Hello everyone. I'm currently facing an issue and have no clue if it's PacketFence or the Switch configuration. I'm working with two types of switches for a project which are Fiberstore and Avaya. Fiberstore work fine, but I have an issue with Avaya.
In order to test, I've used the default vlan configuration in the documentation (vlan 2 registration, 3 isolation, 5 production and 2 more). Radius work fine, the supplicant gets authenticated and go to the correct vlan. However, when the supplicant is disconnected, the port won't come back to the registration vlan and go straight to the vlan 1. I've used the network configuration guide. With the web interface of the switch, I've set the port default vlan to 2, and remove the port from the vlan 1. Once I disconnect the supplicant again(once authenticated), the port get back in the vlan 1. I have no clue if it's PacketFence who send an incorrect information to the switch or I have something wrong in my switch configuration (from Network Device Configuration Guide with only 802.1X configuration (no voip)). Below is my switch configuration : ! *** CORE *** ! sntp server primary address 192.168.0.202 sntp enable radius server host 192.168.0.202 acct-enable timeout 5 ! radius server host key ******** radius server host 192.168.0.202 used-by eapol acct-enable timeout 10 ! radius server host key ******** used-by eapol radius dynamic-server client 192.168.0.202 radius dynamic-server client 192.168.0.202 port 1812 ! radius dynamic-server client 192.168.0.202 secret **************** ! radius dynamic-server client 192.168.0.202 enable radius dynamic-server client 192.168.0.202 process-change-of-auth-requests radius dynamic-server client 192.168.0.202 process-disconnect-requests ! ! *** SNMP *** ! snmp-server enable ! ! *** IP *** ! ip default-gateway 192.168.0.254 ip address switch 192.168.0.211 ! ! *** VLAN *** ! vlan create 2-3,5,15,25 type port vlan name 2 "registration" vlan name 3 "isolation" vlan name 5 "production" vlan name 15 "service" vlan name 25 "SAV" vlan ports 1 tagging tagAll vlan ports 15 filter-unregistered-frames disable vlan ports 24 tagging tagAll vlan configcontrol flexible vlan members 1 3,7,13,15 vlan configcontrol autopvid ! ! *** EAP *** ! eapol multihost auto-non-eap-mhsa-enable eapol multihost use-radius-assigned-vlan eapol multihost eap-packet-mode unicast eapol multihost use-most-recent-radius-vlan interface FastEthernet ALL eapol multihost port 15 enable auto-non-eap-mhsa-enable use-radius-assigned-vlan eap-packet-mode unicast exit In PacketFence switch configuration. Role by VLAN ID : registration : 2 isolation : 3 production : 5 service : 15 SAV : 25 The thing I found weird is the "vlan members 1 3,7,13,15". I have done the command "vlan members add 2 13,15" and "vlan member remove 1 13,15" nothing change. I have change the vlan on the web interface too, still nothing. Any idea where I have done something wrong ? Best regards Adrian
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
