Hello Fabrice, Yes it receives a radius request from the controller. Here is the output of the packetfence.log:
Jan 4 08:15:54 packetfence packetfence_httpd.aaa: httpd.aaa(2051) INFO: [mac:cc:fd:17:ef:b3:e5] handling radius autz request: from switch_ip => (172.16.0.10), connection_type => Wireless-802.11-NoEAP,switch_mac => (88:90:8d:a1:59:d0), mac => [cc:fd:17:ef:b3:e5], port => 1, username => "cc:fd:17:ef:b3:e5", ssid => BYOD (pf::radius::authorize) Jan 4 08:15:54 packetfence packetfence_httpd.aaa: httpd.aaa(2051) INFO: [mac:cc:fd:17:ef:b3:e5] Instantiate profile byod-profile (pf::Connection::ProfileFactory::_from_profile) Jan 4 08:15:54 packetfence packetfence_httpd.aaa: httpd.aaa(2051) INFO: [mac:cc:fd:17:ef:b3:e5] is of status unreg; belongs into registration VLAN (pf::role::getRegistrationRole) Jan 4 08:15:54 packetfence packetfence_httpd.aaa: httpd.aaa(2051) INFO: [mac:cc:fd:17:ef:b3:e5] (172.16.0.10) Added VLAN 501 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Jan 4 08:15:54 packetfence packetfence_httpd.aaa: httpd.aaa(2051) INFO: [mac:cc:fd:17:ef:b3:e5] (172.16.0.10) Added role Pre-Auth-For-WebRedirect-PF to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Jan 4 08:15:54 packetfence packetfence_httpd.aaa: httpd.aaa(2051) INFO: [mac:cc:fd:17:ef:b3:e5] Adding web authentication redirection to reply using role: 'Pre-Auth-For-WebRedirect-PF' and URL: 'http://172.16.0.10/Cisco::WLC/sid0cf3c4?' (pf::Switch::Cisco::WLC::returnRadiusAccessAccept) Jan 4 08:15:57 packetfence packetfence_httpd.portal: httpd.portal(27455) INFO: [mac:[undef]] URI '/Cisco::WLC/sid0cf3c4' is detected as an external captive portal URI (pf::web::externalportal::handle) By radius audit log, do you mean on radius.log? Here is the output of radius.log: Jan 4 08:15:54 packetfence auth[2865]: rlm_sql (sql): Closing connection (1409): Hit idle_timeout, was idle for 121 seconds Jan 4 08:15:54 packetfence auth[2865]: rlm_sql (sql): Closing connection (1410): Hit idle_timeout, was idle for 121 seconds Jan 4 08:15:54 packetfence auth[2865]: rlm_sql (sql): Closing connection (1408): Hit idle_timeout, was idle for 121 seconds Jan 4 08:15:54 packetfence auth[2865]: rlm_sql (sql): Opening additional connection (1411), 1 of 64 pending slots used Jan 4 08:15:54 packetfence auth[2865]: Need 2 more connections to reach min connections (3) Jan 4 08:15:54 packetfence auth[2865]: rlm_sql (sql): Opening additional connection (1412), 1 of 63 pending slots used Jan 4 08:15:54 packetfence auth[2865]: rlm_rest (rest): Closing connection (1309): Hit idle_timeout, was idle for 160 seconds Jan 4 08:15:54 packetfence auth[2865]: rlm_rest (rest): Closing connection (1308): Hit idle_timeout, was idle for 121 seconds Jan 4 08:15:54 packetfence auth[2865]: rlm_rest (rest): Closing connection (1310): Hit idle_timeout, was idle for 121 seconds Jan 4 08:15:54 packetfence auth[2865]: rlm_rest (rest): Opening additional connection (1311), 1 of 64 pending slots used Jan 4 08:15:54 packetfence auth[2865]: Need 2 more connections to reach min connections (3) Jan 4 08:15:54 packetfence auth[2865]: rlm_rest (rest): Opening additional connection (1312), 1 of 63 pending slots used Jan 4 08:15:54 packetfence auth[2865]: [mac:cc:fd:17:ef:b3:e5] Accepted user: and returned VLAN 501 Jan 4 08:15:54 packetfence auth[2865]: (58671) Login OK: [cc:fd:17:ef:b3:e5] (from client 172.16.0.20 port 1 cli cc:fd:17:ef:b3:e5) Packetfence management IP is 172.16.0.10 and WLC IP is 172.16.0.20. This is the ip dhcp pool configuration on the L3 switch: ip dhcp pool BYOD network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 172.30.0.250 172.30.0.251 This is SVI defined on the same L3 switch: interface Vlan501 description PF_BYOD ip address 192.168.1.1 255.255.255.0 ip helper-address 172.16.0.10 WLC is directly connected tp the L3 switch, and has virtual interface in this 501 VLAN which is used by this BYOD SSID. It happens that I am successfully connected to this BYOD SSID and receive IP, but when pseudo browser opens on Android, as a result of redirection it shows blank page now. Even tried this with windows laptop. But just shows blank page with waiting from response from msftconnecttest.com If you need more info feel free. ---- On Fri, 04 Jan 2019 01:38:08 +0100 Durand fabrice via PacketFence-users <[email protected]> wrote ---- > Hello Kalcho, > > does packetfence receive a radius request from the controller ? > > If yes can you paste a radius request/reply ? (check in radius audit log > for that) > > Regards > > Fabrice > > > Le 19-01-03 à 10 h 09, Kalcho via PacketFence-users a écrit : > > Hello all, > > > > I have configured Web Authentication for Cisco WLC as described in Network > > Devices Guide. > > I am using network 192.168.1.0/24 for this WiFi SSID, which is open with > > Mac filtering. > > I am using two access list Pre-Auth-For-WebRedirect-PF and Authorize_any. > > I have added WLC in the packetfence, and activated "Role by Switch Role": > > registration->Pre-Auth-For-WebRedirect-PF, and default->Authorize_any. > > > > These two access lists are defined on the WLC. > > Authorize_any permits everything, while Pre-Auth-For-WebRedirect-PF > > 1. permits DNS traffic > > 2. permits DHCP traffic > > 3. permit packets to Packetfence management interface as destination and > > source. > > > > I have also added portal role on management interface. > > Management interface is on 172.16.0.10. > > VLAN which is assigned to WiFi SSID interface uses network 192.168.1.0/24 > > which is routable and uses production DHCP hosted on L3 switch. Also it > > uses production DNS servers. > > > > Clients when connected receive correct DHCP address. > > I am having problem that not being redirected to the captive portal > > automatically. I can open it in browser, but no redirection. I guess this > > has something to do with the fact I am not using packetfence DHCP and DNS. > > > > > > > > > > > > _______________________________________________ > > PacketFence-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
