Hi thanks both for your help I had the switch configured this way:
dot1x system-auth-control aaa new-model aaa group server radius packetfence radius server pfnac address ipv4 IP_PACKETFENCE auth-port 1812 acct-port 1813 key 0 SECRETO_RADIUS exit aaa group server radius packetfence server name pfnac aaa authentication login default local aaa authentication dot1x default group packetfence aaa authorization network default group packetfence radius-server vsa send authentication aaa server radius dynamic-author client 10.1.1.131 server-key SECRETO_RADIUS port 3799 exit snmp-server community publica RO snmp-server community privada RW snmp-server enable traps port-security snmp-server enable traps port-security trap-rate 1 snmp-server host IP_PACKETFENCE version 2c public port-security PORT CONFIG: switchport mode access authentication host-mode single-host authentication order mab dot1x authentication priority mab dot1x authentication port-control auto authentication periodic authentication timer restart 10800 authentication timer reauthenticate 10800 mab no snmp trap link-status dot1x pae authenticator dot1x timeout quiet-period 2 dot1x timeout tx-period 3 So I tried adding Device Sensor to the switch (I figured this was RADIUS accounting ) ( https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_device_sensor_for_cisco_equipment ) And now offline/online status works! I still can't get to work es network detection http message I still get the red message "unable to detect network" : https://i.imgur.com/GHkRPEd.png El jue., 11 de abr. de 2019 a la(s) 09:35, Ludovic Zammit ( [email protected]) escribió: > Hello Leandro, > > As Emile said, in order to have the online/offline status, you should send > the radius accounting to PacketFence. > > If you disconnection does not work, check if you have configured properly > the SNMP on your switch and/or the radius coa depending on how you want to > disconnect your user. > > > https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_cisco > > Radius config: > > radius-server host 192.168.1.5 auth-port 1812 acct-port 1813 timeout 2 key > useStrongerSecret > > SNMP config: > > snmp-server community public RO > snmp-server community private RW > > Radius COA: > > aaa server radius dynamic-author > client 192.168.1.5 server-key useStrongerSecret > port 3799 > > Thanks! > > On Apr 10, 2019, at 1:24 PM, Leandro . via PacketFence-users < > [email protected]> wrote: > > Hi I installed PacketFence in my production network using vlan > enforcement, and everything works fine , expect network detection, all > hosts shows "unknown" in Online/Offline column. > > So I followed install guide using vlan enforcement option and setup a > minimal lab to try to isolate the issue with no luck, same results: > > PackerFence(192.168.1.2) > | > |trunk > | > Cisco2960----vlan10----ActiveDirectory/DNS(192.168.1.4) > | > |vlan10 > | > InternetConnectionRouter(192.168.1.1) > > PacketFence Interfaces: > > DEVICE=enp2s0.10 > VLAN=yes > IPADDR=192.168.1.2 > > DEVICE=enp2s0.60 > VLAN=yes > IPADDR=192.168.60.1 > > DEVICE=enp2s0.70 > VLAN=yes > IPADDR=192.168.70.1 > > /etc/resolv.conf > search domain.com > nameserver 192.168.1.4 > > /etc/hosts > 127.0.0.1 localhost > 127.0.0.1 packetfence > > For simplicity, my default vlan when access is granted is vlan10 too, > vlan60 and 70 are registration and isolation . I'm using portal > authentication > > Everything works great, puts the clients in the registration vlan, after > correct access via ad authentication , puts the client (a laptop connected > to the switch) in the correct vlan (vlan 10) , and it has correct internet > access. > > Problem is with network detection : > > I get the message "unable to detect network" : > > https://i.imgur.com/GHkRPEd.png > > After that it forwards the client to a web page (everything works) > > Network detection has defaults values, so it tries to access inverse > servers (http://192.95.20.194/common/network-access-detection.gif): > > https://i.imgur.com/PMLK1y3.png > > On the packetfence server using tcpdump I can view the requests going > through too. > > On packetfence logs (/usr/local/pf/logs/httpd.*) and pfdns.log I don't > see anything related to 192.95.20.194 , network-access-detection.gif . > > > I'll appreciate any help , thanks! > > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
