Re: [PacketFence-users] CoA reply packet not detected by packetfence

Fri, 19 Oct 2018 20:18:01 -0700 

Hello Ali,
you did the good thing but in the capture it looks that the switch reply on the wrong port. 

CoA request: src port 52492 dst 3799

CoA-ACK : src port 1812 dst 3799 (it's suppose to be src 3799 dst 52492)

So it looks to me a switch bug.

Regards

Fabrice

Le 18-10-15 à 05 h 47, Amjad Ali via PacketFence-users a écrit :

Hi All,


We have implemented CoA method to bounce port (reuse Cisco.pm 
_radiusBounceMac) in our new hardware module but with some issues.



1) The bounce port CoA request packet is received at switch, the 
switch replies with CoA-ACK and obliges with port down then port port 
up. (It does what its supposed to do, no problems)
2) The CoA-ACK reply packet also arrives at the switch (I confirmed it 
with tcpdump) but packetfence somehow can't get the reply packet. 
Instead I get the following log entries



Oct 15 16:43:59 packetfence httpd_admin: httpd.admin(826) INFO: 
[mac:unknown] boucing MAC e0:db:55:cd:84:62 using RADIUS CoA-Request 
method (pf::Switch::Pica::bouncePort)
Oct 15 16:43:59 packetfence httpd_admin: httpd.admin(826) WARN: 
[mac:unknown] Unable to perform RADIUS CoA-Request: Timeout waiting 
for a reply from 10.10.51.217 on port 3799 at 
/usr/local/pf/lib/pf/util/radius.pm <http://radius.pm> line 162. 
(pf::Switch::Pica::catch {...} )
Oct 15 16:43:59 packetfence httpd_admin: httpd.admin(826) ERROR: 
[mac:unknown] Cannot restart switch port for e0:db:55:cd:84:62 
(pfappserver::PacketFence::Controller::Node::restart_switchport)



I checked the Radius.pm code (perform_dynauth), it sends the CoA 
request packet and listens for a reply, the reply arrives at the 
machine running packetfence but evades the socket listening for reply.



I double checked the timeout and port number but couldn't get to the 
root cause. Any ideas would be highly appreciated. I'm attaching the 
capture request/reply pcap for your reference. Please advise.


Thanks,
Ali
--
Amjad Ali


_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to