Hi guys,
I am pretty much new to this world of Packagefence, I am testing this using a
Cisco Catalyst 3550 with the latest IOS available.
I created my registration, isolation and normal VLANs on both the PF server
interface and Switch.
I added this switch on PF using the parameters specified on the official
documentation, also set up the switch using the 3550 (802.1x with MAB)
configuration.
Created a source for Active Directory authentication.
I setup one of the ports on the switch with the parameters for the registration
VLAN, the PC (Windows 10) automatically acquired an IP address from this
subnet, so when I opened the browser forced me to authenticate, so I put it my
AD credentials and got authenticated.
When I connect the same PC on a port setup as specified on the official
documentation, the PC WILL NOT get an IP address:
switchport mode accessdot1x mac-auth-bypassdot1x pae authenticatordot1x
port-control autodot1x violation-mode protectdot1x timeout quiet-period 2dot1x
timeout reauth-period 7200dot1x timeout tx-period 3dot1x reauthentication
Here is the log from the packetfense.log:
Jun 17 09:50:05 httpd.aaa(2249) INFO: [mac:28:d2:44:08:2c:68] handling radius
autz request: from switch_ip => (192.168.1.14), connection_type =>
WIRED_MAC_AUTH,switch_mac => (00:11:92:b1:81:86), mac => [28:d2:44:08:2c:68],
port => 6, username => "28d244082c68" (pf::radius::authorize)Jun 17 09:50:05
httpd.aaa(2249) INFO: [mac:28:d2:44:08:2c:68] is of status unreg; belongs into
registration VLAN (pf::role::getRegistrationRole)Jun 17 09:50:05
httpd.aaa(2249) INFO: [mac:28:d2:44:08:2c:68] (192.168.1.14) Added VLAN 260 to
the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)Jun 17
09:50:05 httpd.aaa(2249) INFO: [mac:28:d2:44:08:2c:68] (192.168.1.14) Added
role registration to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)Jun 17 09:50:20 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] handling radius autz request: from switch_ip =>
(192.168.1.14), connection_type => WIRED_MAC_AUTH,switch_mac =>
(00:11:92:b1:81:86), mac => [28:d2:44:08:2c:68], port => 6, username =>
"28d244082c68" (pf::radius::authorize)Jun 17 09:50:20 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] is of status unreg; belongs into registration VLAN
(pf::role::getRegistrationRole)Jun 17 09:50:20 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] (192.168.1.14) Added VLAN 260 to the returned RADIUS
Access-Accept (pf::Switch::returnRadiusAccessAccept)Jun 17 09:50:20
httpd.aaa(2249) INFO: [mac:28:d2:44:08:2c:68] (192.168.1.14) Added role
registration to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)Jun 17 09:50:29 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] handling radius autz request: from switch_ip =>
(192.168.1.14), connection_type => WIRED_MAC_AUTH,switch_mac =>
(00:11:92:b1:81:86), mac => [28:d2:44:08:2c:68], port => 6, username =>
"28d244082c68" (pf::radius::authorize)Jun 17 09:50:29 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] is of status unreg; belongs into registration VLAN
(pf::role::getRegistrationRole)Jun 17 09:50:29 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] (192.168.1.14) Added VLAN 260 to the returned RADIUS
Access-Accept (pf::Switch::returnRadiusAccessAccept)Jun 17 09:50:29
httpd.aaa(2249) INFO: [mac:28:d2:44:08:2c:68] (192.168.1.14) Added role
registration to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)
Any thoughts?
Please advise,Vianney
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
