Yes you need to configure the accounting on the cisco switch.
Le 19-02-07 à 00 h 25, Wifi Guy via PacketFence-users a écrit :
Thanks. Does this mean I need to add something? Or should something be
working that is not?
Thanks
On Wed, 6 Feb 2019 at 23:30, Durand fabrice via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Wifi,
i think the reconfiguration is made by the accounting. (accounting
stop)
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/radius.pm#L421
Regards
Fabrice
Le 19-02-06 à 08 h 21, Wifi Guy via PacketFence-users a écrit :
Hi Fabrice
Thanks for the note. So this seems to work pushing the config
down....
*Cisco 2960 switchport before connecting AP*
/interface FastEthernet0/1/
/ switchport mode access/
/ authentication order dot1x mab/
/ authentication priority dot1x mab/
/ authentication port-control auto/
/ authentication periodic/
/ authentication timer restart 10800/
/ authentication timer reauthenticate 7200/
/ authentication violation replace/
/ mab/
/ no snmp trap link-status/
/ dot1x pae authenticator/
/ dot1x timeout quiet-period 2/
/ dot1x timeout tx-period 3/
/ spanning-tree portfast/
/!/
/
/
*SNMP trigger from PF*
/Feb 6 10:47:23.655: %SYS-5-CONFIG_I: Configured from
172.16.0.148 by snmp/
/Feb 6 10:47:23.663: %SYS-5-CONFIG_I: Configured from
172.16.0.148 by snmp/
/Feb 6 10:47:23.689: %SYS-5-CONFIG_I: Configured from
172.16.0.148 by snmp/
/Feb 6 10:47:23.705: %SYS-5-CONFIG_I: Configured from
172.16.0.148 by snmp/
/Feb 6 10:47:24.695: %LINEPROTO-5-UPDOWN: Line protocol on
Interface FastEthernet0/1, changed state to down/
/Feb 6 10:47:27.707: %LINEPROTO-5-UPDOWN: Line protocol on
Interface FastEthernet0/1, changed state to up/
/Feb 6 10:47:28.772: %SYS-5-CONFIG_I: Configured from
172.16.0.148 by snmp/
/Switch#/
/
/
*Switchport configuration once the SNMP commands are pushed*
/interface FastEthernet0/1/
/switchport trunk allowed vlan 1,2,10,20,30,40,50,60,100/
/ switchport mode trunk/
/ authentication order dot1x mab/
/ authentication priority dot1x mab/
/ authentication periodic/
/ authentication timer restart 10800/
/ authentication timer reauthenticate 7200/
/ authentication violation replace/
/ mab/
/ dot1x pae authenticator/
/ dot1x timeout quiet-period 2/
/ dot1x timeout tx-period 3/
/ spanning-tree portfast/
/!/
Once the AP has been removed however, the port is not
reconfigured back? The admin guide seems to indicate this will
happen..
When PF receives a linkdown trap on a port in which a floating
network device was plugged, it changes the port configuration so
that:
*
it enables port-security
*
it disables linkdown traps
On Wed, 6 Feb 2019 at 02:25, Durand fabrice via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Wifi,
Floating device works with radius, so a port with 802.1x/MAB
enabled should work.
Regards
Fabrice
Le 19-02-05 à 09 h 11, Wifi Guy via PacketFence-users a écrit :
Hi All,
I have some Cisco 2960s in my network. I am doing MAB and
802.1X on the ports for users that connect. This seems to
work ok with COA etc.
My question is how do I handle devices like APs that might
connect to the same port? For ease of administration it
would be good to use a feature like "floating devices". As I
understand it this feature enables you to plug a device that
has been pre registered in the database (via MAC address) to
any switch port and it will configure it as a trunk. Looks
like this needs to use port security to trigger? As I also
understand the Cisco 2960s cannot use MAB/802.1X and Port
secuirty at the same time
Am i correct? Or have I missed something?
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
