Vianney,
Configuration looks good,
this is are requests from PacketFence to verify the internet acces,, nothing to
worry about there.
What is the state of your device after the authentication, on the switch.
Is your production vlan properly apply to the port where your device is
plugged?
You could run a debug on the switch, click on 'reevaluate access' and see the
output in the switch console.
You could also try the following, create a file txt with this
content:Calling-Station-Id = "00:23:6c:90:cb:1c"
Service-Type = "Login-User"
Replace the mac by your device mac, and execute the following in
packetfence-cli:
cat your_file.txt | radclient -x switch_ip:3799 disconnect secretRadius
Let us know the results.
Thanks,
On Monday, June 20, 2016 16:40 EDT, Vianney Amador <[email protected]>
wrote:
Something funny I just noticed on my browser (requests in the Network
Panel), please refer to the following URL for screenshots:
https://postimg.org/image/ng76lilpj/ https://postimg.org/image/z352rjks7/
Please advise,Vianney
______________________________________________________________________________
From: [email protected]
To: [email protected]
Date: Mon, 20 Jun 2016 14:27:24 +0000
Subject: Re: [PacketFence-users] Cisco Catalyst 3550 - Registration VLAN
switch.conf:
[192.168.1.14]mode=productionVoIPCDPDetect=NNL_EmployeesVlan=162VoIPDHCPDetect=NAccessListMap=Ndescription=Cisco
Catalyst
3550UrlMap=NregistrationVlan=260deauthMethod=RADIUStype=Cisco::Catalyst_3550VoIPLLDPDetect=NisolationVlan=360radiusSecret=radiusSecretPasswordvoiceVlan=20RoleMap=N
-----------------------------------------------------------------------------------------------------------------------------------------------------
Cisco Catalyst 3550 - PF config: dot1x system-auth-controlaaa new-modelaaa
group server radius packetfenceserver 192.168.1.31 auth-port 1812 acct-port
1813aaa authentication login default localaaa authentication dot1x default
group packetfenceaaa authorization network default group packetfence
radius-server host 192.168.1.31 auth-port 1812 acct-port 1813 timeout 2 key
radiusSecretPasswordradius-server vsa send authentication aaa server radius
dynamic-authorclient 192.168.1.31 server-key radiusSecretPasswordport 3799
snmp-server community public RO int range f0/1 - 24switchport mode accessdot1x
mac-auth-bypassdot1x pae authenticatordot1x port-control autodot1x
violation-mode protectdot1x timeout quiet-period 2dot1x timeout reauth-period
7200dot1x timeout tx-period 3dot1x reauthenticationspanning-tree portfast
Thank you!
______________________________________________________________________________
To: [email protected]
From: [email protected]
Date: Mon, 20 Jun 2016 09:58:08 -0400
Subject: Re: [PacketFence-users] Cisco Catalyst 3550 - Registration VLAN
Hello Vianney,
If the reevluate access is not working it most likely mean that there is an
issue with your radius disconnect, vlan re-assignement after the reg.
Could you link your whole switch configuration related to PacketFence (not only
the port). Please also provide your conf/switch.conf (at least the relevant
section). Don't forget to remove sensible data if there is.
Thanks,
On 06/20/2016 08:11 AM, Vianney Amador wrote:Hi again Antoine, I already tried
the 'reevaluate access' with no success. Also I set the "DHCP Remote Sensor" on
my DC which is a DHCP server with no success either.
Any other thoughts?
Thank
you,Vianney______________________________________________________________________________
From: [email protected]
To: [email protected]
Date: Fri, 17 Jun 2016 20:31:19 +0000
Subject: Re: [PacketFence-users] Cisco Catalyst 3550 - Registration VLAN
Hey Antoine, CoA configuration is enabled: aaa server radius dynamic-author
client 192.168.1.31 server-key 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX port 3799
This Cisco Catalyst 3550 is configured step by step following the office
"PacketFence_Network_Devices_Configuration_Guide" ;-) Please
advise,Vianney______________________________________________________________________________
To: [email protected]
From: [email protected]
Date: Fri, 17 Jun 2016 16:10:01 -0400
Subject: Re: [PacketFence-users] Cisco Catalyst 3550 - Registration VLAN
Hi Vianney,
Is the CoA allowed on your switch?
You could try to use the 'reevaluate access' button from the node modification
popup page.
Look for 'CoA configuration' under this section:
https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_cisco
thanks
On Friday, June 17, 2016 15:42 EDT, Vianney Amador <[email protected]>
wrote:
Hi Antoine, I followed the instructions from the link you shared regarding
the configuration of the ip-helper (Add PacketFence’s management IP address as
the last ip helper-address statement in your network equipment) on my
production VLAN, but that did not helpl, unless the NIC is disabled/enabled or
the Ethernet cable unplug/re-plug after a successful registration, the PC will
not be assigned to my production VLAN (162). Please refer to: packetfence.log:
Jun 17 15:41:32 httpd.aaa(1851) INFO: [mac:28:d2:44:08:2c:68] handling radius
autz request: from switch_ip => (192.168.1.14), connection_type =>
WIRED_MAC_AUTH,switch_mac => (00:11:92:b1:81:8c), mac => [28:d2:44:08:2c:68],
port => 12, username => "28d244082c68" (pf::radius::authorize)Jun 17 15:41:32
httpd.aaa(1851) INFO: [mac:28:d2:44:08:2c:68] is of status unreg; belongs into
registration VLAN (pf::role::getRegistrationRole)Jun 17 15:41:32
httpd.aaa(1851) INFO: [mac:28:d2:44:08:2c:68] (192.168.1.14) Added VLAN 260 to
the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)Jun 17
15:41:40 httpd.portal(1972) INFO: [mac:[undef]] Dealing with a endpoint /
browser with captive-portal detection capabilities while having a self-signed
SSL certificate. Using HTTP instead of HTTPS (pf::web::dispatcher::handler)Jun
17 15:41:40 httpd.portal(1972) INFO: [mac:[undef]] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:41:40
httpd.portal(1968) INFO: [mac:[undef]] Instantiate a new iptables modification
method. pf::ipset (pf::inline::get_technique)Jun 17 15:41:40 httpd.portal(1974)
INFO: [mac:[undef]] Dealing with a endpoint / browser with captive-portal
detection capabilities while having a self-signed SSL certificate. Using HTTP
instead of HTTPS (pf::web::dispatcher::handler)Jun 17 15:41:40
httpd.portal(1974) INFO: [mac:[undef]] Instantiate a new iptables modification
method. pf::ipset (pf::inline::get_technique)Jun 17 15:41:41 httpd.portal(1972)
INFO: [mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:41:42 httpd.portal(2123) INFO:
[mac:unknown] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:41:42 httpd.portal(2123)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:41:42 httpd.portal(2123)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:41:42 httpd.portal(2123)
INFO: [mac:28:d2:44:08:2c:68] Updating node user_agent with useragent:
'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/51.0.2704.84 Safari/537.36'
(captiveportal::PacketFence::DynamicRouting::Application::process_user_agent)Jun
17 15:41:42 httpd.portal(2123) INFO: [mac:28:d2:44:08:2c:68] Static User-Agent
lookup data initialized (pf::useragent::_init)Jun 17 15:41:42
httpd.portal(1974) INFO: [mac:[undef]] Instantiate a new iptables modification
method. pf::ipset (pf::inline::get_technique)Jun 17 15:41:42 httpd.portal(1974)
INFO: [mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:41:45 httpd.portal(2130) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:41:50 httpd.portal(1972) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:41:50 httpd.portal(1974) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:41:50 httpd.portal(2128) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:41:55 httpd.portal(2123) INFO:
[mac:28:d2:44:08:2c:68] Instantiate a new iptables modification method.
pf::ipset (pf::inline::get_technique)Jun 17 15:41:56 httpd.portal(2130) INFO:
[mac:unknown] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:41:56 httpd.portal(2130)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:41:56 httpd.portal(2130)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:41:56 httpd.portal(2130)
INFO: [mac:unknown] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:41:57 httpd.portal(2130)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:41:57 httpd.portal(2130)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:03 httpd.portal(2128)
INFO: [mac:[undef]] Dealing with a endpoint / browser with captive-portal
detection capabilities while having a self-signed SSL certificate. Using HTTP
instead of HTTPS (pf::web::dispatcher::handler)Jun 17 15:42:03
httpd.portal(2128) INFO: [mac:[undef]] Instantiate a new iptables modification
method. pf::ipset (pf::inline::get_technique)Jun 17 15:42:03 httpd.portal(1970)
INFO: [mac:[undef]] Dealing with a endpoint / browser with captive-portal
detection capabilities while having a self-signed SSL certificate. Using HTTP
instead of HTTPS (pf::web::dispatcher::handler)Jun 17 15:42:03
httpd.portal(1970) INFO: [mac:[undef]] Instantiate a new iptables modification
method. pf::ipset (pf::inline::get_technique)Jun 17 15:42:05 httpd.portal(1968)
INFO: [mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:09 httpd.portal(1970) INFO:
[mac:unknown] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:10 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:10 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Authenticating user using sources :
local,file1,NL-AD01
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)Jun
17 15:42:11 httpd.portal(1970) ERROR: [mac:28:d2:44:08:2c:68] unable to read
password file '/usr/local/pf/conf/admin.conf'
(pf::Authentication::Source::HtpasswdSource::authenticate)Jun 17 15:42:11
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] [NL-AD01] Authentication
successful for testuser1
(pf::Authentication::Source::LDAPSource::authenticate)Jun 17 15:42:11
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Authentication successful for
'testuser1' in source NL-AD01 (AD) (pf::authentication::authenticate)Jun 17
15:42:11 httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Found source NL-AD01
in session. (Class::MOP::Class:::around)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Found source NL-AD01 in session.
(Class::MOP::Class:::around)Jun 17 15:42:11 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] Successfully authenticated testuser1
(captiveportal::PacketFence::DynamicRouting::Module::Authentication::Login::authenticate)Jun
17 15:42:11 httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Found source
NL-AD01 in session. (Class::MOP::Class:::around)Jun 17 15:42:11
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] User testuser1 has
authenticated on the portal. (Class::MOP::Class:::after)Jun 17 15:42:11
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Found source NL-AD01 in
session. (Class::MOP::Class:::around)Jun 17 15:42:11 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] User testuser1 has authenticated on the portal.
(Class::MOP::Class:::after)Jun 17 15:42:11 httpd.portal(1970) WARN:
[mac:28:d2:44:08:2c:68] Calling match with empty/invalid rule class. Defaulting
to 'authentication' (pf::authentication::match)Jun 17 15:42:11
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Using sources NL-AD01 for
matching (pf::authentication::match)Jun 17 15:42:11 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] Matched rule (NL-AD) in source NL-AD01, returning
actions. (pf::Authentication::Source::match)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Found source NL-AD01 in session.
(Class::MOP::Class:::around)Jun 17 15:42:11 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] User testuser1 has authenticated on the portal.
(Class::MOP::Class:::after)Jun 17 15:42:11 httpd.portal(1970) WARN:
[mac:28:d2:44:08:2c:68] Calling match with empty/invalid rule class. Defaulting
to 'authentication' (pf::authentication::match)Jun 17 15:42:11
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Using sources NL-AD01 for
matching (pf::authentication::match)Jun 17 15:42:11 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] Matched rule (NL-AD) in source NL-AD01, returning
actions. (pf::Authentication::Source::match)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Found source NL-AD01 in session.
(Class::MOP::Class:::around)Jun 17 15:42:11 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] Found source NL-AD01 in session.
(Class::MOP::Class:::around)Jun 17 15:42:11 httpd.portal(1970) INFO:
[mac:unknown] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] User testuser1 has authenticated on the portal.
(Class::MOP::Class:::after)Jun 17 15:42:11 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] No provisioner found for 28:d2:44:08:2c:68. Continuing.
(captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child)Jun
17 15:42:11 httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] User testuser1
has authenticated on the portal. (Class::MOP::Class:::after)Jun 17 15:42:11
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:unknown] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:11 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Releasing device
(captiveportal::PacketFence::DynamicRouting::Module::Root::release)Jun 17
15:42:11 httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new
iptables modification method. pf::ipset (pf::inline::get_technique)Jun 17
15:42:12 httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Instantiate profile
default (pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:12
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] re-evaluating access
(manage_register called) (pf::enforcement::reevaluate_access)Jun 17 15:42:12
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] is currentlog connected at
(192.168.1.14) ifIndex 12 registration
(pf::enforcement::_should_we_reassign_vlan)Jun 17 15:42:12 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 15:42:12 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Connection type is WIRED_MAC_AUTH. Getting role
from node_info (pf::role::getRegisteredRole)Jun 17 15:42:12 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] Username was defined "28d244082c68" - returning
role 'NL_Employees' (pf::role::getRegisteredRole)Jun 17 15:42:12
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] PID: "testuser1", Status: reg
Returned VLAN: (undefined), Role: NL_Employees (pf::role::fetchRoleForNode)Jun
17 15:42:12 httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] VLAN reassignment
required (current VLAN = 260 but should be in VLAN 162)
(pf::enforcement::_should_we_reassign_vlan)Jun 17 15:42:12 httpd.portal(1970)
INFO: [mac:28:d2:44:08:2c:68] switch port is (192.168.1.14) ifIndex 12
connection type: Wired MAC Auth (pf::enforcement::_vlan_reevaluation)Jun 17
15:42:15 httpd.portal(2123) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new
iptables modification method. pf::ipset (pf::inline::get_technique)Jun 17
15:42:25 httpd.portal(2130) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new
iptables modification method. pf::ipset (pf::inline::get_technique)Jun 17
15:42:33 httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Dealing with a
endpoint / browser with captive-portal detection capabilities while having a
self-signed SSL certificate. Using HTTP instead of HTTPS
(pf::web::dispatcher::handler)Jun 17 15:42:33 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] Instantiate a new iptables modification method.
pf::ipset (pf::inline::get_technique)Jun 17 15:42:33 httpd.portal(2128) INFO:
[mac:[undef]] Dealing with a endpoint / browser with captive-portal detection
capabilities while having a self-signed SSL certificate. Using HTTP instead of
HTTPS (pf::web::dispatcher::handler)Jun 17 15:42:33 httpd.portal(2128) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:35 httpd.portal(1972) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:45 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] Instantiate a new iptables modification method.
pf::ipset (pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:51 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:52 httpd.portal(1968) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:42:55 httpd.portal(2128) INFO:
[mac:[undef]] Instantiate a new iptables modification method. pf::ipset
(pf::inline::get_technique)Jun 17 15:43:03 httpd.portal(1970) INFO:
[mac:28:d2:44:08:2c:68] Dealing with a endpoint / browser with captive-portal
detection capabilities while having a self-signed SSL certificate. Using HTTP
instead of HTTPS (pf::web::dispatcher::handler)Jun 17 15:43:03
httpd.portal(1970) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:43:03
httpd.portal(2130) INFO: [mac:28:d2:44:08:2c:68] Dealing with a endpoint /
browser with captive-portal detection capabilities while having a self-signed
SSL certificate. Using HTTP instead of HTTPS (pf::web::dispatcher::handler)Jun
17 15:43:03 httpd.portal(2130) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new
iptables modification method. pf::ipset (pf::inline::get_technique)Jun 17
15:43:05 httpd.portal(2128) INFO: [mac:[undef]] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:43:15
httpd.portal(2130) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:43:25
httpd.portal(2123) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:43:33
httpd.portal(2128) INFO: [mac:[undef]] Dealing with a endpoint / browser with
captive-portal detection capabilities while having a self-signed SSL
certificate. Using HTTP instead of HTTPS (pf::web::dispatcher::handler)Jun 17
15:43:33 httpd.portal(2128) INFO: [mac:[undef]] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:43:33
httpd.portal(1968) INFO: [mac:[undef]] Dealing with a endpoint / browser with
captive-portal detection capabilities while having a self-signed SSL
certificate. Using HTTP instead of HTTPS (pf::web::dispatcher::handler)Jun 17
15:43:33 httpd.portal(1968) INFO: [mac:[undef]] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:43:35
httpd.portal(2123) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:44:03
httpd.portal(2128) INFO: [mac:[undef]] Dealing with a endpoint / browser with
captive-portal detection capabilities while having a self-signed SSL
certificate. Using HTTP instead of HTTPS (pf::web::dispatcher::handler)Jun 17
15:44:03 httpd.portal(2128) INFO: [mac:[undef]] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:44:03
httpd.portal(1968) INFO: [mac:[undef]] Dealing with a endpoint / browser with
captive-portal detection capabilities while having a self-signed SSL
certificate. Using HTTP instead of HTTPS (pf::web::dispatcher::handler)Jun 17
15:44:03 httpd.portal(1968) INFO: [mac:[undef]] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:44:33
httpd.portal(1972) INFO: [mac:[undef]] Dealing with a endpoint / browser with
captive-portal detection capabilities while having a self-signed SSL
certificate. Using HTTP instead of HTTPS (pf::web::dispatcher::handler)Jun 17
15:44:33 httpd.portal(1972) INFO: [mac:[undef]] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 15:44:33
httpd.portal(2123) INFO: [mac:28:d2:44:08:2c:68] Dealing with a endpoint /
browser with captive-portal detection capabilities while having a self-signed
SSL certificate. Using HTTP instead of HTTPS (pf::web::dispatcher::handler)Jun
17 15:44:33 httpd.portal(2123) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new
iptables modification method. pf::ipset (pf::inline::get_technique)
pfdhcplistener.log: Jun 17 15:29:30 pfdhcplistener(2504) FATAL: The interface
went down (main::dhcp_detector)Jun 17 15:29:30 pfdhcplistener(2504) FATAL: The
interface went down at /usr/local/pf/sbin/pfdhcplistener line 185
(Log::Log4perl::Logger::logdie)Jun 17 15:29:30 pfdhcplistener(2504) ERROR: The
interface went down at /usr/local/pf/sbin/pfdhcplistener line 185
(Log::Log4perl::Logger::logdie)Jun 17 15:29:30 pfdhcplistener(2504) INFO:
stopping pfdhcplistener for interface eth1.260 (main::END)Jun 17 15:29:31
pfdhcplistener(2508) FATAL: The interface went down (main::dhcp_detector)Jun 17
15:29:31 pfdhcplistener(2508) FATAL: The interface went down at
/usr/local/pf/sbin/pfdhcplistener line 185 (Log::Log4perl::Logger::logdie)Jun
17 15:29:31 pfdhcplistener(2508) ERROR: The interface went down at
/usr/local/pf/sbin/pfdhcplistener line 185 (Log::Log4perl::Logger::logdie)Jun
17 15:29:31 pfdhcplistener(2508) INFO: stopping pfdhcplistener for interface
eth1.360 (main::END)Jun 17 15:29:32 pfdhcplistener(2512) FATAL: The interface
went down (main::dhcp_detector)Jun 17 15:29:32 pfdhcplistener(2512) FATAL: The
interface went down at /usr/local/pf/sbin/pfdhcplistener line 185
(Log::Log4perl::Logger::logdie)Jun 17 15:29:32 pfdhcplistener(2512) ERROR: The
interface went down at /usr/local/pf/sbin/pfdhcplistener line 185
(Log::Log4perl::Logger::logdie)Jun 17 15:29:32 pfdhcplistener(2512) INFO:
stopping pfdhcplistener for interface eth0 (main::END)Jun 17 15:34:57
pfdhcplistener(1947) INFO: pfdhcplistener_eth1.260 starting and writing 1947 to
/usr/local/pf/var/run/pfdhcplistener_eth1.260.pid
(pf::services::util::createpid)Jun 17 15:34:57 pfdhcplistener(1947) INFO: DHCP
detector on eth1.260 enabled (main::)Jun 17 15:34:57 pfdhcplistener(1947) INFO:
Reload configuration on eth1.260 with status 0 (main::reload_config)Jun 17
15:35:04 pfdhcplistener(1951) INFO: pfdhcplistener_eth1.360 starting and
writing 1951 to /usr/local/pf/var/run/pfdhcplistener_eth1.360.pid
(pf::services::util::createpid)Jun 17 15:35:05 pfdhcplistener(1951) INFO: DHCP
detector on eth1.360 enabled (main::)Jun 17 15:35:05 pfdhcplistener(1951) INFO:
Reload configuration on eth1.360 with status 0 (main::reload_config)Jun 17
15:35:12 pfdhcplistener(1955) INFO: pfdhcplistener_eth0 starting and writing
1955 to /usr/local/pf/var/run/pfdhcplistener_eth0.pid
(pf::services::util::createpid)Jun 17 15:35:12 pfdhcplistener(1955) WARN:
Unable to open VLAN proc description for eth0: No such file or directory
(pf::util::get_vlan_from_int)Jun 17 15:35:12 pfdhcplistener(1955) INFO: DHCP
detector on eth0 enabled (main::)Jun 17 15:35:12 pfdhcplistener(1955) INFO:
Reload configuration on eth0 with status 0 (main::reload_config)Jun 17 15:41:40
pfqueue(1933) INFO: [mac:unknown] DHCPREQUEST from 28:d2:44:08:2c:68
(10.160.10.10) (pf::dhcp::processor::parse_dhcp_request)Jun 17 15:41:40
pfqueue(1932) INFO: [mac:unknown] DHCPACK from 10.160.10.254
(00:14:22:16:c0:3e) to host 28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:41:40 pfqueue(1933) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:41:40 pfqueue(1932) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:41:40 pfqueue(1932) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:41:40 pfqueue(1931) INFO:
[mac:unknown] DHCPOFFER from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) (pf::dhcp::processor::parse_dhcp_offer)Jun 17
15:41:40 pfqueue(1933) INFO: [mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68
requested an IP with the following informations: last_dhcp = 2016-06-17
15:41:40,computername = NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:41:55 pfqueue(1931) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:41:55 pfqueue(1931) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:41:55 pfqueue(1931) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:41:55 pfqueue(1934) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:41:55,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:41:57 pfqueue(1932) INFO:
[mac:unknown] Unseen before node added: 50:7b:9d:51:89:e2
(pf::dhcp::processor::process_packet)Jun 17 15:41:57 pfqueue(1932) INFO:
[mac:unknown] DHCPREQUEST from 50:7b:9d:51:89:e2 (192.168.1.190)
(pf::dhcp::processor::parse_dhcp_request)Jun 17 15:41:57 pfqueue(1932) INFO:
[mac:unknown] The listener process is NOT on the same server as the DHCP
server. (pf::dhcp::processor::pf_is_dhcp)Jun 17 15:41:57 pfqueue(1932) INFO:
[mac:unknown] Updating iplog and SSO for 50:7b:9d:51:89:e2 -> 192.168.1.190
(pf::dhcp::processor::handle_new_ip)Jun 17 15:41:57 pfqueue(1932) INFO:
[mac:50:7b:9d:51:89:e2] 50:7b:9d:51:89:e2 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:41:57,computername =
NLUSHQN184NF,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:42:07 pfqueue(1931) INFO:
[mac:unknown] DHCPREQUEST from 50:7b:9d:51:89:e2 (192.168.1.190)
(pf::dhcp::processor::parse_dhcp_request)Jun 17 15:42:07 pfqueue(1931) INFO:
[mac:unknown] The listener process is NOT on the same server as the DHCP
server. (pf::dhcp::processor::pf_is_dhcp)Jun 17 15:42:07 pfqueue(1931) INFO:
[mac:unknown] Updating iplog and SSO for 50:7b:9d:51:89:e2 -> 192.168.1.190
(pf::dhcp::processor::handle_new_ip)Jun 17 15:42:07 pfqueue(1931) INFO:
[mac:50:7b:9d:51:89:e2] 50:7b:9d:51:89:e2 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:42:07,computername =
NLUSHQN184NF,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:42:10 pfqueue(1932) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:42:10 pfqueue(1932) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:42:10 pfqueue(1932) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:42:10 pfqueue(1934) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:42:10,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:42:25 pfqueue(1934) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:42:25 pfqueue(1934) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:42:25 pfqueue(1934) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:42:25 pfqueue(1932) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:42:25,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:42:40 pfqueue(1932) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:42:40 pfqueue(1932) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:42:40 pfqueue(1932) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:42:40 pfqueue(1931) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:42:40,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:42:55 pfqueue(1931) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:42:55 pfqueue(1931) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:42:55 pfqueue(1931) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:42:55 pfqueue(1933) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:42:55,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:43:10 pfqueue(1933) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:43:10 pfqueue(1933) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:43:10 pfqueue(1933) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:43:10 pfqueue(1931) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:43:10,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:43:25 pfqueue(1931) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:43:25 pfqueue(1931) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:43:25 pfqueue(1931) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:43:25 pfqueue(1933) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:43:25,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:43:40 pfqueue(1933) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:43:40 pfqueue(1933) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:43:40 pfqueue(1933) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:43:40 pfqueue(1931) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:43:40,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:43:55 pfqueue(1931) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:43:55 pfqueue(1931) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:43:55 pfqueue(1931) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:43:55 pfqueue(1934) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:43:55,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:44:10 pfqueue(1931) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:44:10 pfqueue(1931) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:44:10 pfqueue(1931) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:44:10 pfqueue(1932) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:44:10,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:44:25 pfqueue(1931) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:44:25 pfqueue(1931) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:44:25 pfqueue(1931) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:44:25 pfqueue(1932) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:44:25,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet)Jun 17 15:44:40 pfqueue(1931) INFO:
[mac:unknown] DHCPACK from 10.160.10.254 (00:14:22:16:c0:3e) to host
28:d2:44:08:2c:68 (10.160.10.10) for 30 seconds
(pf::dhcp::processor::parse_dhcp_ack)Jun 17 15:44:40 pfqueue(1931) INFO:
[mac:unknown] The listener process is on the same server as the DHCP server.
(pf::dhcp::processor::pf_is_dhcp)Jun 17 15:44:40 pfqueue(1931) INFO:
[mac:unknown] Updating iplog and SSO for 28:d2:44:08:2c:68 -> 10.160.10.10
(pf::dhcp::processor::handle_new_ip)Jun 17 15:44:40 pfqueue(1932) INFO:
[mac:28:d2:44:08:2c:68] 28:d2:44:08:2c:68 requested an IP with the following
informations: last_dhcp = 2016-06-17 15:44:40,computername =
NLUSHQN286LT,dhcp_fingerprint =
1,3,6,15,31,33,43,44,46,47,121,249,252,dhcp_vendor = MSFT 5.0
(pf::dhcp::processor::process_packet) Thank
you,Vianney______________________________________________________________________________
To: [email protected]
From: [email protected]
Date: Fri, 17 Jun 2016 12:44:33 -0400
Subject: Re: [PacketFence-users] Cisco Catalyst 3550 - Registration VLAN
Vianney,
Did you configure your IP helpers?
Try looking at the following section
https://packetfence.org/doc/PacketFence_Administration_Guide.html#_production_dhcp_access
(12.9.1 particularly) that should do the trick for your issue.
Thanks
On 06/17/2016 11:31 AM, Vianney Amador wrote:Hi Antoine, Thanks for your
prompt response. VLAN 260 is my Registration VLAN, and the VLAN 162 is my
production VLAN (DHCP provided by my DC). Removing "role mapping by switch
role" from the Switch configuration on PF made the trick, the PC is assigned an
IP from the registration VLAN DHCP and opens the browser for authentication.
Once my AD credentials are entered, the PF shows this on the browser: Enabling
network access. Then shows: Unable to detect network connectivity. Try
restarting your browser or opening a new tab to see if your access has been
successfully granted Here is the packetfence.log for this matter: Jun 17
11:21:25 httpd.portal(3147) INFO: [mac:unknown] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 11:21:25 httpd.portal(3147)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 11:21:25 httpd.portal(3147)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 11:21:25 httpd.portal(3147)
INFO: [mac:28:d2:44:08:2c:68] Releasing device
(captiveportal::PacketFence::DynamicRouting::Module::Root::release)Jun 17
11:21:25 httpd.portal(3147) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new
iptables modification method. pf::ipset (pf::inline::get_technique)Jun 17
11:21:25 httpd.portal(3147) INFO: [mac:28:d2:44:08:2c:68] Instantiate profile
default (pf::Portal::ProfileFactory::_from_profile)Jun 17 11:21:25
httpd.portal(3147) INFO: [mac:28:d2:44:08:2c:68] re-evaluating access
(manage_register called) (pf::enforcement::reevaluate_access)Jun 17 11:21:25
httpd.portal(3147) INFO: [mac:28:d2:44:08:2c:68] is currentlog connected at
(192.168.1.14) ifIndex 12 registration
(pf::enforcement::_should_we_reassign_vlan)Jun 17 11:21:25 httpd.portal(3147)
INFO: [mac:28:d2:44:08:2c:68] Instantiate profile default
(pf::Portal::ProfileFactory::_from_profile)Jun 17 11:21:25 httpd.portal(3147)
INFO: [mac:28:d2:44:08:2c:68] Connection type is WIRED_MAC_AUTH. Getting role
from node_info (pf::role::getRegisteredRole)Jun 17 11:21:25 httpd.portal(3147)
INFO: [mac:28:d2:44:08:2c:68] Username was defined "28d244082c68" - returning
role 'NL_Employees' (pf::role::getRegisteredRole)Jun 17 11:21:25
httpd.portal(3147) INFO: [mac:28:d2:44:08:2c:68] PID: "testuser1", Status: reg
Returned VLAN: (undefined), Role: NL_Employees (pf::role::fetchRoleForNode)Jun
17 11:21:25 httpd.portal(3147) INFO: [mac:28:d2:44:08:2c:68] VLAN reassignment
required (current VLAN = 260 but should be in VLAN 162)
(pf::enforcement::_should_we_reassign_vlan)Jun 17 11:21:25 httpd.portal(3147)
INFO: [mac:28:d2:44:08:2c:68] switch port is (192.168.1.14) ifIndex 12
connection type: Wired MAC Auth (pf::enforcement::_vlan_reevaluation)Jun 17
11:21:27 httpd.portal(3268) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new
iptables modification method. pf::ipset (pf::inline::get_technique)Jun 17
11:21:28 httpd.portal(3142) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new
iptables modification method. pf::ipset (pf::inline::get_technique)Jun 17
11:21:29 httpd.portal(3268) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new
iptables modification method. pf::ipset (pf::inline::get_technique)Jun 17
11:21:29 httpd.portal(3326) INFO: [mac:28:d2:44:08:2c:68] Dealing with a
endpoint / browser with captive-portal detection capabilities while having a
self-signed SSL certificate. Using HTTP instead of HTTPS
(pf::web::dispatcher::handler)Jun 17 11:21:29 httpd.portal(3326) INFO:
[mac:28:d2:44:08:2c:68] Instantiate a new iptables modification method.
pf::ipset (pf::inline::get_technique)Jun 17 11:21:30 httpd.portal(3268) INFO:
[mac:28:d2:44:08:2c:68] Dealing with a endpoint / browser with captive-portal
detection capabilities while having a self-signed SSL certificate. Using HTTP
instead of HTTPS (pf::web::dispatcher::handler)Jun 17 11:21:30
httpd.portal(3268) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 11:21:38
httpd.portal(3326) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 11:21:48
httpd.portal(3147) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 11:21:58
httpd.portal(3140) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new iptables
modification method. pf::ipset (pf::inline::get_technique)Jun 17 11:21:59
httpd.portal(3144) INFO: [mac:28:d2:44:08:2c:68] Dealing with a endpoint /
browser with captive-portal detection capabilities while having a self-signed
SSL certificate. Using HTTP instead of HTTPS (pf::web::dispatcher::handler)Jun
17 11:21:59 httpd.portal(3144) INFO: [mac:28:d2:44:08:2c:68] Instantiate a new
iptables modification method. pf::ipset (pf::inline::get_technique)Jun 17
11:22:00 httpd.portal(3142) INFO: [mac:28:d2:44:08:2c:68] Dealing with a
endpoint / browser with captive-portal detection capabilities while having a
self-signed SSL certificate. Using HTTP instead of HTTPS
(pf::web::dispatcher::handler)Jun 17 11:22:00 httpd.portal(3142) INFO:
[mac:28:d2:44:08:2c:68] Instantiate a new iptables modification method.
pf::ipset (pf::inline::get_technique). If the Ethernet cable from the PC is
unplugged and then plug back in or if its NIC is desabled/Enabled in Windows,
then the PC is granted access to my produection VLAN (162). Is this the
expected behavior? if not, could you please help me out with this? Thank you!
______________________________________________________________________________
To: [email protected]
From: [email protected]
Date: Fri, 17 Jun 2016 10:20:23 -0400
Subject: Re: [PacketFence-users] Cisco Catalyst 3550 - Registration VLAN
Hello Vianney,
First check out your switch configuration(tab roles) at the moment you have
switch by role and switch by VLAN selected, you should remove "role mapping by
switch role".
PacketFence seems to answer to the switch RADIUS request properly.
Is VLAN 260 your production VLAN, if yes it spanned to this port?
Remember that PacketFence IS NOT a DHCP server on your production VLAN, we
assume that you have your own server for that.
Thank you
On 06/17/2016 09:38 AM, Vianney Amador wrote:Hi guys, I am pretty much new to
this world of Packagefence, I am testing this using a Cisco Catalyst 3550 with
the latest IOS available. I created my registration, isolation and normal VLANs
on both the PF server interface and Switch. I added this switch on PF using the
parameters specified on the official documentation, also set up the switch
using the 3550 (802.1x with MAB) configuration. Created a source for Active
Directory authentication. I setup one of the ports on the switch with the
parameters for the registration VLAN, the PC (Windows 10) automatically
acquired an IP address from this subnet, so when I opened the browser forced me
to authenticate, so I put it my AD credentials and got authenticated. When I
connect the same PC on a port setup as specified on the official documentation,
the PC WILL NOT get an IP address: switchport mode accessdot1x
mac-auth-bypassdot1x pae authenticatordot1x port-control autodot1x
violation-mode protectdot1x timeout quiet-period 2dot1x timeout reauth-period
7200dot1x timeout tx-period 3dot1x reauthentication Here is the log from the
packetfense.log: Jun 17 09:50:05 httpd.aaa(2249) INFO: [mac:28:d2:44:08:2c:68]
handling radius autz request: from switch_ip => (192.168.1.14), connection_type
=> WIRED_MAC_AUTH,switch_mac => (00:11:92:b1:81:86), mac =>
[28:d2:44:08:2c:68], port => 6, username => "28d244082c68"
(pf::radius::authorize)Jun 17 09:50:05 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] is of status unreg; belongs into registration VLAN
(pf::role::getRegistrationRole)Jun 17 09:50:05 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] (192.168.1.14) Added VLAN 260 to the returned RADIUS
Access-Accept (pf::Switch::returnRadiusAccessAccept)Jun 17 09:50:05
httpd.aaa(2249) INFO: [mac:28:d2:44:08:2c:68] (192.168.1.14) Added role
registration to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)Jun 17 09:50:20 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] handling radius autz request: from switch_ip =>
(192.168.1.14), connection_type => WIRED_MAC_AUTH,switch_mac =>
(00:11:92:b1:81:86), mac => [28:d2:44:08:2c:68], port => 6, username =>
"28d244082c68" (pf::radius::authorize)Jun 17 09:50:20 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] is of status unreg; belongs into registration VLAN
(pf::role::getRegistrationRole)Jun 17 09:50:20 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] (192.168.1.14) Added VLAN 260 to the returned RADIUS
Access-Accept (pf::Switch::returnRadiusAccessAccept)Jun 17 09:50:20
httpd.aaa(2249) INFO: [mac:28:d2:44:08:2c:68] (192.168.1.14) Added role
registration to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)Jun 17 09:50:29 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] handling radius autz request: from switch_ip =>
(192.168.1.14), connection_type => WIRED_MAC_AUTH,switch_mac =>
(00:11:92:b1:81:86), mac => [28:d2:44:08:2c:68], port => 6, username =>
"28d244082c68" (pf::radius::authorize)Jun 17 09:50:29 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] is of status unreg; belongs into registration VLAN
(pf::role::getRegistrationRole)Jun 17 09:50:29 httpd.aaa(2249) INFO:
[mac:28:d2:44:08:2c:68] (192.168.1.14) Added VLAN 260 to the returned RADIUS
Access-Accept (pf::Switch::returnRadiusAccessAccept)Jun 17 09:50:29
httpd.aaa(2249) INFO: [mac:28:d2:44:08:2c:68] (192.168.1.14) Added role
registration to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept) Any thoughts? Please advise,Vianney
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Antoine Amacher
[email protected] :: +1.514.447.4918 *130 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________ PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Antoine Amacher
[email protected] :: +1.514.447.4918 *130 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________ PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________ PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________ PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Antoine Amacher
[email protected] :: +1.514.447.4918 *130 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________ PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________ PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
