Thanks. Does this mean I need to add something? Or should something be working that is not?
Thanks On Wed, 6 Feb 2019 at 23:30, Durand fabrice via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Hello Wifi, > > i think the reconfiguration is made by the accounting. (accounting stop) > https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/radius.pm#L421 > > Regards > > Fabrice > > > Le 19-02-06 à 08 h 21, Wifi Guy via PacketFence-users a écrit : > > Hi Fabrice > > Thanks for the note. So this seems to work pushing the config down.... > > *Cisco 2960 switchport before connecting AP* > > *interface FastEthernet0/1* > > * switchport mode access* > > * authentication order dot1x mab* > > * authentication priority dot1x mab* > > * authentication port-control auto* > > * authentication periodic* > > * authentication timer restart 10800* > > * authentication timer reauthenticate 7200* > > * authentication violation replace* > > * mab* > > * no snmp trap link-status* > > * dot1x pae authenticator* > > * dot1x timeout quiet-period 2* > > * dot1x timeout tx-period 3* > > * spanning-tree portfast* > > *!* > > > *SNMP trigger from PF* > > *Feb 6 10:47:23.655: %SYS-5-CONFIG_I: Configured from 172.16.0.148 by > snmp* > > *Feb 6 10:47:23.663: %SYS-5-CONFIG_I: Configured from 172.16.0.148 by > snmp* > > *Feb 6 10:47:23.689: %SYS-5-CONFIG_I: Configured from 172.16.0.148 by > snmp* > > *Feb 6 10:47:23.705: %SYS-5-CONFIG_I: Configured from 172.16.0.148 by > snmp* > > *Feb 6 10:47:24.695: %LINEPROTO-5-UPDOWN: Line protocol on Interface > FastEthernet0/1, changed state to down* > > *Feb 6 10:47:27.707: %LINEPROTO-5-UPDOWN: Line protocol on Interface > FastEthernet0/1, changed state to up* > > *Feb 6 10:47:28.772: %SYS-5-CONFIG_I: Configured from 172.16.0.148 by > snmp* > > *Switch#* > > > *Switchport configuration once the SNMP commands are pushed* > > *interface FastEthernet0/1* > > *switchport trunk allowed vlan 1,2,10,20,30,40,50,60,100* > > * switchport mode trunk* > > * authentication order dot1x mab* > > * authentication priority dot1x mab* > > * authentication periodic* > > * authentication timer restart 10800* > > * authentication timer reauthenticate 7200* > > * authentication violation replace* > > * mab* > > * dot1x pae authenticator* > > * dot1x timeout quiet-period 2* > > * dot1x timeout tx-period 3* > > * spanning-tree portfast* > > *!* > > Once the AP has been removed however, the port is not reconfigured back? > The admin guide seems to indicate this will happen.. > > When PF receives a linkdown trap on a port in which a floating network > device was plugged, it changes the port configuration so that: > > - > > it enables port-security > - > > it disables linkdown traps > > > On Wed, 6 Feb 2019 at 02:25, Durand fabrice via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > >> Hello Wifi, >> >> Floating device works with radius, so a port with 802.1x/MAB enabled >> should work. >> >> Regards >> >> Fabrice >> >> Le 19-02-05 à 09 h 11, Wifi Guy via PacketFence-users a écrit : >> >> Hi All, >> >> I have some Cisco 2960s in my network. I am doing MAB and 802.1X on the >> ports for users that connect. This seems to work ok with COA etc. >> >> My question is how do I handle devices like APs that might connect to the >> same port? For ease of administration it would be good to use a feature >> like "floating devices". As I understand it this feature enables you to >> plug a device that has been pre registered in the database (via MAC >> address) to any switch port and it will configure it as a trunk. Looks like >> this needs to use port security to trigger? As I also understand the Cisco >> 2960s cannot use MAB/802.1X and Port secuirty at the same time >> >> Am i correct? Or have I missed something? >> >> >> _______________________________________________ >> PacketFence-users mailing >> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > > > _______________________________________________ > PacketFence-users mailing > listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
