Re: [PacketFence-users] Need help solving a problem with vlan enforcement

André Scrivener via PacketFence-users Fri, 05 Jan 2018 05:43:40 -0800

Hey Timonthy,

Following my network.conf


[root@packetfence ~]# cat /usr/local/pf/conf/networks.conf
[192.168.3.0]
dns=192.168.3.2
dhcp_start=192.168.3.10
gateway=192.168.3.2
domain-name=vlan-isolation.scrivener.com.br
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=30
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.3.246
type=vlan-isolation
netmask=255.255.255.0
dhcp_default_lease_time=30

[192.168.2.0]
dns=192.168.2.2
dhcp_start=192.168.2.10
gateway=192.168.2.2
domain-name=vlan-registration.scrivener.com.br
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=30
fake_mac_enabled=disabled
dhcpd=enabled
dhcp_end=192.168.2.246
type=vlan-registration
netmask=255.255.255.0
dhcp_default_lease_time=30
[root@packetfence ~]#


I applied a setting that you know but does not work.

I do not understand why on the switch, it indicates that the MAC address is
in VLAN 2, but does not assign the address of vlan 2.


console#show mac address-table

Aging time is 300 Sec

Vlan     Mac Address           Type        Port
-------- --------------------- ----------- ---------------------
1        0800.2700.58E2        Dynamic     Gi1/0/11
1        0800.2735.FCC4        Dynamic     Gi1/0/11
1        1418.77EA.F0A3        Management  Vl1
1        641C.675E.738F        Dynamic     Gi1/0/11
2        847B.EBE3.8442        Dynamic     Gi1/0/13


If I set up an interface manually in vlan 2, it assigns the address of vlan
2 correct.

interface Gi1/0/15
switchport mode general
switchport general pvid 2
switchport general allowed vlan add 2-5,10,100
dot1x port-control mac-based
dot1x reauthentication
dot1x mac-auth-bypass
authentication order mab
authentication priority mab
exit
!


console#show mac address-table

Aging time is 300 Sec

Vlan     Mac Address           Type        Port
-------- --------------------- ----------- ---------------------
1        0800.2700.58E2        Dynamic     Gi1/0/11
1        0800.2735.FCC4        Dynamic     Gi1/0/11
1        1418.77EA.F0A3        Management  Vl1
1        641C.675E.738F        Dynamic     Gi1/0/11
2        0800.2735.FCC4        Dynamic     Gi1/0/11
2        847B.EBE3.8442        Dynamic     Gi1/0/15



Look a new ip address assign to client:

Jan  5 10:58:10 packetfence pfqueue: pfqueue(32349) INFO:
[mac:84:7b:eb:e3:84:42] oldip (172.16.0.10) and newip (192.168.2.10) are
different for 84:7b:eb:e3:84:42 - closing ip4log entry
(pf::api::update_ip4log)


To complete..follow my config interface packetfence:

interface Gi1/0/11
switchport mode trunk
switchport trunk allowed vlan 1-5,10,100
dot1x port-control force-authorized
exit


Greeatings!!


-- 
Att
*Andre*

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

Reply via email to