Hello Ebrar,

This should work:

[192.168.56.100]
description=IOUvL2
type=Cisco::Catalyst_2960
radiusSecret=useStrongerSecret
deauthMethod=RADIUS

Regards

Fabrice




Le 2018-03-06 à 08:49, ebrar via PacketFence-users a écrit :

Hi All,

I have set up PF on a virtual machine whose OS is Centos and i have set up a switch on GNS3 by using the image below :

i86bi-linux-l2-adventerprisek9-15.1a

This SW lets me do all the configurations mentioned on PacketFence Out-of-Band Deployment Quick Guide. You can see the related configurations on the SW below :

username ebrar privilege 0 password 0 eleb
aaa new-model
!
!
aaa group server radius packetfence
 server name pfnac
!
aaa authentication login default local
aaa authentication dot1x default group packetfence
aaa authorization network default group packetfence
!
!
!
!
aaa server radius dynamic-author
 client 192.168.56.101 server-key useStrongerSecret
 port 3799
!
aaa session-id common
no ip icmp rate-limit unreachable
!
ip cef
!
!
no ip domain-lookup
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
dot1x system-auth-control

interface Ethernet0/0
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,3,10
 switchport mode trunk
 duplex auto
!
interface Ethernet0/1
 switchport access vlan 10
 switchport mode access
 duplex auto
 authentication order mab dot1x
 authentication priority mab dot1x
 authentication port-control auto
 authentication periodic
 authentication timer restart 10800
 authentication timer reauthenticate 10800
 authentication violation replace
 mab
 no snmp trap link-status
 dot1x pae authenticator
 dot1x timeout quiet-period 2
 dot1x timeout tx-period 3
!
interface Ethernet0/2
 switchport access vlan 20
 switchport mode access
 duplex auto

snmp-server community public RO
snmp-server community private RW
snmp-server host 192.168.56.101 version 2c public
!
radius-server vsa send authentication
!
radius server pfnac
 address ipv4 192.168.56.101 auth-port 1812 acct-port 1813
 automate-tester username ebrar ignore-acct-port idle-time 3
 key useStrongerSecret

When I connect a client to Ethernet 0/1 and try to connect to internet (www.google.com) It responds "Page Not Found" and nothing is being changed on the SW.

You can see the errors in the log files below :

packetfence.log :

[root@localhost logs]#  tail -f packetfence.log
Mar  6 19:26:03 localhost packetfence_httpd.aaa: httpd.aaa(2123) ERROR: [mac:[undef]] WARNING ! Unknown switch(es) 192.168.56.100 (pf::SwitchFactory::instantiate) Mar  6 19:26:03 localhost packetfence_httpd.aaa: httpd.aaa(2123) WARN: [mac:[undef]] Unknown switch (192.168.56.100). This request will be failed. (pf::radius::switch_access) Mar  6 19:29:02 localhost packetfence_httpd.aaa: httpd.aaa(2123) ERROR: [mac:[undef]] WARNING ! Unknown switch(es) 192.168.56.100 (pf::SwitchFactory::instantiate) Mar  6 19:29:02 localhost packetfence_httpd.aaa: httpd.aaa(2123) WARN: [mac:[undef]] Unknown switch (192.168.56.100). This request will be failed. (pf::radius::switch_access) Mar  6 19:31:51 localhost packetfence_httpd.aaa: httpd.aaa(2123) ERROR: [mac:[undef]] WARNING ! Unknown switch(es) 192.168.56.100 (pf::SwitchFactory::instantiate) Mar  6 19:31:51 localhost packetfence_httpd.aaa: httpd.aaa(2123) WARN: [mac:[undef]] Unknown switch (192.168.56.100). This request will be failed. (pf::radius::switch_access) Mar  6 19:34:49 localhost packetfence_httpd.aaa: httpd.aaa(2123) ERROR: [mac:[undef]] WARNING ! Unknown switch(es) 192.168.56.100 (pf::SwitchFactory::instantiate) Mar  6 19:34:49 localhost packetfence_httpd.aaa: httpd.aaa(2123) WARN: [mac:[undef]] Unknown switch (192.168.56.100). This request will be failed. (pf::radius::switch_access) Mar  6 19:37:37 localhost packetfence_httpd.aaa: httpd.aaa(2123) ERROR: [mac:[undef]] WARNING ! Unknown switch(es) 192.168.56.100 (pf::SwitchFactory::instantiate) Mar  6 19:37:37 localhost packetfence_httpd.aaa: httpd.aaa(2123) WARN: [mac:[undef]] Unknown switch (192.168.56.100). This request will be failed. (pf::radius::switch_access)

radius.log :

Mar  6 19:37:37 localhost auth[2284]: (552) rest: ERROR: {"control:PacketFence-Authorization-Status":"allow","Reply-Message":"Switch is not managed by PacketFence"} Mar  6 19:37:37 localhost auth[2284]: Need 2 more connections to reach min connections (3) Mar  6 19:37:37 localhost auth[2284]: rlm_rest (rest): Opening additional connection (1099), 1 of 63 pending slots used Mar  6 19:37:37 localhost auth[2284]: rlm_sql (sql): Closing connection (1097): Hit idle_timeout, was idle for 168 seconds Mar  6 19:37:37 localhost auth[2284]: rlm_sql (sql): Closing connection (1098): Hit idle_timeout, was idle for 168 seconds Mar  6 19:37:37 localhost auth[2284]: rlm_sql (sql): Opening additional connection (1099), 1 of 64 pending slots used Mar  6 19:37:37 localhost auth[2284]: Need 2 more connections to reach min connections (3) Mar  6 19:37:37 localhost auth[2284]: rlm_sql (sql): Opening additional connection (1100), 1 of 63 pending slots used
Mar  6 19:37:37 localhost auth[2284]: [mac:] Rejected user: ebrar
Mar  6 19:37:37 localhost auth[2284]: (552) Rejected in post-auth: [ebrar] (from client 192.168.56.100/32 port 0)

And configuration file :

switches.conf :

[root@localhost conf]# cat switches.conf
#
# Copyright (C) 2005-2018 Inverse inc.
#
# See the enclosed file COPYING for license information (GPL).
# If you did not receive this file, see
# http://www.fsf.org/licensing/licenses/gpl.html
[192.168.0.1]
description=Test Switch
type=Cisco::Catalyst_2900XL
mode=production
uplink=23,24

#SNMPVersion = 3
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
#SNMPVersionTrap = 3
#SNMPUserNameTrap = readUser
#SNMPAuthProtocolTrap = MD5
#SNMPAuthPasswordTrap = authpwdread
#SNMPPrivProtocolTrap = DES
#SNMPPrivPasswordTrap = privpwdread
[192.168.1.0/24]
description=Test Range Switch
type=Cisco::Catalyst_2900XL
mode=production
uplink=23,24

[192.168.56.100/32]
description=IOUvL2
type=Cisco::Catalyst_2960
radiusSecret=useStrongerSecret
deauthMethod=RADIUS
[root@localhost conf]#

Where I am making mistake and how i can resolve it? Could you please help?

Thanks,

Regards.

Ebrar.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to