Hello Sadiq,
when i say nac in advanced section i mean on the controler , not on
packetfence.
Also enable External Portal Enforcement.
Regards
Fabrice
Le 2017-01-25 à 09:38, Sadiq Hussein a écrit :
> Dear Fabrice
> You have ask to do the following, see my response below
>
> Pre-Auth-For-WebRedirect is an trigger to force the device to reach to
> captive portal so change it to be close than we define in the doc
> (https://packetfence.org
> doc/PacketFence_Network_Devices_Configuration_Guide.html#_wireless_lan_controller_wlc_web_auth).
>
> As per documentation i have created ACL similar to the one on the
> documentation but with my IP (screen shot attached)
> Also on Web Admin I have added Cisco WLC Network > Switches option
> configured as per the documentation.
>
> Next NAC state to enabled (Advanced section).
> I used Web Admin GUI the Configuration > Advanced option i am not
> sure we options to configure ( attacehd screen shot, need to help on this)
>
> Enable web authentication in the switch config (pf switch config where
> you define the switch type).
> I did this using Web admin GUI configuration>network>switches where i
> added the Cisco WLC. Did do it right (Also screen shot)
>
> Still am not able to reach the Captive portal
>
> Below a part is log of Packetfence.log
>
> fconfig::cached::is_valid)
> Jan 25 09:19:13 httpd.aaa(8610) INFO: [mac:f0:27:65:ea:8e:c7] Memory
> configuration is not valid anymore for key resource::stats_levels in
> local cached_hash (pfconfig::cached::is_valid)
> Jan 25 09:19:13 httpd.aaa(8610) INFO: [mac:f0:27:65:ea:8e:c7] Memory
> configuration is not valid anymore for key resource::stats_levels in
> local cached_hash (pfconfig::cached::is_valid)
> Jan 25 09:19:13 httpd.aaa(8610) INFO: [mac:f0:27:65:ea:8e:c7] Memory
> configuration is not valid anymore for key resource::stats_levels in
> local cached_hash (pfconfig::cached::is_valid)
> Jan 25 09:19:13 httpd.aaa(8610) INFO: [mac:f0:27:65:ea:8e:c7] Memory
> configuration is not valid anymore for key resource::stats_levels in
> local cached_hash (pfconfig::cached::is_valid)
> Jan 25 09:19:13 httpd.aaa(8610) INFO: [mac:f0:27:65:ea:8e:c7]
> (10.11.69.253) Added VLAN 2 to the returned RADIUS Access-Accept
> (pf::Switch::returnRadiusAccessAccept)
> Jan 25 09:19:13 httpd.aaa(8610) INFO: [mac:f0:27:65:ea:8e:c7]
> (10.11.69.253) Added role Pre-Auth-For-WebRedirect to the returned
> RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)
> Jan 25 09:19:13 httpd.aaa(8610) INFO: [mac:f0:27:65:ea:8e:c7] External
> portal enforcement either not supported '1' or not configured 'N' on
> network equipment '10.11.69.253' (pf::Switch::externalPortalEnforcement)
> Jan 25 09:19:13 httpd.aaa(8610) INFO: [mac:f0:27:65:ea:8e:c7] Memory
> configuration is not valid anymore for key resource::stats_levels in
> local cached_hash (pfconfig::cached::is_valid)
> Jan 25 09:19:14 httpd.aaa(8610) INFO: [mac:f0:27:65:ea:8e:c7] Memory
> configuration is not valid anymore for key resource::stats_levels in
> local cached_hash (pfconfig::cached::is_valid)
> Jan 25 09:21:38 httpd.aaa(8610) INFO: [mac:f0:27:65:ea:8e:c7] Memory
> configuration is not valid anymore for key resource::stats_levels in
> local cached_hash
>
>
> Thanks
>
> Regards
> Sadiq
>
>
>
>
> On Wed, Jan 25, 2017 at 3:27 PM, Durand fabrice <[email protected]
> <mailto:[email protected]>> wrote:
>
> Hello Sadik,
>
> so 3 mistakes in your setup.
>
> Pre-Auth-For-WebRedirect is an trigger to force the device to
> reach to captive portal so change it to be close than we define in
> the doc
>
> (https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_wireless_lan_controller_wlc_web_auth
>
> <https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_wireless_lan_controller_wlc_web_auth>).
>
> Next NAC state to enabled (Advanced section).
>
> Enable web authentication in the switch config (pf switch config
> where you define the switch type).
>
> Regards
>
> Fabrice
>
>
> Le 2017-01-25 à 04:16, Sadiq Hussein a écrit :
>> Dear Antoine,
>>
>> Thank your for your response.
>>
>> Q1 on interface, in my case where i just want captive portal for
>> authentication of guest users,- how many interfaces should have
>> or configure.?
>>
>> At the moment I have only management interface with Listening
>> Daemon as portal
>>
>> Also i have followed your instruction on the email but I could
>> not not connect to SSID|(Traning) nor redirected to captive portal
>>
>> This how i have configure the packet-fence
>>
>> >The interface are
>> I have management IP 10.68.24.15
>> with listening Daemon - portal
>>
>> Captive portal IP is 10.68.24.15
>>
>> On portal Profile Menu am using default with sources Null and
>> Sponsor
>>
>> On Switches i have Added the Cisco WLC Controller IP
>> > on roles I have added configuration as instructed on Network
>> documentation
>> Role by web Auth URL added captive portal IP (10.68.24.15)
>> Role by Switch Role (attached screen shot)
>> > The i configured the Radius secret passphrase(the same was
>> used in Cisco WLC)
>>
>> > On roles and Source I did not change anything
>> is there anything to do in case of my setup?
>>
>> Also I am cannot on web admin GUI guest Self -registration menu
>>
>>
>> I have attached some screen shot to show the setting i entered on
>> both packetfence and WLC Cisco.
>>
>> Also below is text if radius audit entry on laptop that did not
>> connected
>>
>> ser-Name = "d8:fc:93:d7:98:12"
>> User-Password = "X\2565j+\221\r\343X\020\2374\005j\363\353"
>> NAS-IP-Address = 10.11.69.253
>> NAS-Port = 1
>> Service-Type = Call-Check
>> Framed-MTU = 1300
>> Called-Station-Id = "bc:f1:f2:cf:a5:40:TRAINING"
>> Calling-Station-Id = "d8:fc:93:d7:98:12"
>> NAS-Identifier = "WFPWLAN_CTLR"
>> NAS-Port-Type = Wireless-802.11
>> Tunnel-Type:0 = VLAN
>> Tunnel-Medium-Type:0 = IEEE-802
>> Tunnel-Private-Group-Id:0 = "9"
>> Event-Timestamp = "Jan 25 2017 10:13:21 EAT"
>> Airespace-Wlan-Id = 1
>> Stripped-User-Name = "d8:fc:93:d7:98:12"
>> Realm = "null"
>> FreeRADIUS-Client-IP-Address = 10.11.69.253
>> Called-Station-SSID = "TRAINING"
>> SQL-User-Name = "d8:fc:93:d7:98:12"
>> RADIUS Reply Airespace-ACL-Name = "Pre-Auth-For-WebRedirect"
>> PacketFence-Authorization-Status = "allow"
>>
>> Thanks
>>
>> Regards
>> Sadiq
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Tue, Jan 24, 2017 at 7:01 PM, Antoine Amacher
>> <[email protected] <mailto:[email protected]>> wrote:
>>
>> Hello,
>>
>> /Question 1 - for captive configuration do i need to enable
>> enforcement and vlan, and if so which option do i choose/
>>
>> The captive portal will be available no matter which
>> enforcement you chose, VLAN, Inline or WebAuth.
>>
>> /Q1 who many interface are suppose to created and they be on
>> same network/
>>
>> Please clarify.
>>
>> /Q Can captive portal be on the same network as management IP
>> and if so i do i configure that./
>>
>> Using WebAuth for instance, you need to enable portal on the
>> management interface. Configuration -> Network -> Interfaces
>> and Network -> click on your interface, Additionnal listening
>> daemon(s) -> Portal
>>
>> /Q4 What configuration should have on WLC /
>>
>>
>> https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_cisco_2
>>
>> <https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_cisco_2>
>>
>> if using WebAuth:
>>
>>
>> https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_wireless_lan_controller_wlc_web_auth
>>
>> <https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_wireless_lan_controller_wlc_web_auth>
>>
>> /Q 4 What configuration should have to guest authenticated
>> through sponsor email or local user/
>>
>>
>> https://packetfence.org/doc/PacketFence_Administration_Guide.html#_guests_management
>>
>> <https://packetfence.org/doc/PacketFence_Administration_Guide.html#_guests_management>
>>
>> Thanks
>>
>>
>> On 01/24/2017 10:36 AM, Sadiq Hussein wrote:
>>> Dear Colleague
>>>
>>> I am new in PacketFence 6.4 i want use with Cisco WLC 5500
>>> to manage guest user through captive portal.
>>>
>>> I hve go through the Admin and Network documentation to try
>>> and configure PacketFence but nothing seem to work.
>>>
>>> Question 1 - for captive configuration do i need to enable
>>> enforcement and vlan, and if so which option do i choose
>>>
>>> Q1 who many interface are suppose to created and they be on
>>> same network
>>>
>>> Q Can captive portal be on the same network as management IP
>>> and if so i do i configure that.
>>>
>>> Q4 What configuration should have on WLC
>>>
>>> Q 4 What configuration should have to guest authenticated
>>> through sponsor email or local user
>>>
>>> Please assist
>>>
>>> Regards
>>> Sadiq Hussein
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>>
>>> _______________________________________________
>>> PacketFence-users mailing list
>>> [email protected]
>>> <mailto:[email protected]>
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>
>> --
>> Antoine Amacher
>> [email protected] <mailto:[email protected]> :: www.inverse.ca
>> <http://www.inverse.ca>
>> +1.514.447.4918 x130 <tel:%28514%29%20447-4918> :: +1 (866)
>> 353-6153 x130 <tel:%28866%29%20353-6153>
>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu
>> <http://www.sogo.nu>) and PacketFence (www.packetfence.org
>> <http://www.packetfence.org>)
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's
>> most engaging tech sites, SlashDot.org!
>> http://sdm.link/slashdot
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> <mailto:[email protected]>
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> <mailto:[email protected]>
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________ PacketFence-users
> mailing list [email protected]
> <mailto:[email protected]>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
