Hello Anton,
as i can see both are doing 802.1x (Ethernet-EAP) but i suspect that the
phone is doing eap-md5 and not pap.
Can you try to add that in the switch interface config:
default mab pap
Also i did some change with a client to have a better support with VoIP
on the Dell switches (you need to configure snmp to allow PacketFence to
do some requests):
https://github.com/inverse-inc/packetfence/compare/feature/DELL_lldp.diff
If you want to try you just have to do the following:
cd /usr/local/pf
curl
https://github.com/inverse-inc/packetfence/compare/feature/DELL_lldp.diff|
patch -p1 --dry-run
If there is no error:
curl
https://github.com/inverse-inc/packetfence/compare/feature/DELL_lldp.diff|
patch -p1
Then restart packetfence.
Regards
Fabrice
Le 18-12-07 à 09 h 29, Anton Castelli via PacketFence-users a écrit :
Fabrice,
I've attached the relevant part of the packetfence.log. Some of the
information has been masked. The MAC "35:aa" is a laptop with the
802.1x supplicant configured with a username and password from our
Active Directory. The MAC "39:46" is a VoIP phone with no 802.1x
capability that is falling back to MAB authentication.
Ludovic,
In this case it is a Dell N2024P and I'm using the "Dell::N1500" type
when I added it to Packetfence. I also have a Cisco 2960 that I can
test with.
Thanks,
--
ANTON CASTELLI
Network Engineer IV
INFORMATION TECHNOLOGY
MAIL CODE 4622
SOUTHERN ILLINOIS UNIVERSITY
625 WHAM DRIVE
CARBONDALE, ILLINOIS 62901
anton.caste...@siu.edu <mailto:ac14...@siu.edu>
P: 618/453-6424
OIT.SIU.EDU <http://oit.siu.edu/networkengineering>
------------------------------------------------------------------------
*From:* Ludovic Zammit <lzam...@inverse.ca>
*Sent:* Friday, December 7, 2018 6:46:07 AM
*To:* Anton Castelli
*Cc:* packetfence-users@lists.sourceforge.net
*Subject:* Re: [PacketFence-users] VLAN Assignment for MAB clients
Hello Anton,
Which kind of switch / network equipment are you using for the
authentication ?
Thanks,
Ludovic Zammit
lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) ::www.inverse.ca
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.inverse.ca&d=DwMFAg&c=jrLYy3FV6j9HoN3FfGW-SLJoSRpiMyAzztY4B1tagEk&r=1NeIC5lqzfQOl-pBhJnTLGgpT5VX6v10JHbD4O5t4oY&m=xHktulKr1ttJHdHBNDsii_Xnel1xaPJq8m6kbEu7JZw&s=AfwUE_8XXB6ecZ9iBn_O8K-QsYjZT_qKmorQrFs66es&e=>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.sogo.nu&d=DwMFAg&c=jrLYy3FV6j9HoN3FfGW-SLJoSRpiMyAzztY4B1tagEk&r=1NeIC5lqzfQOl-pBhJnTLGgpT5VX6v10JHbD4O5t4oY&m=xHktulKr1ttJHdHBNDsii_Xnel1xaPJq8m6kbEu7JZw&s=jP7WC-EZZMrcqkttkFA7Ah8rQlEVsN-7N5AveGbDi4M&e=>)
and PacketFence (http://packetfence.org
<https://urldefense.proofpoint.com/v2/url?u=http-3A__packetfence.org&d=DwMFAg&c=jrLYy3FV6j9HoN3FfGW-SLJoSRpiMyAzztY4B1tagEk&r=1NeIC5lqzfQOl-pBhJnTLGgpT5VX6v10JHbD4O5t4oY&m=xHktulKr1ttJHdHBNDsii_Xnel1xaPJq8m6kbEu7JZw&s=0m-A3HXqeSvKmPaXjs16BrLSp4Y4BuX-5x-SXLrrbx4&e=>)
On Dec 6, 2018, at 3:03 PM, Anton Castelli via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
I'm pretty new to Packetfence. I have a demo server set up and
working. It authenticates 802.1x clients against our Active
Directory, can assign them a role based on their LDAP group, and can
assign them a VLAN based on their role.
Non-802.1x devices that fall back to MAB can also authenticate
once I've manually registered the device. I can also set a role
manually for the device. However, the VLAN assignment for that role
is not passed back to the switch.
I've confirmed that the VLAN assignment for that role is working. I
put a 802.1x client in that role and the VLAN assignment works. A MAB
client in the same role on the same switch will not have a VLAN
assignment passed back to the switch.
RADIUS response for 802.1x client:
<8021x.png>
RADIUS response for MAB client:
<mab.png>
Is there a way to configure Packetfence to assign a VLAN on the
switch for a MAB client?
Thanks,
--
ANTON CASTELLI
Network Engineer IV
INFORMATION TECHNOLOGY
MAIL CODE 4622
SOUTHERN ILLINOIS UNIVERSITY
625 WHAM DRIVE
CARBONDALE, ILLINOIS 62901
anton.caste...@siu.edu <mailto:ac14...@siu.edu>
P:618/453-6424 <tel:618/453-6424>
OIT.SIU.EDU <http://oit.siu.edu/networkengineering>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.sourceforge.net_lists_listinfo_packetfence-2Dusers&d=DwMFAg&c=jrLYy3FV6j9HoN3FfGW-SLJoSRpiMyAzztY4B1tagEk&r=1NeIC5lqzfQOl-pBhJnTLGgpT5VX6v10JHbD4O5t4oY&m=xHktulKr1ttJHdHBNDsii_Xnel1xaPJq8m6kbEu7JZw&s=-Lxn4fDJcg2E5fI_p0-u65wEMBwbrTMiQRgV05Hqr2E&e=>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users