Hi All, We have implemented CoA method to bounce port (reuse Cisco.pm _radiusBounceMac) in our new hardware module but with some issues.
1) The bounce port CoA request packet is received at switch, the switch
replies with CoA-ACK and obliges with port down then port port up. (It does
what its supposed to do, no problems)
2) The CoA-ACK reply packet also arrives at the switch (I confirmed it with
tcpdump) but packetfence somehow can't get the reply packet. Instead I get
the following log entries
Oct 15 16:43:59 packetfence httpd_admin: httpd.admin(826) INFO:
[mac:unknown] boucing MAC e0:db:55:cd:84:62 using RADIUS CoA-Request method
(pf::Switch::Pica::bouncePort)
Oct 15 16:43:59 packetfence httpd_admin: httpd.admin(826) WARN:
[mac:unknown] Unable to perform RADIUS CoA-Request: Timeout waiting for a
reply from 10.10.51.217 on port 3799 at /usr/local/pf/lib/pf/util/radius.pm
line 162. (pf::Switch::Pica::catch {...} )
Oct 15 16:43:59 packetfence httpd_admin: httpd.admin(826) ERROR:
[mac:unknown] Cannot restart switch port for e0:db:55:cd:84:62
(pfappserver::PacketFence::Controller::Node::restart_switchport)
I checked the Radius.pm code (perform_dynauth), it sends the CoA request
packet and listens for a reply, the reply arrives at the machine running
packetfence but evades the socket listening for reply.
I double checked the timeout and port number but couldn't get to the root
cause. Any ideas would be highly appreciated. I'm attaching the capture
request/reply pcap for your reference. Please advise.
Thanks,
Ali
--
Amjad Ali
coa10-8.pcap
Description: Binary data
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
