Timonthy,
After I changed to radius, I no longer look these error logs. Thank you!
But... the problem assign ip address vlan register...to be continued!
I'm thinking it's some problem between the switch and packetfence. :(
I am very excited for this solution, but I stop at this problem.
I will still update the firmware of the switch!!
2018-01-03 19:24 GMT-03:00 Timothy Mullican <[email protected]>:
> André,
>
> The message “Until CoA is implemented we will bounce the port on VLAN
> re-assignment traps for MAC-Auth (pf::Switch::
> handleReAssignVlanTrapForWiredMacAuth)” is thrown because your
> deauthentication method for the Switch (in PacketFence) is set to SNMP (see
> handleReAssignVlanTrapForWiredMacAuth in /usr/local/pf/lib/pf/Switch.pm
> and /usr/local/pf/lib/pf/Switch/Dell/N1500.pm).
>
> Try changing your de-authentication method on the switch (under
> Configuration) in PacketFence to RADIUS and specify the secret key. Please
> let me know if this doesn’t work.
>
> Thanks,
> Tim
>
> Sent from mobile phone
>
> On Jan 3, 2018, at 14:59, André Scrivener via PacketFence-users <
> [email protected]> wrote:
>
> Fabrice,
>
> I used the configuration sent, still gave an error.
>
> I saw some new logs:
>
> Jan 3 18:41:44 packetfence pfqueue: pfqueue(25669) WARN:
> [mac:84:7b:eb:e3:84:42] Until CoA is implemented we will bounce the port on
> VLAN re-assignment traps for MAC-Auth (pf::Switch::
> handleReAssignVlanTrapForWiredMacAuth)
>
> You know, do you explain what it would be?
>
> Soon I will update the firmware of the switch, to see if it resolves.
>
> Is it also not a bug in the packetfence version? Did you hear from anyone
> else with this problem?
>
> Greetings!
>
>
>
> 2018-01-03 17:24 GMT-03:00 Fabrice Durand <[email protected]>:
>
>> Hello André,
>>
>> yes i did that a long time ago:
>>
>> https://github.com/inverse-inc/packetfence/commit/9d47649dd8
>> d133b233d313d2c80e94421c38caaa#diff-53248f7bb6c533be6a5b55ec361b3238
>>
>> Also the note i took:
>>
>> 1 Enter global configuration mode and define the RADIUS server.
>>
>> console#configure
>> console(config)#radius-server host auth 10.34.200.30
>> console(Config-auth-radius)#name PacketFence
>> console(Config-auth-radius)#usage 802.1x
>> console(Config-auth-radius)#key s3cr3t
>> console(Config-auth-radius)#exit
>> console(Config)#aaa server radius dynamic-author
>> console(config-radius-da)#client 10.34.200.30 server-key s3cr3t
>> console(config-radius-da)#auth-type all
>> console(config-radius-da)#exit
>>
>>
>>
>>
>> 2 Enable authentication and globally enable 802.1x client authentication
>> via RADIUS:
>>
>> console(config)#authentication enable
>> console(config)#aaa authentication dot1x default radius
>> console(config)#aaa authorization network default radius
>> console(config)#dot1x system-auth-control
>>
>> (Optional)
>> console(Config)#dot1x dynamic-vlan enable
>>
>> 3 On the interface, enable MAC based authentication mode, enable MAB, and
>> set the order of authentication to 802.1X followed by MAC authentication.
>> Also enable periodic re-authentication.
>>
>> console(config)#interface te1/0/4
>> console(config-if-Te1/0/4)#dot1x port-control mac-based
>> console(config-if-Te1/0/4)#dot1x mac-auth-bypass
>> console(config-if-Te1/0/4)#authentication order dot1x mab
>> console(config-if-Te1/0/4)#dot1x reauthentication
>> console(config-if-Te1/0/4)#exit
>>
>> authentication order mab
>> authentication priority mab
>>
>>
>>
>> Le 2018-01-03 à 09:18, André Scrivener a écrit :
>>
>> Hey,
>>
>> I configured interface 15 manually to use only vlan 2 (registry), and I
>> was assigned registry address addressing (192.168.2.0/24)
>>
>> Following config switch:
>>
>> interface Gi1/0/15
>> switchport access vlan 2
>> dot1x port-control force-authorized
>> exit
>>
>>
>> Following logs packetfence:
>>
>> Jan 3 12:14:41 packetfence pfqueue: pfqueue(24777) INFO:
>> [mac:84:7b:eb:e3:84:42] oldip (172.16.0.10) and newip (192.168.2.10) are
>> different for 84:7b:eb:e3:84:42 - closing ip4log entry
>> (pf::api::update_ip4log)
>>
>>
>>
>> console#show mac address-table vlan 2
>>
>> Aging time is 300 Sec
>>
>> Vlan Mac Address Type Port
>> -------- --------------------- ----------- ---------------------
>> 2 0800.2735.FCC4 Dynamic Gi1/0/11* - Packetfence*
>> 2 847B.EBE3.8442 Dynamic Gi1/0/15* - Test machine*
>>
>>
>> You may notice that now the mac address of packetfence is in vlan 2.
>>
>> Have you already configured dell switch switches?
>>
>> Any idea??
>>
>>
>> 2018-01-03 10:59 GMT-03:00 Fabrice Durand <[email protected]>:
>>
>>> Hum strange.
>>>
>>> What you can try is to define an interface in the vlan 2 (manually on an
>>> switch port) and plug your test machine in it. (you must receive an ip from
>>> PacketFence).
>>>
>>> If you receive an ip from the 172.16.0.0/24 then it mean that you have
>>> a switch configuration issue. (any layer 3 interfaces defined in the vlan 2
>>> ?).
>>>
>>> Also what i can see is that there is no mac in the vlan 2 and the vlan 3
>>> for the interface 11.
>>>
>>> You should have something like that too:
>>>
>>> 2 08:00:27:35:fc:c4 Dynamic Gi1/0/11
>>> * - PacketFence Reg *
>>> 3 08:00:27:35:fc:c4 Dynamic Gi1/0/11* - PacketFence Isol*
>>>
>>> Regards
>>> Fabrice
>>>
>>>
>>> Le 2018-01-02 à 13:55, André Scrivener a écrit :
>>>
>>> Opss, Fabrice!
>>>
>>> I forgot an information, the MAC addresses on the switch.
>>>
>>> By the logs, it is in VLAN 2, the correct vlan.
>>>
>>> Right now I do not understand, because it does not assign the correct
>>> address
>>>
>>>
>>> console#show mac address-table
>>>
>>> Aging time is 300 Sec
>>>
>>> Vlan Mac Address Type Port
>>> -------- --------------------- ----------- ---------------------
>>> 1 0800.2700.58E2 Dynamic Gi1/0/11 *- Windows Server
>>> 2008*
>>> 1 0800.2735.FCC4 Dynamic Gi1/0/11* - PacketFence*
>>> 1 1418.77EA.F0A3 Management Vl1 * - Switch Dell*
>>> 1 641C.XXXXXXXXX Dynamic Gi1/0/11 *- My physical pc*
>>> 2 847B.EBE3.8442 Dynamic Gi1/0/13 *- My test machine*
>>>
>>> Total MAC Addresses in use: 5
>>>
>>> console#show mac address-table interface Gi1/0/13
>>>
>>> Aging time is 300 Sec
>>>
>>> Vlan Mac Address Type Port
>>> -------- --------------------- ----------- ---------------------
>>> 2 847B.EBE3.8442 Dynamic Gi1/0/13* - My test machine*
>>>
>>>
>>> console#
>>>
>>>
>>> 2018-01-02 15:22 GMT-03:00 André Scrivener <[email protected]>:
>>>
>>>> Hello Fabrice,
>>>>
>>>> I simplified the environment, I'm using only 1 interface!
>>>>
>>>>
>>>> enp0s3: Management - DHCP FROM WINDOWS SERVER
>>>> enp0s3 VLAN 2: Registration - DHCP ENABLE
>>>> enp0s3 VLAN 3: Isolation - DHCP ENABLE
>>>> enp0s3 VLAN 10: Normal - NO DHCP
>>>>
>>>> IP Address Switch Managed: 172.16.0.50
>>>> Interface 11: My physical machine, and virtual machine (virtualbox)
>>>> where is the PacketFence (interface mode bridge)
>>>> Interface 23: My client test Windows 8 (interface mode bridge)
>>>>
>>>>
>>>> Problem continue, in the logs it returns to vlan correct, but does not
>>>> assign to the computer, it stubborn in assigning the network
>>>> 172.16.0.0/24 (Management Network).
>>>>
>>>>
>>>> root@packetfence ~]# tailf /usr/local/pf/logs/packetfence.log
>>>> Jan 2 14:03:10 packetfence packetfence_httpd.aaa: httpd.aaa(30935)
>>>> INFO: [mac:84:7b:eb:e3:84:42] handling radius autz request: from switch_ip
>>>> => (172.16.0.50), connection_type => WIRED_MAC_AUTH,switch_mac =>
>>>> (14:18:77:ea:f0:a2), mac => [84:7b:eb:e3:84:42], port => 13, username =>
>>>> "847BEBE38442" (pf::radius::authorize)
>>>> Jan 2 14:03:10 packetfence packetfence_httpd.aaa: httpd.aaa(30935)
>>>> INFO: [mac:84:7b:eb:e3:84:42] Instantiate profile default
>>>> (pf::Connection::ProfileFactory::_from_profile)
>>>> Jan 2 14:03:10 packetfence packetfence_httpd.aaa: httpd.aaa(30935)
>>>> INFO: [mac:84:7b:eb:e3:84:42] is of status unreg; belongs into registration
>>>> VLAN (pf::role::getRegistrationRole)
>>>> Jan 2 14:03:10 packetfence packetfence_httpd.aaa: httpd.aaa(30935)
>>>> INFO: [mac:84:7b:eb:e3:84:42] (172.16.0.50) Added VLAN 2 to the returned
>>>> RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)
>>>>
>>>>
>>>>
>>>> [root@packetfence ~]# tailf /usr/local/pf/logs/radius.log
>>>> Jan 2 14:03:10 packetfence auth[31813]: Need 1 more connections to
>>>> reach min connections (3)
>>>> Jan 2 14:03:10 packetfence auth[31813]: rlm_rest (rest): Opening
>>>> additional connection (15), 1 of 62 pending slots used
>>>> Jan 2 14:03:10 packetfence auth[31813]: Need 7 more connections to
>>>> reach 10 spares
>>>> Jan 2 14:03:10 packetfence auth[31813]: rlm_sql (sql): Opening
>>>> additional connection (18), 1 of 61 pending slots used
>>>> Jan 2 14:03:10 packetfence auth[31813]: [mac:84:7b:eb:e3:84:42]
>>>> Accepted user: and returned VLAN 2
>>>> Jan 2 14:03:10 packetfence auth[31813]: (32) Login OK: [847BEBE38442]
>>>> (from client 172.16.0.50 port 13 cli 84:7b:eb:e3:84:42)
>>>>
>>>>
>>>>
>>>>
>>>> Follow network settings:
>>>>
>>>> [root@packetfence ~]# ifconfig
>>>> enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>> inet 172.16.0.2 netmask 255.255.255.0 broadcast 172.16.0.255
>>>> inet6 fe80::a00:27ff:fe35:fcc4 prefixlen 64 scopeid 0x20<link>
>>>> ether 08:00:27:35:fc:c4 txqueuelen 1000 (Ethernet)
>>>> RX packets 560936 bytes 711890423 (678.9 MiB)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 153523 bytes 23163746 (22.0 MiB)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> enp0s3.2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>> inet 192.168.2.2 netmask 255.255.255.0 broadcast 192.168.2.255
>>>> inet6 fe80::a00:27ff:fe35:fcc4 prefixlen 64 scopeid 0x20<link>
>>>> ether 08:00:27:35:fc:c4 txqueuelen 1000 (Ethernet)
>>>> RX packets 0 bytes 0 (0.0 B)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 10 bytes 732 (732.0 B)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> enp0s3.3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>> inet 192.168.3.2 netmask 255.255.255.0 broadcast 192.168.3.255
>>>> inet6 fe80::a00:27ff:fe35:fcc4 prefixlen 64 scopeid 0x20<link>
>>>> ether 08:00:27:35:fc:c4 txqueuelen 1000 (Ethernet)
>>>> RX packets 0 bytes 0 (0.0 B)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 10 bytes 732 (732.0 B)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> enp0s3.10: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>> inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255
>>>> inet6 fe80::a00:27ff:fe35:fcc4 prefixlen 64 scopeid 0x20<link>
>>>> ether 08:00:27:35:fc:c4 txqueuelen 1000 (Ethernet)
>>>> RX packets 0 bytes 0 (0.0 B)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 10 bytes 732 (732.0 B)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
>>>> inet 127.0.0.1 netmask 255.0.0.0
>>>> inet6 ::1 prefixlen 128 scopeid 0x10<host>
>>>> loop txqueuelen 1 (Loopback Local)
>>>> RX packets 1162494 bytes 167041449 (159.3 MiB)
>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>> TX packets 1162494 bytes 167041449 (159.3 MiB)
>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>
>>>> [root@packetfence ~]#
>>>>
>>>>
>>>>
>>>> [root@packetfence ~]# cat /usr/local/pf/conf/networks.conf
>>>> [192.168.3.0]
>>>> dns=192.168.3.2
>>>> dhcp_start=192.168.3.10
>>>> gateway=192.168.3.2
>>>> domain-name=vlan-isolation.scrivener.com.br
>>>> nat_enabled=disabled
>>>> named=enabled
>>>> dhcp_max_lease_time=30
>>>> fake_mac_enabled=disabled
>>>> dhcpd=enabled
>>>> dhcp_end=192.168.3.246
>>>> type=vlan-isolation
>>>> netmask=255.255.255.0
>>>> dhcp_default_lease_time=30
>>>>
>>>> [192.168.2.0]
>>>> dns=192.168.2.2
>>>> dhcp_start=192.168.2.10
>>>> gateway=192.168.2.2
>>>> domain-name=vlan-registration.scrivener.com.br
>>>> nat_enabled=disabled
>>>> named=enabled
>>>> dhcp_max_lease_time=30
>>>> fake_mac_enabled=disabled
>>>> dhcpd=enabled
>>>> dhcp_end=192.168.2.246
>>>> type=vlan-registration
>>>> netmask=255.255.255.0
>>>> dhcp_default_lease_time=30
>>>> [root@packetfence ~]#
>>>>
>>>>
>>>>
>>>> [root@packetfence ~]# cat /usr/local/pf/conf/switches.conf
>>>> [172.16.0.50]
>>>> mode=production
>>>> defaultVlan=10
>>>> deauthMethod=RADIUS
>>>> description=SWITCH DELL - 172.16.0.50
>>>> type=Dell::N1500
>>>> radiusSecret=useStrongerSecret
>>>> SNMPVersion=2c
>>>>
>>>> #
>>>> # Copyright (C) 2005-2017 Inverse inc.
>>>> #
>>>> # See the enclosed file COPYING for license information (GPL).
>>>> # If you did not receive this file, see
>>>> # http://www.fsf.org/licensing/licenses/gpl.html
>>>> [192.168.0.1]
>>>> description=Test Switch
>>>> type=Cisco::Catalyst_2900XL
>>>> mode=production
>>>> uplink=23,24
>>>>
>>>> #SNMPVersion = 3
>>>> #SNMPEngineID = 0000000000000
>>>> #SNMPUserNameRead = readUser
>>>> #SNMPAuthProtocolRead = MD5
>>>> #SNMPAuthPasswordRead = authpwdread
>>>> #SNMPPrivProtocolRead = DES
>>>> #SNMPPrivPasswordRead = privpwdread
>>>> #SNMPUserNameWrite = writeUser
>>>> #SNMPAuthProtocolWrite = MD5
>>>> #SNMPAuthPasswordWrite = authpwdwrite
>>>> #SNMPPrivProtocolWrite = DES
>>>> #SNMPPrivPasswordWrite = privpwdwrite
>>>> #SNMPVersionTrap = 3
>>>> #SNMPUserNameTrap = readUser
>>>> #SNMPAuthProtocolTrap = MD5
>>>> #SNMPAuthPasswordTrap = authpwdread
>>>> #SNMPPrivProtocolTrap = DES
>>>> #SNMPPrivPasswordTrap = privpwdread
>>>> [192.168.1.0/24]
>>>> description=Test Range Switch
>>>> type=Cisco::Catalyst_2900XL
>>>> mode=production
>>>> uplink=23,24
>>>> [root@packetfence ~]#
>>>>
>>>>
>>>> Follow switch configuration:
>>>>
>>>> Following the configuration of the manual, the model of my switch is
>>>> DELL n1548. (https://packetfence.org/doc/P
>>>> acketFence_Network_Devices_Configuration_Guide.html#_dell)
>>>>
>>>>
>>>> console#show running-config
>>>>
>>>> !Current Configuration:
>>>> !System Description "Dell Networking N1548, 6.2.6.6, Linux 3.6.5"
>>>> !System Software Version 6.2.6.6
>>>> !
>>>> configure
>>>> vlan 2-5,10,100
>>>> exit
>>>> vlan 2
>>>> name "Registration"
>>>> exit
>>>> vlan 3
>>>> name "Isolation"
>>>> exit
>>>> vlan 4
>>>> name "Mac detection"
>>>> exit
>>>> vlan 5
>>>> name "Guest"
>>>> exit
>>>> vlan 100
>>>> name "VoIP"
>>>> exit
>>>> stack
>>>> member 1 3 ! N1548
>>>> exit
>>>> interface vlan 1
>>>> ip address 172.16.0.50 255.255.255.0
>>>> exit
>>>> authentication enable
>>>> dot1x system-auth-control
>>>> aaa authentication dot1x default radius
>>>> aaa authorization network default radius
>>>> dot1x dynamic-vlan enable
>>>> voice vlan
>>>> aaa server radius dynamic-author
>>>> client 172.16.0.2 server-key "useStrongerSecret"
>>>> exit
>>>> radius-server host auth 172.16.0.2
>>>> name "PacketFence"
>>>> usage 802.1x
>>>> key "useStrongerSecret"
>>>> exit
>>>> !
>>>> interface Gi1/0/11
>>>> switchport mode trunk
>>>> switchport trunk allowed vlan 1-5,100
>>>> dot1x port-control force-authorized
>>>> exit
>>>> !
>>>> interface Gi1/0/13
>>>> switchport voice detect auto
>>>> switchport mode general
>>>> switchport access vlan 10
>>>> dot1x port-control mac-based
>>>> dot1x reauthentication
>>>> dot1x mac-auth-bypass
>>>> authentication order mab
>>>> authentication priority mab
>>>> lldp transmit-tlv sys-desc sys-cap
>>>> lldp transmit-mgmt
>>>> lldp notification
>>>> lldp med confignotification
>>>> voice vlan 100
>>>> exit
>>>> snmp-server engineid local 800002a203141877eaf0a0
>>>> snmp-server community "private" rw
>>>> snmp-server community "public" ro
>>>> exit
>>>>
>>>> console#
>>>>
>>>>
>>>>
>>>>
>>>> I still do not understand where the error is. Any idea
>>>>
>>>>
>>>> 2017-12-29 11:15 GMT-03:00 Fabrice Durand via PacketFence-users <
>>>> [email protected]>:
>>>>
>>>>> Hello André,
>>>>>
>>>>> First you need to check on the switch side if the mac address of the
>>>>> device is in the vlan 300.
>>>>>
>>>>> Next a registration vlan is a vlan managed by PacketFence, so you need
>>>>> to enable dhcp on the vlan 300 and 600.
>>>>> Another thing i can see is that the interface enp0s8.300 (vlan 300)
>>>>> use the network 172.17.0.0/24 and it should be 172.16.0.0/24 ?! (but
>>>>> enp0s8 use this network).
>>>>>
>>>>> So i my opinion, you probably mess up the vlan/interface config.
>>>>>
>>>>> If enp0s8 interface is really on the vlan 300 then enp0s8.300 is
>>>>> useless and you probably have to use the vlan 301 as the registration
>>>>> network.
>>>>>
>>>>> Last things, be sure that enp0s8 is plugged on a trunk port and be
>>>>> sure that you define all the vlans in your switch configuration.
>>>>>
>>>>> Regards
>>>>> Fabrice
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Le 2017-12-29 à 08:50, André Scrivener via PacketFence-users a écrit :
>>>>>
>>>>> I'm configuring pf as vlan enforcement, but I'm having a problem,
>>>>> where vlans with their respective IPs are not being assigned. In the logs
>>>>> it returns the correct vlans, but does not apply to the station.
>>>>>
>>>>>
>>>>> *Dec 29 11:36:54 packtfence packetfence_httpd.aaa: httpd.aaa(5185)
>>>>> INFO: [mac:64:1c:67:82:7d:f2] handling radius autz request: from switch_ip
>>>>> => (172.16.0.50), connection_type => WIRED_MAC_AUTH,switch_mac =>
>>>>> (14:18:77:ea:f0:a2), mac => [64:1c:67:82:7d:f2], port => 41, username =>
>>>>> "641C67827DF2" (pf::radius::authorize)*
>>>>> *Dec 29 11:36:54 packtfence packetfence_httpd.aaa: httpd.aaa(5185)
>>>>> INFO: [mac:64:1c:67:82:7d:f2] Instantiate profile default
>>>>> (pf::Connection::ProfileFactory::_from_profile)*
>>>>> *Dec 29 11:36:54 packtfence packetfence_httpd.aaa: httpd.aaa(5185)
>>>>> INFO: [mac:64:1c:67:82:7d:f2] is of status unreg; belongs into
>>>>> registration
>>>>> VLAN (pf::role::getRegistrationRole)*
>>>>> *Dec 29 11:36:54 packtfence packetfence_httpd.aaa: httpd.aaa(5185)
>>>>> INFO: [mac:64:1c:67:82:7d:f2] (172.16.0.50) Added VLAN 300 to the returned
>>>>> RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)*
>>>>>
>>>>>
>>>>> *Dec 29 11:36:54 packtfence auth[7662]: Need 1 more connections to
>>>>> reach min connections (3)*
>>>>> *Dec 29 11:36:54 packtfence auth[7662]: rlm_rest (rest): Opening
>>>>> additional connection (23), 1 of 62 pending slots used*
>>>>> *Dec 29 11:36:54 packtfence auth[7662]: Need 1 more connections to
>>>>> reach min connections (3)*
>>>>> *Dec 29 11:36:54 packtfence auth[7662]: rlm_sql (sql): Opening
>>>>> additional connection (25), 1 of 62 pending slots used*
>>>>> *Dec 29 11:36:54 packtfence auth[7662]: [mac:64:1c:67:82:7d:f2]
>>>>> Accepted user: and returned VLAN 300*
>>>>> *Dec 29 11:36:54 packtfence auth[7662]: (44) Login OK: [641C67827DF2]
>>>>> (from client 172.16.0.50 port 41 cli 64:1c:67:82:7d:f2)*
>>>>>
>>>>>
>>>>> In the logs it returns to vlan correct, but does not assign to the
>>>>> computer, it stubborn in assigning the network 172.16.0.0/24.
>>>>>
>>>>> I did not configure DHCP in packetfence, when packetfence returns a
>>>>> vlan it is for it to get dhcp from my infrastructure. (So I imagine.)
>>>>>
>>>>> Follows some of my settings, it's okay to expose information since
>>>>> it's a lab.
>>>>>
>>>>>
>>>>> [root@packtfence ~]# ifconfig
>>>>> SCRIVENER-b: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>>> inet 169.254.0.2 netmask 255.255.255.252 broadcast
>>>>> 169.254.0.3
>>>>> inet6 fe80::c8b5:5bff:febe:b1cc prefixlen 64 scopeid
>>>>> 0x20<link>
>>>>> ether ca:b5:5b:be:b1:cc txqueuelen 1000 (Ethernet)
>>>>> RX packets 8 bytes 648 (648.0 B)
>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>> TX packets 8 bytes 648 (648.0 B)
>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>
>>>>> enp0s3: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
>>>>> ether 08:00:27:a3:36:2a txqueuelen 1000 (Ethernet)
>>>>> RX packets 5668 bytes 8119227 (7.7 MiB)
>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>> TX packets 1260 bytes 80253 (78.3 KiB)
>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>
>>>>> enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>>> inet 172.16.0.2 netmask 255.255.255.0 broadcast 172.16.0.255
>>>>> inet6 fe80::a00:27ff:fef4:37f8 prefixlen 64 scopeid
>>>>> 0x20<link>
>>>>> ether 08:00:27:f4:37:f8 txqueuelen 1000 (Ethernet)
>>>>> RX packets 20960 bytes 4119093 (3.9 MiB)
>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>> TX packets 12227 bytes 21064744 (20.0 MiB)
>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>
>>>>> enp0s8.300: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>>> inet 172.17.0.2 netmask 255.255.255.0 broadcast 172.17.0.255
>>>>> inet6 fe80::a00:27ff:fef4:37f8 prefixlen 64 scopeid
>>>>> 0x20<link>
>>>>> ether 08:00:27:f4:37:f8 txqueuelen 1000 (Ethernet)
>>>>> RX packets 10 bytes 628 (628.0 B)
>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>> TX packets 14 bytes 900 (900.0 B)
>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>
>>>>> enp0s8.301: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>>> inet 172.19.0.2 netmask 255.255.255.0 broadcast 172.19.0.255
>>>>> inet6 fe80::a00:27ff:fef4:37f8 prefixlen 64 scopeid
>>>>> 0x20<link>
>>>>> ether 08:00:27:f4:37:f8 txqueuelen 1000 (Ethernet)
>>>>> RX packets 10 bytes 628 (628.0 B)
>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>> TX packets 14 bytes 900 (900.0 B)
>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>
>>>>> enp0s8.600: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>>> inet 172.18.0.2 netmask 255.255.255.0 broadcast 172.18.0.255
>>>>> inet6 fe80::a00:27ff:fef4:37f8 prefixlen 64 scopeid
>>>>> 0x20<link>
>>>>> ether 08:00:27:f4:37:f8 txqueuelen 1000 (Ethernet)
>>>>> RX packets 10 bytes 628 (628.0 B)
>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>> TX packets 14 bytes 900 (900.0 B)
>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>
>>>>> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
>>>>> inet 127.0.0.1 netmask 255.0.0.0
>>>>> inet6 ::1 prefixlen 128 scopeid 0x10<host>
>>>>> loop txqueuelen 1 (Loopback Local)
>>>>> RX packets 1567747 bytes 224694729 (214.2 MiB)
>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>> TX packets 1567747 bytes 224694729 (214.2 MiB)
>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> [root@packtfence ~]# cat /usr/local/pf/conf/networks.conf
>>>>> [172.17.0.0]
>>>>> dns=172.17.0.2
>>>>> dhcp_start=172.17.0.10
>>>>> gateway=172.17.0.2
>>>>> domain-name=vlan-registration.scrivener.com.br
>>>>> nat_enabled=disabled
>>>>> named=enabled
>>>>> dhcp_max_lease_time=30
>>>>> fake_mac_enabled=disabled
>>>>> dhcpd=disabled
>>>>> dhcp_end=172.17.0.246
>>>>> type=vlan-registration
>>>>> netmask=255.255.255.0
>>>>> dhcp_default_lease_time=30
>>>>>
>>>>> [172.18.0.0]
>>>>> dns=172.18.0.2
>>>>> dhcp_start=172.18.0.10
>>>>> gateway=172.18.0.2
>>>>> domain-name=vlan-isolation.scrivener.com.br
>>>>> nat_enabled=disabled
>>>>> named=enabled
>>>>> dhcp_max_lease_time=30
>>>>> fake_mac_enabled=disabled
>>>>> dhcpd=disabled
>>>>> dhcp_end=172.18.0.246
>>>>> type=vlan-isolation
>>>>> netmask=255.255.255.0
>>>>> dhcp_default_lease_time=30
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> [root@packtfence ~]# cat /usr/local/pf/conf/switches.conf
>>>>> #
>>>>> # Copyright (C) 2005-2017 Inverse inc.
>>>>> #
>>>>> # See the enclosed file COPYING for license information (GPL).
>>>>> # If you did not receive this file, see
>>>>> # http://www.fsf.org/licensing/licenses/gpl.html
>>>>> [default]
>>>>> type=Dell::N1500
>>>>> registrationVlan=300
>>>>> isolationVlan=600
>>>>> uplink=5
>>>>> cliUser=[secret]
>>>>> cliPwd=[secret]
>>>>> cliEnablePwd=[secret]
>>>>> #
>>>>> # SNMP section
>>>>> #
>>>>> # PacketFence -> Switch
>>>>> SNMPVersion=2c
>>>>> #
>>>>> # RADIUS NAS Client config
>>>>> #
>>>>> # RADIUS shared secret with switch
>>>>> radiusSecret=teste123
>>>>> CORPORATIVOVlan=301
>>>>> uplink_dynamic=0
>>>>>
>>>>> [172.16.0.50]
>>>>> mode=production
>>>>> description=172.16.0.50
>>>>> ExternalPortalEnforcement=Y
>>>>> deauthMethod=Telnet
>>>>> cliAccess=Y
>>>>> defaultVlan=301
>>>>>
>>>>>
>>>>>
>>>>> Any can help? Please! My Christmas present and New Year's Eve.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Att,
>>>>> Andre Scrivener
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Check out the vibrant tech community on one of the world's most
>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> PacketFence-users mailing
>>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>
>>>>>
>>>>> --
>>>>> Fabrice [email protected] :: +1.514.447.4918 (x135) ::
>>>>> www.inverse.ca
>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>>>>> (http://packetfence.org)
>>>>>
>>>>>
>>>>> ------------------------------------------------------------
>>>>> ------------------
>>>>> Check out the vibrant tech community on one of the world's most
>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>>> _______________________________________________
>>>>> PacketFence-users mailing list
>>>>> [email protected]
>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Att
>>>> *Andre*
>>>>
>>>
>>>
>>>
>>> --
>>> Att
>>> *Andre*
>>>
>>>
>>> --
>>> Fabrice [email protected] :: +1.514.447.4918 (x135) ::
>>> www.inverse.ca
>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>>> (http://packetfence.org)
>>>
>>>
>>
>>
>> --
>> Att
>> *Andre Scrivener*
>>
>>
>> --
>> Fabrice [email protected] :: +1.514.447.4918 (x135) ::
>> www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>>
>>
>
>
> --
> Att,
> Andre Scrivener
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Att
*Andre *
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
