On Wed, Jan 25, 2017 at 19:02 Fabrice Durand <[email protected]> wrote:
>
>
>
> Dear Fabrice
Thanks for email.
The External portal enforcement is it on the packetfence or Controller ?
> Thanks
Regards
Sadiq
>
>
>
>
>
>
> Hello Sadiq,
>
>
> when i say nac in advanced section i mean on the controler , not
>
> on packetfence.
>
>
> Also enable External Portal Enforcement.
>
>
>
>
>
>
>
> Regards
>
>
> Fabrice
>
>
>
>
>
>
>
>
>
>
> Le 2017-01-25 à 09:38, Sadiq Hussein a
>
> écrit :
>
>
>
>
>
>
>
>
> Dear Fabrice
>
>
>
>
> You have ask to do the following, see my response below
>
>
>
>
>
> Pre-Auth-For-WebRedirect
>
> is an trigger to force the device to reach to captive portal
>
> so change it to be close than we define in the doc (
> <https://packetfence.org>https://packetfence.org
>
>
> doc/PacketFence_Network_Devices_Configuration_Guide.html#_wireless_lan_controller_wlc_web_auth).
>
>
>
>
>
> As per documentation i have created ACL similar to the one on
>
> the documentation but with my IP (screen shot attached)
>
>
> Also on Web Admin I have added Cisco WLC Network >
>
> Switches option configured as per the documentation.
>
>
>
>
>
> Next NAC state to enabled
>
> (Advanced section).
>
>
> I used Web Admin GUI the Configuration > Advanced option
>
> i am not sure we options to configure ( attacehd screen shot,
>
> need to help on this)
>
>
>
>
>
> Enable web authentication in
>
> the switch config (pf switch config where you define the
>
> switch type).
>
>
> I did this using Web admin GUI
>
> configuration>network>switches where i added the Cisco
>
> WLC. Did do it right (Also screen shot)
>
>
>
>
>
>
>
> Still am not able to reach the Captive portal
>
>
>
>
>
>
>
> Below a part is log of Packetfence.log
>
>
>
>
>
>
>
> fconfig::cached::is_valid)
>
>
> Jan 25 09:19:13 httpd.aaa(8610) INFO:
>
> [mac:f0:27:65:ea:8e:c7] Memory configuration is not valid
>
> anymore for key resource::stats_levels in local
>
> cached_hash (pfconfig::cached::is_valid)
>
>
> Jan 25 09:19:13 httpd.aaa(8610) INFO:
>
> [mac:f0:27:65:ea:8e:c7] Memory configuration is not valid
>
> anymore for key resource::stats_levels in local
>
> cached_hash (pfconfig::cached::is_valid)
>
>
> Jan 25 09:19:13 httpd.aaa(8610) INFO:
>
> [mac:f0:27:65:ea:8e:c7] Memory configuration is not valid
>
> anymore for key resource::stats_levels in local
>
> cached_hash (pfconfig::cached::is_valid)
>
>
> Jan 25 09:19:13 httpd.aaa(8610) INFO:
>
> [mac:f0:27:65:ea:8e:c7] Memory configuration is not valid
>
> anymore for key resource::stats_levels in local
>
> cached_hash (pfconfig::cached::is_valid)
>
>
> Jan 25 09:19:13 httpd.aaa(8610) INFO:
>
> [mac:f0:27:65:ea:8e:c7] (10.11.69.253) Added VLAN 2 to the
>
> returned RADIUS Access-Accept
>
> (pf::Switch::returnRadiusAccessAccept)
>
>
> Jan 25 09:19:13 httpd.aaa(8610) INFO:
>
> [mac:f0:27:65:ea:8e:c7] (10.11.69.253) Added role
>
> Pre-Auth-For-WebRedirect to the returned RADIUS
>
> Access-Accept (pf::Switch::returnRadiusAccessAccept)
>
>
> Jan 25 09:19:13 httpd.aaa(8610) INFO:
>
> [mac:f0:27:65:ea:8e:c7] External portal enforcement either
>
> not supported '1' or not configured 'N' on network
>
> equipment '10.11.69.253'
>
> (pf::Switch::externalPortalEnforcement)
>
>
> Jan 25 09:19:13 httpd.aaa(8610) INFO:
>
> [mac:f0:27:65:ea:8e:c7] Memory configuration is not valid
>
> anymore for key resource::stats_levels in local
>
> cached_hash (pfconfig::cached::is_valid)
>
>
> Jan 25 09:19:14 httpd.aaa(8610) INFO:
>
> [mac:f0:27:65:ea:8e:c7] Memory configuration is not valid
>
> anymore for key resource::stats_levels in local
>
> cached_hash (pfconfig::cached::is_valid)
>
>
> Jan 25 09:21:38 httpd.aaa(8610) INFO:
>
> [mac:f0:27:65:ea:8e:c7] Memory configuration is not valid
>
> anymore for key resource::stats_levels in local
>
> cached_hash
>
>
>
>
>
>
>
>
>
>
> Thanks
>
>
>
>
>
>
>
> Regards
>
>
>
>
> Sadiq
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Wed, Jan 25, 2017 at 3:27 PM, Durand
>
> fabrice <[email protected]>
>
> wrote:
>
>
>
>
>
>
> Hello Sadik,
>
>
> so 3 mistakes in your setup.
>
>
> Pre-Auth-For-WebRedirect is an trigger to force the
>
> device to reach to captive portal so change it to be
>
> close than we define in the doc
>
> (
> https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_wireless_lan_controller_wlc_web_auth
> ).
>
>
> Next NAC state to enabled (Advanced section).
>
>
> Enable web authentication in the switch config (pf
>
> switch config where you define the switch type).
>
>
> Regards
>
>
> Fabrice
>
>
>
>
>
>
>
> Le
>
> 2017-01-25 à 04:16, Sadiq Hussein a écrit :
>
>
>
>
>
>
>
>
> Dear Antoine,
>
>
>
>
>
>
>
> Thank your for your response.
>
>
>
>
>
>
>
> Q1 on interface, in my case where i just want
>
> captive portal for authentication of guest users,-
>
> how many interfaces should have or configure.?
>
>
>
>
>
>
>
> At the moment I have only management interface
>
> with Listening Daemon as portal
>
>
>
>
>
>
>
> Also i have followed your instruction on the
>
> email but I could not not connect to
>
> SSID|(Traning) nor redirected to captive portal
>
>
>
>
>
>
>
> This how i have configure the packet-fence
>
>
>
>
>
>
>
> >The interface are
>
>
>
>
> I have management IP 10.68.24.15
>
>
>
>
> with listening Daemon - portal
>
>
>
>
>
>
>
> Captive portal IP is 10.68.24.15
>
>
>
>
>
>
>
> On portal Profile Menu am using default with
>
> sources Null and Sponsor
>
>
>
>
>
>
>
> On Switches i have Added the Cisco WLC Controller
>
> IP
>
>
>
>
> > on roles I have added configuration as
>
> instructed on Network documentation
>
>
>
>
> Role by web Auth URL added captive
>
> portal IP (10.68.24.15)
>
>
>
>
> Role by Switch Role (attached screen
>
> shot)
>
>
>
>
> > The i configured the Radius secret
>
> passphrase(the same
>
> was used in Cisco WLC)
>
>
>
>
>
>
>
> > On roles and Source I did not change
>
> anything
>
>
>
>
> is there anything to do in case of my
>
> setup?
>
>
>
>
>
>
>
>
>
> Also I am cannot on web admin GUI guest Self
>
> -registration menu
>
>
>
>
>
>
>
>
>
>
> I have attached some screen shot to show the
>
> setting i entered on both packetfence and WLC Cisco.
>
>
>
>
>
>
>
> Also below is text if radius audit entry on
>
> laptop that did not connected
>
>
>
>
>
> ser-Name =
>
> "d8:fc:93:d7:98:12"
>
>
> User-Password = "X\2565j+\221\r\343X\020\2374\005j\363\353"
>
>
> NAS-IP-Address = 10.11.69.253
>
>
> NAS-Port = 1
>
>
> Service-Type = Call-Check
>
>
> Framed-MTU = 1300
>
>
> Called-Station-Id = "bc:f1:f2:cf:a5:40:TRAINING"
>
>
> Calling-Station-Id = "d8:fc:93:d7:98:12"
>
>
> NAS-Identifier = "WFPWLAN_CTLR"
>
>
> NAS-Port-Type = Wireless-802.11
>
>
> Tunnel-Type:0 = VLAN
>
>
> Tunnel-Medium-Type:0 = IEEE-802
>
>
> Tunnel-Private-Group-Id:0 = "9"
>
>
> Event-Timestamp = "Jan 25 2017 10:13:21 EAT"
>
>
> Airespace-Wlan-Id = 1
>
>
> Stripped-User-Name = "d8:fc:93:d7:98:12"
>
>
> Realm = "null"
>
>
> FreeRADIUS-Client-IP-Address = 10.11.69.253
>
>
> Called-Station-SSID = "TRAINING"
>
>
> SQL-User-Name = "d8:fc:93:d7:98:12"
>
>
> RADIUS Reply Airespace-ACL-Name =
>
> "Pre-Auth-For-WebRedirect"
>
>
> PacketFence-Authorization-Status = "allow"
>
>
>
>
>
>
>
> Thanks
>
>
>
>
>
>
>
> Regards
>
>
>
>
> Sadiq
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Tue, Jan 24, 2017 at 7:01
>
> PM, Antoine Amacher < <[email protected]>[email protected]>
>
> wrote:
>
>
>
>
>
>
> Hello,
>
>
>
>
>
>
> *Question 1 - for captive configuration do i need to enable enforcement
> and vlan, and if so which option do i choose*
>
>
> The captive portal will be available no
>
> matter which enforcement you chose, VLAN,
>
> Inline or WebAuth.
>
>
>
>
> *Q1 who many interface are suppose to created and they be on same network*
>
>
> Please clarify.
>
>
>
>
>
>
>
>
> *Q Can captive portal be on the same network as management IP and if so i
> do i configure that.*
>
>
> Using WebAuth for instance, you need to
>
> enable portal on the management interface.
>
> Configuration -> Network -> Interfaces
>
> and Network -> click on your interface,
>
> Additionnal listening daemon(s) -> Portal
>
>
>
>
> *Q4 What configuration should have on WLC *
>
>
>
> https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_cisco_2
>
>
> if using WebAuth:
>
>
>
>
>
> https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_wireless_lan_controller_wlc_web_auth
>
>
>
>
>
>
>
>
> *Q 4 What configuration should have to guest authenticated through
> sponsor email or local user*
>
>
>
> https://packetfence.org/doc/PacketFence_Administration_Guide.html#_guests_management
>
>
> Thanks
>
>
>
>
>
>
>
> On
>
> 01/24/2017 10:36 AM, Sadiq Hussein wrote:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Dear Colleague
>
>
>
>
>
>
>
> I am new in PacketFence 6.4
>
> i want use with Cisco WLC
>
> 5500 to manage guest user
>
> through captive portal.
>
>
>
>
>
>
>
> I hve go through the Admin and
>
> Network documentation to try
>
> and configure PacketFence but
>
> nothing seem to work.
>
>
>
>
>
>
>
> Question 1 - for captive
>
> configuration do i need to
>
> enable enforcement and vlan, and
>
> if so which option do i choose
>
>
>
>
>
>
>
> Q1 who many interface are suppose
>
> to created and they be on same
>
> network
>
>
>
>
>
>
>
> Q Can captive portal be on the same
>
> network as management IP and if so i
>
> do i configure that.
>
>
>
>
>
>
>
> Q4 What configuration should have on
>
> WLC
>
>
>
>
>
>
>
> Q 4 What configuration should have to
>
> guest authenticated through sponsor
>
> email or local user
>
>
>
>
>
>
>
> Please assist
>
>
>
>
>
>
>
> Regards
>
>
>
>
> Sadiq Hussein
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
>
> Check out the vibrant tech community on one of the world's most
>
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
>
> PacketFence-users mailing list
>
> [email protected]
>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
>
>
>
>
>
> --
>
> Antoine Amacher
>
> [email protected] :: www.inverse.ca
>
> +1.514.447.4918 x130 <%28514%29%20447-4918> :: +1 (866) 353-6153 x130
> <%28866%29%20353-6153>
>
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
> (www.packetfence.org)
>
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
>
>
>
> Check out the vibrant tech community on one of the world's most
>
>
>
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>
> _______________________________________________
>
>
>
> PacketFence-users mailing list
>
>
>
> [email protected]
>
>
>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
>
> Check out the vibrant tech community on one of the world's most
>
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>
>
>
>
>
> _______________________________________________
>
> PacketFence-users mailing list
>
> [email protected]
>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
>
>
>
> Check out the vibrant tech community on one of the world's most
>
>
>
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>
> _______________________________________________
>
>
>
> PacketFence-users mailing list
>
>
>
> [email protected]
>
>
>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
>
> Check out the vibrant tech community on one of the world's most
>
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>
>
>
>
>
> _______________________________________________
>
> PacketFence-users mailing list
>
> [email protected]
>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
>
>
>
> --
>
> Fabrice Durand
>
> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
>
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
> ------------------------------------------------------------------------------
>
> Check out the vibrant tech community on one of the world's most
>
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
>
> PacketFence-users mailing list
>
> [email protected]
>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
