Hi All,
It's been quite a long time I'm having problem with packetfence. It's totally
new and I'm really have problem to figure that out by myself. Your help will be
highly appreciated!
Our problem right now: "Your network should be enabled within a minute or two.
If it is not reboot your computer." As we want to do web authentication (ACL
change, VLAN ID don't change), I only enabled VLAN51 (registration vlan) on our
network. The management address belongs to internal production IP. If I check
WLC log, we can find the Authroize_any ACL applied. However, after we input
credentials, the problem mention at first won't go away. I cannot get any
internet access. Is there any way we can solve the issue?
Our infrastructure:
Cisco WLC2504 + 2702i \2802i APs
PacketFence Zen6.5.1 Vlan enforcement on HyperV platform
Detailed configuration:
PF:
Default gateway: 10.1.254.1 (vlan interface address on layer 3 switch)
[interface eth5.51]
enforcement=vlan
ip=172.17.254.254
type=internal
mask=255.255.0.0
[interface eth5]
ip=10.1.254.126 (also the captive portal address)
type=management,portal
mask=255.255.255.0
[interface eth5.52]
enforcement=vlan
ip=172.18.254.254
type=internal
mask=255.255.0.0
network.conf:
[172.17.0.0]
dns=172.17.254.254
dhcp_start=172.17.0.10
gateway=172.17.254.254 (Should we point the gateway to this address? As we
also want to do routed network, will it become a problem? )
domain-name=vlan-registration.resourcepro0.resourcepro.com
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=30
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=172.17.255.246
type=vlan-registration
netmask=255.255.0.0
dhcp_default_lease_time=30
Switch.conf
[10.1.5.50]
deauthMethod=RADIUS
description=QD-G5-2504-3F-1
type=Cisco::WLC_2500
mode=production
SNMPCommunityRead=pftest
registrationVlan=51
SNMPCommunityWrite=pftest
isolationVlan=52
radiusSecret=xxxxxx
SNMPVersion=2c
defaultVlan=51
coaPort=1700
RoleMap=Y
AdminITRole=Authorize_any
registrationUrl=http://10.1.254.126/Cisco::WLC
RSPEmployeeRole=Authorize_any
UrlMap=Y
guestVlan=51
defaultRole=Authorize_any
registrationRole=Pre-Auth-For-WebRedirect
guestRole=Authorize_any
controllerIp=10.1.5.50
ExternalPortalEnforcement=Y
VlanMap=N
Cisco WLC configuration:
Interface: VLAN 51 with Ip add 172.17.0.2 and gateway 172.17.0.1 (firewall
wireless address)
ACL: Pre-Auth-For-WebRedirect and Authorize_any
WLAN:
Enabled MAC filtering for layer 2 security,
keep none for layer 3 security.
Point the AAA server to 10.1.254.126 (PF management address) and enabled aaa
override
Enabled NAC state to ISE NAC
Other configuration:
Enabled NAT for 172.17.0.0 on firewall
Thank you for your help in advance!
---
Helen
This email (including any attachments) contains confidential information
intended for a specific individual and purpose. If you have received this email
in error please notify the sender immediately and delete this e-mail. If you
are not the intended recipient any disclosing, distributing, copying, or taking
any action based on this e-mail is strictly prohibited. ReSource Pro, LLC. 1180
Avenue of the Americas, 16th Floor, New York, NY, 10036. www.resourcepro.com
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users