFence-IfIndex":94,"control:PacketFence-UserName":"FCC\\dberube","control:PacketFence-Connection-Type":"Ethernet-EAP","control:PacketFence-Switch-Mac":"54:e0:32:9c:1d:80","control:PacketFence-Switch-Id":"172.22.0.201"}
>
> Here's a link to the full radius debug:
> https://gist.github.com/dberube1/47a087fa894379d87f7c4324b70b1c4c
>
>
>
>
>
> ------------------------------------------------------------------------------
> Mobile security can be enabling, not merely restricting. Employees who
> bring their own devices (BYOD) to work are irked by the imposition of MDM
> restrictions. Mobile Device Manager Plus allows you to control only the
> apps on BYO-devices by containerizing them, leaving personal data
> untouched!
> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
