And now this issue happened with ruckus and aruba. Our network team noticed us they??ll change 2 big offices?? authentication to acs again... The issue with ruckus behaves also normal with pf logs. But I noticed AC sent out an accounting stop packet immediately after it sent accounting start packet with reason ??admin reset??.Really need a clue on this issue...Thanks in advance.
------------------ Original ------------------ From: packetfence-users <[email protected]> Date: ????,1?? 10,2018 20:41 To: packetfence-users <[email protected]> Cc: Yan <[email protected]> Subject: Re: [PacketFence-users] Successfully passed 802.1x auth but no networkaccess Hi dear users, We use PF V7.3 in our office integrated with Aruba AC. Recently our wireless behaves very strange. Some users can connected to wireless, passed the 802.1x auth and can get the correct role and IP, but they just couldn't access any network. There is no wired in PF logs. But as we check Aruba AC logs, we can see many "User miss" logs. I don't know what caused this issue but now our network team said previous ACS didn't have this issue and let us check pf's problem. Anyone ever met this issue ? Jan 10 10:49:54 172.26.2.230 Jan 10 10:49:52 2018 WHZH-7210-1 authmgr[4111]: <522050> <4111> <INFO> <WHZH-7210-1 172.26.2.230> MAC=f4:cc:89:e8:2a:d3,IP=172.26.36.202 User data downloaded to datapath, new Role=Didi-Guest-acl-prof/80, bw Contract=0/0, reason=New user IP processing, idle-timeout=300 Jan 10 10:49:54 172.26.2.230 Jan 10 10:49:52 2018 WHZH-7210-1 authmgr[4111]: <522026> <4111> <INFO> <WHZH-7210-1 172.26.2.230> MAC=f4:cc:89:e8:2a:d3 IP=172.26.36.202 User miss: ingress=0x1041e, VLAN=205 flags=0x4000c040 Jan 10 10:49:54 172.26.2.230 Jan 10 10:49:52 2018 WHZH-7210-1 authmgr[4111]: <522050> <4111> <INFO> <WHZH-7210-1 172.26.2.230> MAC=8e:85:00:80:79:ff,IP=172.26.18.2 User data downloaded to datapath, new Role=employees/78, bw Contract=0/0, reason=New user IP processing, idle-timeout=15300 Jan 10 10:49:54 172.26.2.230 Jan 10 10:49:52 2018 WHZH-7210-1 authmgr[4111]: <522026> <4111> <INFO> <WHZH-7210-1 172.26.2.230> MAC=8e:85:00:80:79:ff IP=172.26.18.2 User miss: ingress=0x1048c, VLAN=204 flags=0x4000c040 Jan 10 10:49:54 172.26.2.230 Jan 10 10:49:52 2018 WHZH-7210-1 authmgr[4111]: <522050> <4111> <INFO> <WHZH-7210-1 172.26.2.230> MAC=84:44:67:4f:57:55,IP=172.26.33.243 User data downloaded to datapath, new Role=employees/78, bw Contract=0/0, reason=New user IP processing, idle-timeout=15300 Jan 10 10:49:54 172.26.2.230 Jan 10 10:49:52 2018 WHZH-7210-1 authmgr[4111]: <522026> <4111> <INFO> <WHZH-7210-1 172.26.2.230> MAC=84:44:67:4f:57:55 IP=172.26.33.243 User miss: ingress=0x10399, VLAN=203 BTW I comment out acct-session-id in /usr/local/pf/lib/pf/Switch/Aruba.pm since we found pf can't disconnect device with acctsessionid. Not sure if this action caused error.
[email protected]
Description: Binary data
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
