Hi Antoine,
I followed the instructions from the link you shared regarding the
configuration of the ip-helper (Add PacketFence’s management IP address as the
last ip helper-address statement in your network equipment) on my production
VLAN, but that did not helpl, unless the NIC is disabled/enabled or the
Ethernet cable unplug/re-plug after a successful registration, the PC will not
be assigned to my production VLAN (162).
Please refer to:
packetfence.log:
Jun 17 15:41:32 httpd.aaa(1851) INFO: [mac:28:d2:44:08:2c:68] handling radius
autz request: from switch_ip => (192.168.1.14), connection_type =>
WIRED_MAC_AUTH,switch_mac => (00:11:92:b1:81:8c), mac => [28:d2:44:08:2c:68],
port => 12, username => "28d244082c68" (pf::radius::authorize)Jun 17 15:41:32
httpd.aaa(1851) INFO: [mac:28:d2:44:08:2c:68] is of status unreg; belongs into
registration VLAN (pf::role::getRegistrationRole)Jun 17 15:41:32
httpd.aaa(1851) INFO: [mac:28:d2:44:08:2c:68] (192.168.1.14) Added VLAN 260 to
the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)Jun 17
15:41:40 httpd.portal(1972) INFO: [mac:[undef]] Dealing with a endpoint /
browser with captive-portal detection capabilities while having a self-signed
SSL certificate. Using HTTP instead of HTTPS (pf::web::dispatcher::handler)Jun
17 15:41:40 httpd.portal(1972) INFO: [mac:[undef]] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:41:40
httpd.portal(1968) INFO: [mac:[undef]] Instantiate a new iptables modification
method. pf::ipset (pf::inline::get_technique)Jun 17 15:41:40 httpd.portal(1974)
INFO: [mac:[undef]] Dealing with a endpoint / browser with captive-portal
detection capabilities while having a self-signed SSL certificate. Using HTTP
instead of HTTPS (pf::web::dispatcher::handler)Jun 17 15:41:40
httpd.portal(1974) INFO: [mac:[undef]] Instantiate a new iptables modification
method. pf::ipset (pf::inline::get_technique)Jun 17 15:41:41 httpd.portal(1972)
INFO: [mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:41:42 httpd.portal(2123) INFO:
[mac:unknown] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:41:42 httpd.portal(2123)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:41:42 httpd.portal(2123)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:41:42 httpd.portal(2123)
INFO: [mac:28:d2:44:08:2c:68] Updating node user_agent with useragent:
'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/51.0.2704.84 Safari/537.36'
(captiveportal::PacketFence::DynamicRouting::Application::process_user_agent)Jun
17 15:41:42 httpd.portal(2123) INFO: [mac:28:d2:44:08:2c:68] Static User-Agent
lookup data initialized (pf::useragent::_init)Jun 17 15:41:42
httpd.portal(1974) INFO: [mac:[undef]] Instantiate a new iptables modification
method. pf::ipset (pf::inline::get_technique)Jun 17 15:41:42 httpd.portal(1974)
INFO: [mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:41:45 httpd.portal(2130) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:41:50 httpd.portal(1972) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:41:50 httpd.portal(1974) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:41:50 httpd.portal(2128) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:41:55 httpd.portal(2123) INFO:
[mac:28:d2:44:08:2c:68] Instantiate a new iptables modification method.
pf::ipset (pf::inline::get_technique)Jun 17 15:41:56 httpd.portal(2130) INFO:
[mac:unknown] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:41:56 httpd.portal(2130)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:41:56 httpd.portal(2130)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:41:56 httpd.portal(2130)
INFO: [mac:unknown] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:41:57 httpd.portal(2130)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:41:57 httpd.portal(2130)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:03 httpd.portal(2128)
INFO: [mac:[undef]] Dealing with a endpoint / browser with captive-portal
detection capabilities while having a self-signed SSL certificate. Using HTTP
instead of HTTPS (pf::web::dispatcher::handler)Jun 17 15:42:03
httpd.portal(2128) INFO: [mac:[undef]] Instantiate a new iptables modification
method. pf::ipset (pf::inline::get_technique)Jun 17 15:42:03 httpd.portal(1970)
INFO: [mac:[undef]] Dealing with a endpoint / browser with captive-portal
detection capabilities while having a self-signed SSL certificate. Using HTTP
instead of HTTPS (pf::web::dispatcher::handler)Jun 17 15:42:03
httpd.portal(1970) INFO: [mac:[undef]] Instantiate a new iptables modification
method. pf::ipset (pf::inline::get_technique)Jun 17 15:42:05 httpd.portal(1968)
INFO: [mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:09 httpd.portal(1970) INFO:
[mac:unknown] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:10 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:10 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Authenticating user using sources :
local,file1,NL-AD01
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)Jun
17 15:42:11 httpd.portal(1970) ERROR: [mac:28:d2:44:08:2c:68] unable to read
password file '/usr/local/pf/conf/admin.conf'
(pf::Authentication::Source::HtpasswdSource::authenticate)Jun 17 15:42:11
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] [NL-AD01] Authentication
successful for testuser1
(pf::Authentication::Source::LDAPSource::authenticate)Jun 17 15:42:11
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Authentication successful for
'testuser1' in source NL-AD01 (AD) (pf::authentication::authenticate)Jun 17
15:42:11 httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Found source NL-AD01
in session. (Class::MOP::Class:::around)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Found source NL-AD01 in session.
(Class::MOP::Class:::around)Jun 17 15:42:11 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] Successfully authenticated testuser1
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)Jun
17 15:42:11 httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Found source
NL-AD01 in session. (Class::MOP::Class:::around)Jun 17 15:42:11
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] User testuser1 has
authenticated on the portal. (Class::MOP::Class:::after)Jun 17 15:42:11
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Found source NL-AD01 in
session. (Class::MOP::Class:::around)Jun 17 15:42:11 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] User testuser1 has authenticated on the portal.
(Class::MOP::Class:::after)Jun 17 15:42:11 httpd.portal(1970) WARN:
[mac:28:d2:44:08:2c:68] Calling match with empty/invalid rule class. Defaulting
to 'authentication' (pf::authentication::match)Jun 17 15:42:11
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Using sources NL-AD01 for
matching (pf::authentication::match)Jun 17 15:42:11 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] Matched rule (NL-AD) in source NL-AD01, returning
actions. (pf::Authentication::Source::match)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Found source NL-AD01 in session.
(Class::MOP::Class:::around)Jun 17 15:42:11 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] User testuser1 has authenticated on the portal.
(Class::MOP::Class:::after)Jun 17 15:42:11 httpd.portal(1970) WARN:
[mac:28:d2:44:08:2c:68] Calling match with empty/invalid rule class. Defaulting
to 'authentication' (pf::authentication::match)Jun 17 15:42:11
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Using sources NL-AD01 for
matching (pf::authentication::match)Jun 17 15:42:11 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] Matched rule (NL-AD) in source NL-AD01, returning
actions. (pf::Authentication::Source::match)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Found source NL-AD01 in session.
(Class::MOP::Class:::around)Jun 17 15:42:11 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] Found source NL-AD01 in session.
(Class::MOP::Class:::around)Jun 17 15:42:11 httpd.portal(1970) INFO:
[mac:unknown] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] User testuser1 has authenticated on the portal.
(Class::MOP::Class:::after)Jun 17 15:42:11 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] No provisioner found for 28:d2:44:08:2c:68. Continuing.
(captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)Jun
17 15:42:11 httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] User testuser1
has authenticated on the portal. (Class::MOP::Class:::after)Jun 17 15:42:11
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:unknown] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Releasing device
(captiveportal::PacketFence::DynamicRouting::Module::Root::release)Jun 17
15:42:11 httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new
iptables modification method. pf::ipset (pf::inline::get_technique)Jun 17
15:42:12 httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Instantiate profile
default (pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:12
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] re-evaluating access
(manage_register called) (pf::enforcement::reevaluate_access)Jun 17 15:42:12
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] is currentlog connected at
(192.168.1.14) ifIndex 12 registration
(pf::enforcement::_should_we_reassign_vlan)Jun 17 15:42:12 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:12 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Connection type is WIRED_MAC_AUTH. Getting role
from node_info (pf::role::getRegisteredRole)Jun 17 15:42:12 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Username was defined "28d244082c68" - returning
role 'NL_Employees' (pf::role::getRegisteredRole)Jun 17 15:42:12
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] PID: "testuser1", Status: reg
Returned VLAN: (undefined), Role: NL_Employees (pf::role::fetchRoleForNode)Jun
17 15:42:12 httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] VLAN reassignment
required (current VLAN = 260 but should be in VLAN 162)
(pf::enforcement::_should_we_reassign_vlan)Jun 17 15:42:12 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] switch port is (192.168.1.14) ifIndex 12
connection type: Wired MAC Auth (pf::enforcement::_vlan_reevaluation)Jun 17
15:42:15 httpd.portal(2123) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new
iptables modification method. pf::ipset (pf::inline::get_technique)Jun 17
15:42:25 httpd.portal(2130) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new
iptables modification method. pf::ipset (pf::inline::get_technique)Jun 17
15:42:33 httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Dealing with a
endpoint / browser with captive-portal detection capabilities while having a
self-signed SSL certificate. Using HTTP instead of HTTPS
(pf::web::dispatcher::handler)Jun 17 15:42:33 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] Instantiate a new iptables modification method.
pf::ipset (pf::inline::get_technique)Jun 17 15:42:33 httpd.portal(2128) INFO:
[mac:[undef]] Dealing with a endpoint / browser with captive-portal detection
capabilities while having a self-signed SSL certificate. Using HTTP instead of
HTTPS (pf::web::dispatcher::handler)Jun 17 15:42:33 httpd.portal(2128) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:35 httpd.portal(1972) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:45 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] Instantiate a new iptables modification method.
pf::ipset (pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:52 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:55 httpd.portal(2128) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:43:03 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] Dealing with a endpoint / browser with captive-portal
detection capabilities while having a self-signed SSL certificate. Using HTTP
instead of HTTPS (pf::web::dispatcher::handler)Jun 17 15:43:03
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:43:03
httpd.portal(2130) INFO: [mac:28:d2:44:08:2c:68] Dealing with a endpoint /
browser with captive-portal detection capabilities while having a self-signed
SSL certificate. Using HTTP instead of HTTPS (pf::web::dispatcher::handler)Jun
17 15:43:03 httpd.portal(2130) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new
iptables modification method. pf::ipset (pf::inline::get_technique)Jun 17
15:43:05 httpd.portal(2128) INFO: [mac:[undef]] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:43:15
httpd.portal(2130) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:43:25
httpd.portal(2123) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:43:33
httpd.portal(2128) INFO: [mac:[undef]] Dealing with a endpoint / browser with
captive-portal detection capabilities while having a self-signed SSL
certificate. Using HTTP instead of HTTPS (pf::web::dispatcher::handler)Jun 17
15:43:33 httpd.portal(2128) INFO: [mac:[undef]] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:43:33
httpd.portal(1968) INFO: [mac:[undef]] Dealing with a endpoint / browser with
captive-portal detection capabilities while having a self-signed SSL
certificate. Using HTTP instead of HTTPS (pf::web::dispatcher::handler)Jun 17
15:43:33 httpd.portal(1968) INFO: [mac:[undef]] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:43:35
httpd.portal(2123) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:44:03
httpd.portal(2128) INFO: [mac:[undef]] Dealing with a endpoint / browser with
captive-portal detection capabilities while having a self-signed SSL
certificate. Using HTTP instead of HTTPS (pf::web::dispatcher::handler)Jun 17
15:44:03 httpd.portal(2128) INFO: [mac:[undef]] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:44:03
httpd.portal(1968) INFO: [mac:[undef]] Dealing with a endpoint / browser with
captive-portal detection capabilities while having a self-signed SSL
certificate. Using HTTP instead of HTTPS (pf::web::dispatcher::handler)Jun 17
15:44:03 httpd.portal(1968) INFO: [mac:[undef]] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:44:33
httpd.portal(1972) INFO: [mac:[undef]] Dealing with a endpoint / browser with
captive-portal detection capabilities while having a self-signed SSL
certificate. Using HTTP instead of HTTPS (pf::web::dispatcher::handler)Jun 17
15:44:33 httpd.portal(1972) INFO: [mac:[undef]] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:44:33
httpd.portal(2123) INFO: [mac:28:d2:44:08:2c:68] Dealing with a endpoint /
browser with captive-portal detection capabilities while having a self-signed
SSL certificate. Using HTTP instead of HTTPS (pf::web::dispatcher::handler)Jun
17 15:44:33 httpd.portal(2123) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new
iptables modification method. pf::ipset (pf::inline::get_technique)
pfdhcplistener.log:
Jun 17 15:29:30 pfdhcplistener(2504) FATAL: The interface went down
(main::dhcp_detector)Jun 17 15:29:30 pfdhcplistener(2504) FATAL: The interface
went down at /usr/local/pf/sbin/pfdhcplistener line 185
(Log::Log4perl::Logger::logdie)Jun 17 15:29:30 pfdhcplistener(2504) ERROR: The
interface went down at /usr/local/pf/sbin/pfdhcplistener line 185
(Log::Log4perl::Logger::logdie)Jun 17 15:29:30 pfdhcplistener(2504) INFO:
stopping pfdhcplistener for interface eth1.260 (main::END)Jun 17 15:29:31
pfdhcplistener(2508) FATAL: The interface went down (main::dhcp_detector)Jun 17
15:29:31 pfdhcplistener(2508) FATAL: The interface went down at
/usr/local/pf/sbin/pfdhcplistener line 185 (Log::Log4perl::Logger::logdie)Jun
17 15:29:31 pfdhcplistener(2508) ERROR: The interface went down at
/usr/local/pf/sbin/pfdhcplistener line 185 (Log::Log4perl::Logger::logdie)Jun
17 15:29:31 pfdhcplistener(2508) INFO: stopping pfdhcplistener for interface
eth1.360 (main::END)Jun 17 15:29:32 pfdhcplistener(2512) FATAL: The interface
went down (main::dhcp_detector)Jun 17 15:29:32 pfdhcplistener(2512) FATAL: The
interface went down at /usr/local/pf/sbin/pfdhcplistener line 185
(Log::Log4perl::Logger::logdie)Jun 17 15:29:32 pfdhcplistener(2512) ERROR: The
interface went down at /usr/local/pf/sbin/pfdhcplistener line 185
(Log::Log4perl::Logger::logdie)Jun 17 15:29:32 pfdhcplistener(2512) INFO:
stopping pfdhcplistener for interface eth0 (main::END)Jun 17 15:34:57
pfdhcplistener(1947) INFO: pfdhcplistener_eth1.260 starting and writing 1947 to
/usr/local/pf/var/run/pfdhcplistener_eth1.260.pid
(pf::services::util::createpid)Jun 17 15:34:57 pfdhcplistener(1947) INFO: DHCP
detector on eth1.260 enabled (main::)Jun 17 15:34:57 pfdhcplistener(1947) INFO:
Reload configuration on eth1.260 with status 0 (main::reload_config)Jun 17
15:35:04 pfdhcplistener(1951) INFO: pfdhcplistener_eth1.360 starting and
writing 1951 to /usr/local/pf/var/run/pfdhcplistener_eth1.360.pid
(pf::services::util::createpid)Jun 17 15:35:05 pfdhcplistener(1951) INFO: DHCP
detector on eth1.360 enabled (main::)Jun 17 15:35:05 pfdhcplistener(1951) INFO:
Reload configuration on eth1.360 with status 0 (main::reload_config)Jun 17
15:35:12 pfdhcplistener(1955) INFO: pfdhcplistener_eth0 starting and writing
1955 to /usr/local/pf/var/run/pfdhcplistener_eth0.pid
(pf::services::util::createpid)Jun 17 15:35:12 pfdhcplistener(1955) WARN:
Unable to open VLAN proc description for eth0: No such file or directory
(pf::util::get_vlan_from_int)Jun 17 15:35:12 pfdhcplistener(1955) INFO: DHCP
detector on eth0 enabled (main::)Jun 17 15:35:12 pfdhcplistener(1955) INFO:
Reload configuration on eth0 with status 0 (main::reload_config)Jun 17 15:41:40
pfqueue(1933) INFO: [mac:unknown] DHCPREQUEST from 28:d2:44:08:2c:68
(10.160.10.10) (pf::dhcp::processor::parse_dhcp_request)Jun 17 15:41:40
pfqueue(1932) INFO: [mac:unknown] DHCPACK from 10.160.10.254
(00:14:22:16:c0:3e) to host 28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:41:40 pfqueue(1933) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:41:40 pfqueue(1932) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:41:40 pfqueue(1932) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:41:40 pfqueue(1931) INFO:
[mac:unknown] DHCPOFFER from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) (pf::dhcp::processor::parse_dhcp_offer)Jun 17
15:41:40 pfqueue(1933) INFO: [mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68
requested an IP with the following informations: last_dhcp = 2016-06-17
15:41:40,computername = NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:41:55 pfqueue(1931) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:41:55 pfqueue(1931) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:41:55 pfqueue(1931) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:41:55 pfqueue(1934) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:41:55,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:41:57 pfqueue(1932) INFO:
[mac:unknown] Unseen before node added: 50:7b:9d:51:89:e2
(pf::dhcp::processor::process_packet)Jun 17 15:41:57 pfqueue(1932) INFO:
[mac:unknown] DHCPREQUEST from 50:7b:9d:51:89:e2 (192.168.1.190)
(pf::dhcp::processor::parse_dhcp_request)Jun 17 15:41:57 pfqueue(1932) INFO:
[mac:unknown] The listener process is NOT on the same server as the DHCP
server. (pf::dhcp::processor::pf_is_dhcp)Jun 17 15:41:57 pfqueue(1932) INFO:
[mac:unknown] Updating iplog and SSO for 50:7b:9d:51:89:e2 -> 192.168.1.190
(pf::dhcp::processor::handle_new_ip)Jun 17 15:41:57 pfqueue(1932) INFO:
[mac:50:7b:9d:51:89:e2] 50:7b:9d:51:89:e2 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:41:57,computername =
NLUSHQN184NF,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:42:07 pfqueue(1931) INFO:
[mac:unknown] DHCPREQUEST from 50:7b:9d:51:89:e2 (192.168.1.190)
(pf::dhcp::processor::parse_dhcp_request)Jun 17 15:42:07 pfqueue(1931) INFO:
[mac:unknown] The listener process is NOT on the same server as the DHCP
server. (pf::dhcp::processor::pf_is_dhcp)Jun 17 15:42:07 pfqueue(1931) INFO:
[mac:unknown] Updating iplog and SSO for 50:7b:9d:51:89:e2 -> 192.168.1.190
(pf::dhcp::processor::handle_new_ip)Jun 17 15:42:07 pfqueue(1931) INFO:
[mac:50:7b:9d:51:89:e2] 50:7b:9d:51:89:e2 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:42:07,computername =
NLUSHQN184NF,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:42:10 pfqueue(1932) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:42:10 pfqueue(1932) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:42:10 pfqueue(1932) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:42:10 pfqueue(1934) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:42:10,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:42:25 pfqueue(1934) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:42:25 pfqueue(1934) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:42:25 pfqueue(1934) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:42:25 pfqueue(1932) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:42:25,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:42:40 pfqueue(1932) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:42:40 pfqueue(1932) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:42:40 pfqueue(1932) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:42:40 pfqueue(1931) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:42:40,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:42:55 pfqueue(1931) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:42:55 pfqueue(1931) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:42:55 pfqueue(1931) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:42:55 pfqueue(1933) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:42:55,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:43:10 pfqueue(1933) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:43:10 pfqueue(1933) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:43:10 pfqueue(1933) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:43:10 pfqueue(1931) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:43:10,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:43:25 pfqueue(1931) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:43:25 pfqueue(1931) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:43:25 pfqueue(1931) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:43:25 pfqueue(1933) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:43:25,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:43:40 pfqueue(1933) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:43:40 pfqueue(1933) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:43:40 pfqueue(1933) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:43:40 pfqueue(1931) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:43:40,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:43:55 pfqueue(1931) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:43:55 pfqueue(1931) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:43:55 pfqueue(1931) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:43:55 pfqueue(1934) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:43:55,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:44:10 pfqueue(1931) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:44:10 pfqueue(1931) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:44:10 pfqueue(1931) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:44:10 pfqueue(1932) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:44:10,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:44:25 pfqueue(1931) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:44:25 pfqueue(1931) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:44:25 pfqueue(1931) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:44:25 pfqueue(1932) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:44:25,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:44:40 pfqueue(1931) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:44:40 pfqueue(1931) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:44:40 pfqueue(1931) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:44:40 pfqueue(1932) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:44:40,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)
Thank you,VianneyTo: [email protected]
From: [email protected]
Date: Fri, 17 Jun 2016 12:44:33 -0400
Subject: Re: [PacketFence-users] Cisco Catalyst 3550 - Registration VLAN
Vianney,
Did you configure your IP helpers?
Try looking at the following section
https://packetfence.org/doc/PacketFence_Administration_Guide.html#_production_dhcp_access
(12.9.1 particularly) that should do the trick for your issue.
Thanks
On 06/17/2016 11:31 AM, Vianney Amador
wrote:
Hi Antoine,
Thanks for your prompt response.
VLAN 260 is my Registration VLAN, and the VLAN 162 is my
production VLAN (DHCP provided by my DC).
Removing
"role mapping by switch role" from the Switch configuration
on PF made the trick, the PC is assigned an IP from the
registration VLAN DHCP and opens the browser for
authentication.
Once my AD credentials are entered,
the PF shows this on the browser:
Enabling network access.
Then shows: Unable to detect network connectivity. Try
restarting your browser or opening a new tab to see if your
access has been successfully granted
Here is the packetfence.log for this matter:
Jun 17 11:21:25 httpd.portal(3147) INFO: [mac:unknown]
Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jun 17 11:21:25 httpd.portal(3147) INFO:
[mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jun 17 11:21:25 httpd.portal(3147) INFO:
[mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jun 17 11:21:25 httpd.portal(3147) INFO:
[mac:28:d2:44:08:2c:68] Releasing device
(captiveportal::PacketFence::DynamicRouting::Module::Root::release)
Jun 17 11:21:25 httpd.portal(3147) INFO:
[mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)
Jun 17 11:21:25 httpd.portal(3147) INFO:
[mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jun 17 11:21:25 httpd.portal(3147) INFO:
[mac:28:d2:44:08:2c:68] re-evaluating access
(manage_register called)
(pf::enforcement::reevaluate_access)
Jun 17 11:21:25 httpd.portal(3147) INFO:
[mac:28:d2:44:08:2c:68] is currentlog connected at
(192.168.1.14) ifIndex 12 registration
(pf::enforcement::_should_we_reassign_vlan)
Jun 17 11:21:25 httpd.portal(3147) INFO:
[mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)
Jun 17 11:21:25 httpd.portal(3147) INFO:
[mac:28:d2:44:08:2c:68] Connection type is WIRED_MAC_AUTH.
Getting role from node_info (pf::role::getRegisteredRole)
Jun 17 11:21:25 httpd.portal(3147) INFO:
[mac:28:d2:44:08:2c:68] Username was defined "28d244082c68"
- returning role 'NL_Employees'
(pf::role::getRegisteredRole)
Jun 17 11:21:25 httpd.portal(3147) INFO:
[mac:28:d2:44:08:2c:68] PID: "testuser1", Status: reg
Returned VLAN: (undefined), Role: NL_Employees
(pf::role::fetchRoleForNode)
Jun 17 11:21:25 httpd.portal(3147) INFO:
[mac:28:d2:44:08:2c:68] VLAN reassignment required (current
VLAN = 260 but should be in VLAN 162)
(pf::enforcement::_should_we_reassign_vlan)
Jun 17 11:21:25 httpd.portal(3147) INFO:
[mac:28:d2:44:08:2c:68] switch port is (192.168.1.14)
ifIndex 12 connection type: Wired MAC Auth
(pf::enforcement::_vlan_reevaluation)
Jun 17 11:21:27 httpd.portal(3268) INFO:
[mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)
Jun 17 11:21:28 httpd.portal(3142) INFO:
[mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)
Jun 17 11:21:29 httpd.portal(3268) INFO:
[mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)
Jun 17 11:21:29 httpd.portal(3326) INFO:
[mac:28:d2:44:08:2c:68] Dealing with a endpoint / browser
with captive-portal detection capabilities while having a
self-signed SSL certificate. Using HTTP instead of HTTPS
(pf::web::dispatcher::handler)
Jun 17 11:21:29 httpd.portal(3326) INFO:
[mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)
Jun 17 11:21:30 httpd.portal(3268) INFO:
[mac:28:d2:44:08:2c:68] Dealing with a endpoint / browser
with captive-portal detection capabilities while having a
self-signed SSL certificate. Using HTTP instead of HTTPS
(pf::web::dispatcher::handler)
Jun 17 11:21:30 httpd.portal(3268) INFO:
[mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)
Jun 17 11:21:38 httpd.portal(3326) INFO:
[mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)
Jun 17 11:21:48 httpd.portal(3147) INFO:
[mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)
Jun 17 11:21:58 httpd.portal(3140) INFO:
[mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)
Jun 17 11:21:59 httpd.portal(3144) INFO:
[mac:28:d2:44:08:2c:68] Dealing with a endpoint / browser
with captive-portal detection capabilities while having a
self-signed SSL certificate. Using HTTP instead of HTTPS
(pf::web::dispatcher::handler)
Jun 17 11:21:59 httpd.portal(3144) INFO:
[mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)
Jun 17 11:22:00 httpd.portal(3142) INFO:
[mac:28:d2:44:08:2c:68] Dealing with a endpoint / browser
with captive-portal detection capabilities while having a
self-signed SSL certificate. Using HTTP instead of HTTPS
(pf::web::dispatcher::handler)
Jun 17 11:22:00 httpd.portal(3142) INFO:
[mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique).
If the Ethernet cable from the PC is unplugged and then
plug back in or if its NIC is desabled/Enabled in Windows,
then the PC is granted access to my produection VLAN (162).
Is this the expected behavior? if not, could you please
help me out with this?
Thank you!
To:
[email protected]
From: [email protected]
Date: Fri, 17 Jun 2016 10:20:23 -0400
Subject: Re: [PacketFence-users] Cisco Catalyst 3550 -
Registration VLAN
Hello Vianney,
First check out your switch configuration(tab roles) at the
moment you have switch by role and switch by VLAN selected,
you should remove "role mapping by switch role".
PacketFence seems to answer to the switch RADIUS request
properly.
Is VLAN 260 your production VLAN, if yes it spanned to this
port?
Remember that PacketFence IS NOT a DHCP server on your
production VLAN, we assume that you have your own server for
that.
Thank you
On 06/17/2016 09:38 AM,
Vianney Amador wrote:
Hi guys,
I am pretty much new to this world of
Packagefence, I am testing this using a Cisco
Catalyst 3550 with the latest IOS available.
I created my registration, isolation and normal
VLANs on both the PF server interface and Switch.
I added this switch on PF using the parameters
specified on the official documentation, also set up
the switch using the 3550
(802.1x with MAB) configuration.
Created a source
for Active Directory authentication.
I setup one of the ports on the switch with the
parameters for the registration VLAN, the PC
(Windows 10) automatically acquired an IP address
from this subnet, so when I opened the browser
forced me to authenticate, so I put it my AD
credentials and got authenticated.
When I connect the same PC on a port setup as
specified on the official documentation, the PC WILL
NOT get an IP address:
switchport mode access
dot1x mac-auth-bypass
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
dot1x timeout quiet-period 2
dot1x timeout reauth-period 7200
dot1x timeout tx-period 3
dot1x reauthentication
Here is the log from the packetfense.log:
Jun 17 09:50:05 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] handling radius autz
request: from switch_ip => (192.168.1.14),
connection_type => WIRED_MAC_AUTH,switch_mac
=> (00:11:92:b1:81:86), mac =>
[28:d2:44:08:2c:68], port => 6, username =>
"28d244082c68" (pf::radius::authorize)
Jun 17 09:50:05 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] is of status unreg;
belongs into registration VLAN
(pf::role::getRegistrationRole)
Jun 17 09:50:05 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] (192.168.1.14) Added VLAN
260 to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)
Jun 17 09:50:05 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] (192.168.1.14) Added role
registration to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)
Jun 17 09:50:20 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] handling radius autz
request: from switch_ip => (192.168.1.14),
connection_type => WIRED_MAC_AUTH,switch_mac
=> (00:11:92:b1:81:86), mac =>
[28:d2:44:08:2c:68], port => 6, username =>
"28d244082c68" (pf::radius::authorize)
Jun 17 09:50:20 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] is of status unreg;
belongs into registration VLAN
(pf::role::getRegistrationRole)
Jun 17 09:50:20 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] (192.168.1.14) Added VLAN
260 to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)
Jun 17 09:50:20 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] (192.168.1.14) Added role
registration to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)
Jun 17 09:50:29 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] handling radius autz
request: from switch_ip => (192.168.1.14),
connection_type => WIRED_MAC_AUTH,switch_mac
=> (00:11:92:b1:81:86), mac =>
[28:d2:44:08:2c:68], port => 6, username =>
"28d244082c68" (pf::radius::authorize)
Jun 17 09:50:29 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] is of status unreg;
belongs into registration VLAN
(pf::role::getRegistrationRole)
Jun 17 09:50:29 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] (192.168.1.14) Added VLAN
260 to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)
Jun 17 09:50:29 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] (192.168.1.14) Added role
registration to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)
Any thoughts?
Please advise,
Vianney
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Antoine Amacher
[email protected] :: +1.514.447.4918 *130 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
What
NetFlow Analyzer can do for you? Monitors network bandwidth
and traffic
patterns at an interface-level. Reveals which users, apps,
and protocols are consuming the most bandwidth. Provides
multi-vendor support for NetFlow, J-Flow, sFlow and other
flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Antoine Amacher
[email protected] :: +1.514.447.4918 *130 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
