Hello Fabrice
Thank you for your response.
Radius Audit LOG is here:
===========================================
MAC Address 34:4d:f7:4a:dc:5f
Auth Status Accept
Auth Type Accept
Auto Registration no
Calling Station ID 34:4d:f7:4a:dc:5f
Computer name N/A
EAP Type
Event Type Radius-Access-Request
IP Address
Is a Phone no
Node status unreg
Domain
Profile N/A
Realm null
Reason
Role registration
Source N/A
Stripped User Name 344df74adc5f
User Name 344df74adc5f
Unique ID
===========================================
Switch ID 10.0.0.2
Switch MAC 00:3a:98:1e:c6:20
Switch IP Address 10.0.0.2
Called Station ID 00:3a:98:1e:c6:20
Connection type Wireless-802.11-NoEAP
IfIndex 296
NAS identifier
NAS IP Address 10.0.0.2
NAS Port 296
NAS Port ID 296
NAS Port Type Wireless-802.11
RADIUS Source IP Address 10.0.0.2
Wi-Fi Network SSID PacketFence-Public
===========================================
request_time 0
RADIUS Request User-Name = "344df74adc5f"
User-Password =
"\265\230\346\224\356\"\327\340\004\031\332\337l\241\361\324"
NAS-IP-Address = 10.0.0.2
NAS-Port = 296
Service-Type = Login-User
Called-Station-Id = "00:3a:98:1e:c6:20"
Calling-Station-Id = "34:4d:f7:4a:dc:5f"
NAS-Port-Type = Wireless-802.11
Event-Timestamp = "Jan 24 2017 23:28:46 EST"
NAS-Port-Id = "296"
Cisco-AVPair = "ssid=PacketFence-Public"
Cisco-NAS-Port = "296"
Stripped-User-Name = "344df74adc5f"
Realm = "null"
FreeRADIUS-Client-IP-Address = 10.0.0.2
Called-Station-SSID = "PacketFence-Public"
SQL-User-Name = "344df74adc5f"
RADIUS Reply Tunnel-Type = VLAN
Tunnel-Private-Group-Id = "130"
Tunnel-Medium-Type = IEEE-802
PacketFence-Authorization-Status = "allow"
===========================================
What you think about my topology?
| VMware |
| PFence | <--trunk--> SW <--trunk--> RTR <--trunk--> SW <--trunk-->
AIR-AP1242G-E-K9
Here are my Router, Switch and AP configutrations. If you need PFence
config, I will attach next time.
PFence--SWITCH--ROUTER-SWITCH--AP config:
=== WMware SWITCH ===
!
interface TenGigabitEthernet2/2
description ConnecTO_wmwarE
switchport
switchport trunk allowed vlan 1,140-143
switchport mode trunk
!
interface GigabitEthernet3/3
description ConnecTO_routeR
switchport
switchport trunk allowed vlan 1,140-143
switchport mode trunk
=== ROUTER ===
!
interface GigabitEthernet1/1.140
description Packetfence_Management
encapsulation dot1Q 140
ip address 192.168.140.2 255.255.255.0
ip nat inside
!
interface GigabitEthernet1/1.141
description Packetfence_Registration
encapsulation dot1Q 141
ip address 192.168.141.2 255.255.255.0
!
interface GigabitEthernet1/1.142
description Packetfence_Isolation
encapsulation dot1Q 142
ip address 192.168.142.2 255.255.255.0
!
interface GigabitEthernet1/7
description Manage_Aironet1142
ip address 10.0.0.1 255.255.255.240
!
interface GigabitEthernet1/7.130
description C3750_Registration
encapsulation dot1Q 130
ip address 192.168.130.1 255.255.255.0
ip helper-address 192.168.141.1
!
interface GigabitEthernet1/7.131
description C3750_Isolation
encapsulation dot1Q 131
ip address 192.168.131.1 255.255.255.0
ip helper-address 192.168.142.1
=== AP SWITCH ===
!
interface GigabitEthernet1/0/2
description ConnecTO_routeR
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,130-132
switchport mode trunk
!
interface FastEthernet1/0/20
description ConnectTO_Aironet1142
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,130-132
switchport mode trunk
no cdp enable
=== AIR-AP1242G-E-K9 ===
!
ap#sh run
Building configuration...
Current configuration : 5801 bytes
!
version 12.4
no service pad
!
aaa new-model
!
!
aaa group server radius rad_eap
server 192.168.140.1 auth-port 1812 acct-port 1813
!
aaa group server radius rad_mac
server 192.168.140.1 auth-port 1812 acct-port 1813
!
aaa authentication login mac_methods group rad_mac
aaa authentication login eap_methods group rad_eap
!
aaa session-id common
ip name-server 192.168.120.51
!
!
dot11 mbssid
dot11 syslog
dot11 vlan-name guest vlan 132
dot11 vlan-name isolation vlan 131
dot11 vlan-name normal vlan 1
dot11 vlan-name registration vlan 130
!
dot11 ssid PacketFence-Public
vlan 131 backup guest
authentication open mac-address mac_methods
mbssid guest-mode
!
dot11 ssid PacketFence-Secure
vlan 130 backup normal
authentication open eap eap_methods
authentication key-management wpa
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 130 mode ciphers aes-ccm
!
ssid PacketFence-Public
!
ssid PacketFence-Secure
!
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.130
encapsulation dot1Q 130
no ip route-cache
bridge-group 130
bridge-group 130 subscriber-loop-control
bridge-group 130 block-unknown-source
no bridge-group 130 source-learning
no bridge-group 130 unicast-flooding
bridge-group 130 spanning-disabled
!
interface Dot11Radio0.131
encapsulation dot1Q 131
no ip route-cache
bridge-group 131
bridge-group 131 subscriber-loop-control
bridge-group 131 block-unknown-source
no bridge-group 131 source-learning
no bridge-group 131 unicast-flooding
bridge-group 131 spanning-disabled
!
interface Dot11Radio0.132
encapsulation dot1Q 132
no ip route-cache
bridge-group 132
bridge-group 132 subscriber-loop-control
bridge-group 132 block-unknown-source
no bridge-group 132 source-learning
no bridge-group 132 unicast-flooding
bridge-group 132 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.130
encapsulation dot1Q 130
no ip route-cache
bridge-group 130
no bridge-group 130 source-learning
bridge-group 130 spanning-disabled
!
interface FastEthernet0.131
encapsulation dot1Q 131
no ip route-cache
bridge-group 131
no bridge-group 131 source-learning
bridge-group 131 spanning-disabled
!
interface FastEthernet0.132
encapsulation dot1Q 132
no ip route-cache
bridge-group 132
no bridge-group 132 source-learning
bridge-group 132 spanning-disabled
!
interface BVI1
ip address 10.0.0.2 255.255.255.240
no ip route-cache
!
ip default-gateway 10.0.0.1
ip http server
ip http authentication aaa
ip http secure-server
ip http help-path
http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
snmp-server community public RO
snmp-server community private RW
snmp-server trap link ietf
snmp-server enable traps snmp authentication
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps aaa_server
snmp-server host 192.168.140.1 version 2c public
radius-server host 192.168.140.1 auth-port 1812 acct-port 1813 key 7
10481B1C0005130F051139
radius-server vsa send cisco-nas-port
radius-server vsa send accounting
radius-server vsa send authentication
line con 0
line vty 0 4
!
end
ap#
Best Regards,
Namjil
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
