Hello Adam,
Make sure that you send the deauth to the correct IP address, you can force it
under Configuration > Switch > IP > Controller IP.
Also, the interface where you are sending the deauthentication on the WLC needs
to be a management interface not a service one.
Do a TCPDUMP capture to make sure it goes and use the correct IPs like :
tcpdump -i any port 3799
I am assuming that you have enabled the CoA on your Radius server
configuration, RFC-3576.
Thanks,
Ludovic Zammit
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) ::
www.inverse.ca <http://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>)
and PacketFence (http://packetfence.org <http://packetfence.org/>)
> Le 15 mai 2016 à 21:47, Adam Coyle <[email protected]> a écrit :
>
> Hello
>
> Setting up a Zen 6.0.1 environment which is near completion, keeping it
> simple to avoid issues with customisation until everything works 100%.
> Currently I cannot get it to deauth against either the Cisco 3702i AP or
> virtual WLC controller. In both cases it is configured for local switching on
> the AP.
>
> I connect to the test SSID, it displays the agreement page on the portal,
> then a sign on page. At which point the bar flows across the screen and
> errors on completion. Rejoining wireless at any point after this stage I am
> placed on the correct VLAN, and if done immediately after the sign on page I
> get the pf notification pop-up and redirected to the default landing page.
>
> The logs from packetfence.log when I try to on-board:
>
> ay 16 11:15:15 httpd.portal(2176) INFO: [mac:c4:8e:8f:f4:a7:e1] is currentlog
> connected at (172.21.0.253) ifIndex 1 registration
> (pf::enforcement::_should_we_reassign_vlan)
> May 16 11:15:15 httpd.portal(2176) INFO: [mac:c4:8e:8f:f4:a7:e1] Instantiate
> profile SGC (pf::Portal::ProfileFactory::_from_profile)
> May 16 11:15:15 httpd.portal(2176) INFO: [mac:c4:8e:8f:f4:a7:e1] Using
> sources sgc-adc-01 for matching (pf::authentication::match)
> May 16 11:15:15 httpd.portal(2176) INFO: [mac:c4:8e:8f:f4:a7:e1] Matched rule
> (Staff) in source sgc-adc-01, returning actions.
> (pf::Authentication::Source::match)
> May 16 11:15:15 httpd.portal(2176) INFO: [mac:c4:8e:8f:f4:a7:e1] Using
> sources sgc-adc-01 for matching (pf::authentication::match)
> May 16 11:15:15 httpd.portal(2176) INFO: [mac:c4:8e:8f:f4:a7:e1] Matched rule
> (Staff) in source sgc-adc-01, returning actions.
> (pf::Authentication::Source::match)
> May 16 11:15:15 httpd.portal(2176) INFO: [mac:c4:8e:8f:f4:a7:e1] Username was
> defined "sgc\acoyle" - returning role 'staff' (pf::role::getRegisteredRole)
> May 16 11:15:15 httpd.portal(2176) INFO: [mac:c4:8e:8f:f4:a7:e1] PID:
> "acoyle", Status: reg Returned VLAN: (undefined), Role: staff
> (pf::role::fetchRoleForNode)
> May 16 11:15:15 httpd.portal(2176) INFO: [mac:c4:8e:8f:f4:a7:e1] VLAN
> reassignment required (current VLAN = 1688 but should be in VLAN 2106)
> (pf::enforcement::_should_we_reassign_vlan)
> May 16 11:15:15 httpd.portal(2176) INFO: [mac:c4:8e:8f:f4:a7:e1] switch port
> is (172.21.0.253) ifIndex 1 connection type: WiFi 802.1X
> (pf::enforcement::_vlan_reevaluation)
>
>
> Being a common device I am sure I have missed a step, otherwise I would be
> finding more info on it.
>
> Thanks
>
> Adam
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Mobile security can be enabling, not merely restricting. Employees who
> bring their own devices (BYOD) to work are irked by the imposition of MDM
> restrictions. Mobile Device Manager Plus allows you to control only the
> apps on BYO-devices by containerizing them, leaving personal data untouched!
> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j_______________________________________________
>
> <https://ad.doubleclick.net/ddm/clk/304595813;131938128;j_______________________________________________>
> PacketFence-users mailing list
> [email protected]
> <mailto:[email protected]>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
