I can say that the N2000 Serie from DELL should work pretty well with PacketFence. We had tested exactly that switch model with packetfence and solved some issues together with inverse a few month ago (Support Subscription is pretty usefull ;) )
The config written in the PacketFence documentation doesn't fit to the actually Dell OS... especially the MAB Config. *Here is my well tested DELL Config:* aaa accounting dot1x default start-stop radius authentication enable dot1x system-auth-control aaa authentication dot1x default radius aaa authorization network default radius dot1x dynamic-vlan enable aaa server radius dynamic-author client <PF-IP> server-key 7 "XXX" exit radius server auth <PF-IP> name "PacketFence" usage 802.1x key 7 "XXX" exit radius server acct <PF-IP> name "Default-RADIUS-Server" key 7 "XXX" exit radius server vsa send authentication ip ssh server *AND ON ALL NAC INTERFACES * switchport mode general dot1x port-control mac-based dot1x reauthentication dot1x timeout guest-vlan-period 10 dot1x unauth-vlan 931 mab default mab pap authentication order dot1x mab authentication priority dot1x lldp tlv-select system-description system-capabilities lldp notification lldp med confignotification switchport voice vlan 205 Am Fr., 7. Dez. 2018 um 16:50 Uhr schrieb Anton Castelli via PacketFence-users <[email protected]>: > Fabrice, > > > I've attached the relevant part of the packetfence.log. Some of the > information has been masked. The MAC "35:aa" is a laptop with the 802.1x > supplicant configured with a username and password from our Active > Directory. The MAC "39:46" is a VoIP phone with no 802.1x capability that > is falling back to MAB authentication. > > > > Ludovic, > > In this case it is a Dell N2024P and I'm using the "Dell::N1500" type when > I added it to Packetfence. I also have a Cisco 2960 that I can test with. > > Thanks, > > > -- > ANTON CASTELLI > Network Engineer IV > > INFORMATION TECHNOLOGY > MAIL CODE 4622 > SOUTHERN ILLINOIS UNIVERSITY > 625 WHAM DRIVE > CARBONDALE, ILLINOIS 62901 > > [email protected] <[email protected]> > P: 618/453-6424 > OIT.SIU.EDU <http://oit.siu.edu/networkengineering> > ------------------------------ > *From:* Ludovic Zammit <[email protected]> > *Sent:* Friday, December 7, 2018 6:46:07 AM > *To:* Anton Castelli > *Cc:* [email protected] > *Subject:* Re: [PacketFence-users] VLAN Assignment for MAB clients > > Hello Anton, > > Which kind of switch / network equipment are you using for the > authentication ? > > Thanks, > > > Ludovic [email protected] :: +1.514.447.4918 (x145) :: > www.inverse.ca > <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.inverse.ca&d=DwMFAg&c=jrLYy3FV6j9HoN3FfGW-SLJoSRpiMyAzztY4B1tagEk&r=1NeIC5lqzfQOl-pBhJnTLGgpT5VX6v10JHbD4O5t4oY&m=xHktulKr1ttJHdHBNDsii_Xnel1xaPJq8m6kbEu7JZw&s=AfwUE_8XXB6ecZ9iBn_O8K-QsYjZT_qKmorQrFs66es&e=> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu > <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.sogo.nu&d=DwMFAg&c=jrLYy3FV6j9HoN3FfGW-SLJoSRpiMyAzztY4B1tagEk&r=1NeIC5lqzfQOl-pBhJnTLGgpT5VX6v10JHbD4O5t4oY&m=xHktulKr1ttJHdHBNDsii_Xnel1xaPJq8m6kbEu7JZw&s=jP7WC-EZZMrcqkttkFA7Ah8rQlEVsN-7N5AveGbDi4M&e=>) > and PacketFence (http://packetfence.org > <https://urldefense.proofpoint.com/v2/url?u=http-3A__packetfence.org&d=DwMFAg&c=jrLYy3FV6j9HoN3FfGW-SLJoSRpiMyAzztY4B1tagEk&r=1NeIC5lqzfQOl-pBhJnTLGgpT5VX6v10JHbD4O5t4oY&m=xHktulKr1ttJHdHBNDsii_Xnel1xaPJq8m6kbEu7JZw&s=0m-A3HXqeSvKmPaXjs16BrLSp4Y4BuX-5x-SXLrrbx4&e=>) > > > > > > On Dec 6, 2018, at 3:03 PM, Anton Castelli via PacketFence-users < > [email protected]> wrote: > > I'm pretty new to Packetfence. I have a demo server set up and working. It > authenticates 802.1x clients against our Active Directory, can assign them > a role based on their LDAP group, and can assign them a VLAN based on their > role. > > Non-802.1x devices that fall back to MAB can also authenticate once I've > manually registered the device. I can also set a role manually for the > device. However, the VLAN assignment for that role is not passed back to > the switch. > > I've confirmed that the VLAN assignment for that role is working. I put a > 802.1x client in that role and the VLAN assignment works. A MAB client in > the same role on the same switch will not have a VLAN assignment passed > back to the switch. > > RADIUS response for 802.1x client: > > <8021x.png> > > RADIUS response for MAB client: > > <mab.png> > > Is there a way to configure Packetfence to assign a VLAN on the switch for > a MAB client? > > Thanks, > > -- > ANTON CASTELLI > Network Engineer IV > > INFORMATION TECHNOLOGY > MAIL CODE 4622 > SOUTHERN ILLINOIS UNIVERSITY > 625 WHAM DRIVE > CARBONDALE, ILLINOIS 62901 > > [email protected] <[email protected]> > P: 618/453-6424 > OIT.SIU.EDU <http://oit.siu.edu/networkengineering> > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.sourceforge.net_lists_listinfo_packetfence-2Dusers&d=DwMFAg&c=jrLYy3FV6j9HoN3FfGW-SLJoSRpiMyAzztY4B1tagEk&r=1NeIC5lqzfQOl-pBhJnTLGgpT5VX6v10JHbD4O5t4oY&m=xHktulKr1ttJHdHBNDsii_Xnel1xaPJq8m6kbEu7JZw&s=-Lxn4fDJcg2E5fI_p0-u65wEMBwbrTMiQRgV05Hqr2E&e=> > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
