Hello Wifi,
i think the reconfiguration is made by the accounting. (accounting stop)
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/radius.pm#L421
Regards
Fabrice
Le 19-02-06 à 08 h 21, Wifi Guy via PacketFence-users a écrit :
Hi Fabrice
Thanks for the note. So this seems to work pushing the config down....
*Cisco 2960 switchport before connecting AP*
/interface FastEthernet0/1/
/ switchport mode access/
/ authentication order dot1x mab/
/ authentication priority dot1x mab/
/ authentication port-control auto/
/ authentication periodic/
/ authentication timer restart 10800/
/ authentication timer reauthenticate 7200/
/ authentication violation replace/
/ mab/
/ no snmp trap link-status/
/ dot1x pae authenticator/
/ dot1x timeout quiet-period 2/
/ dot1x timeout tx-period 3/
/ spanning-tree portfast/
/!/
/
/
*SNMP trigger from PF*
/Feb 6 10:47:23.655: %SYS-5-CONFIG_I: Configured from 172.16.0.148 by
snmp/
/Feb 6 10:47:23.663: %SYS-5-CONFIG_I: Configured from 172.16.0.148 by
snmp/
/Feb 6 10:47:23.689: %SYS-5-CONFIG_I: Configured from 172.16.0.148 by
snmp/
/Feb 6 10:47:23.705: %SYS-5-CONFIG_I: Configured from 172.16.0.148 by
snmp/
/Feb 6 10:47:24.695: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/1, changed state to down/
/Feb 6 10:47:27.707: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/1, changed state to up/
/Feb 6 10:47:28.772: %SYS-5-CONFIG_I: Configured from 172.16.0.148 by
snmp/
/Switch#/
/
/
*Switchport configuration once the SNMP commands are pushed*
/interface FastEthernet0/1/
/switchport trunk allowed vlan 1,2,10,20,30,40,50,60,100/
/ switchport mode trunk/
/ authentication order dot1x mab/
/ authentication priority dot1x mab/
/ authentication periodic/
/ authentication timer restart 10800/
/ authentication timer reauthenticate 7200/
/ authentication violation replace/
/ mab/
/ dot1x pae authenticator/
/ dot1x timeout quiet-period 2/
/ dot1x timeout tx-period 3/
/ spanning-tree portfast/
/!/
Once the AP has been removed however, the port is not reconfigured
back? The admin guide seems to indicate this will happen..
When PF receives a linkdown trap on a port in which a floating network
device was plugged, it changes the port configuration so that:
*
it enables port-security
*
it disables linkdown traps
On Wed, 6 Feb 2019 at 02:25, Durand fabrice via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Wifi,
Floating device works with radius, so a port with 802.1x/MAB
enabled should work.
Regards
Fabrice
Le 19-02-05 à 09 h 11, Wifi Guy via PacketFence-users a écrit :
Hi All,
I have some Cisco 2960s in my network. I am doing MAB and 802.1X
on the ports for users that connect. This seems to work ok with
COA etc.
My question is how do I handle devices like APs that might
connect to the same port? For ease of administration it would be
good to use a feature like "floating devices". As I understand it
this feature enables you to plug a device that has been pre
registered in the database (via MAC address) to any switch port
and it will configure it as a trunk. Looks like this needs to use
port security to trigger? As I also understand the Cisco 2960s
cannot use MAB/802.1X and Port secuirty at the same time
Am i correct? Or have I missed something?
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
