10.10.0.10 is my management interface for PF. and portal daemon is added in the
list of listening daemons on this interface. Role by VLAN ID: registration VLAN
ID is 3, and Guest VLAN ID is 3. So VLAN is not changed after authorization.
Role by Switch Role: registration is set to pf_registration (same name of
access list is set on switch, see below) Role by Web Auth URL: registration is
set to http://10.10.0.10/Cisco::Catalyst_2960 In connection profile under
Filters I set Connection Type = WIRED_MAC_AUTH. In Authentication Sources i
used null and set Authentication Rule with name catchall and actions Role =
guest, Access duration = 12 hours This is my switch configuration: aaa
new-model aaa group server radius packetfence server 10.10.0.10 auth-port 1812
acct-port 1813 aaa authentication login default local aaa authentication dot1x
default group packetfence aaa authorization network default group packetfence
aaa server radius dynamic-author client 10.10.0.10 server-key 7
00000000000000000 port 3799 aaa session-id common dot1x system-auth-control
interface GigabitEthernet1/0/1 switchport mode access authentication order
dot1x mab authentication priority dot1x mab authentication port-control auto
authentication periodic authentication timer reauthenticate 10800
authentication timer restart 10800 mab no snmp trap link-status dot1x pae
authenticator dot1x timeout quiet-period 2 dot1x timeout tx-period 3
spanning-tree portfast ip default-gateway 10.20.0.1 ip http server ip http
secure-server ip access-list extended pf_registration deny ip any host
10.10.0.10 permit tcp any any eq www permit tcp any any eq 443 snmp-server
community public RO snmp-server community mysnmp RO snmp-server community
mywrite RW radius-server host 10.10.0.10 auth-port 1812 acct-port 1813 key 7
00000000000000000 no radius-server vsa send accounting no radius-server vsa
send authentication ---- On Mon, 01 Oct 2018 13:23:26 +0200 Kalcho via
PacketFence-users <[email protected]> wrote ---- Hello, I
am currently testing packetfence for my company, just to see if it will suit
our needs. What basically we need is 802.1X authentication for AD users and Web
Portal Authentication via MAB for guests. I have used this guide
https://packetfence.org/doc/PacketFence_Installation_Guide.html to setup PoC.
Basically I installed PF on CentOS7, disabled firewall and Selinux and followed
guide step by step. I have done every step like it is said in the guide, and
now 802.1X works well. But when I after that on the same switch interface use
mab for authentication by instructions from the chapter "6. Enabling the
Captive Portal" redirection is done well, but the url for the captive portal
which is in my case http://X.X.X.X/Cisco::Catalyst_2960 with prepended
sid1eef66?redirect=http://www.msftconnecttest.com/redirect Time Out. For this
test I use PacketFence on CentOS7 server, which is hosted on Hyper-V VM NAS:
Cisco 2960-S switch (Model: WS-C2960S-24TS-L, SW Version: 15.2(2a)E1)
Supplicant: Windows 10 Workstation I have configured one management interface
on the packetfence on the address X.X.X.X and on the same interface I have
added additional listening daemon portal per instructions. Packetfence
management interface is in say VLAN 1, and switch management interface is in
VLAN 2. I have done everything like in guide, but I am unable to detect what is
error. Maybe I am missing something. If you need more info feel free to
request. _______________________________________________ PacketFence-users
mailing list [email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
