Hello Nicolas Yes I could change the password format with this : 3524GT-PWR+(config)#no eapol multihost non-eap-pwd-fmt ip-addr 3524GT-PWR+(config)#no eapol multihost non-eap-pwd-fmt port-number 3524GT-PWR+(config)#eapol multihost non-eap-pwd-fmt mac-addr
By checking raddebug, I see the password is now only the MAC address. (1033) Wed Apr 24 14:49:12 2019: Debug: Received Access-Request Id 53 from 192.168.X.Y:3490 to 192.168.X.X:1812 length 76 (1033) Wed Apr 24 14:49:12 2019: Debug: NAS-IP-Address = 192.168.X.Y (1033) Wed Apr 24 14:49:12 2019: Debug: User-Password = "c8d9d2ec652d" (1033) Wed Apr 24 14:49:12 2019: Debug: NAS-Port-Type = Ethernet (1033) Wed Apr 24 14:49:12 2019: Debug: Service-Type = Login-User (1033) Wed Apr 24 14:49:12 2019: Debug: NAS-Port = 13 (1033) Wed Apr 24 14:49:12 2019: Debug: User-Name = "c8d9d2ec652d" I still, however, have the same issue " CLI Access is not allowed by PacketFence on this switch". Best Regards, Adrian. De: "packetfence-users" <[email protected]> À: "packetfence-users" <[email protected]> Cc: "Nicolas Quiniou-Briand" <[email protected]> Envoyé: Mercredi 24 Avril 2019 13:37:48 Objet: Re: [PacketFence-users] No-EAP Authentication issue with Avaya switches Hello Adrian, On 2019-04-24 11:56 a.m., Adrian Dessaigne via PacketFence-users wrote: > For RADIUS authentication of a Non-EAPOL host MAC address, the switch > generates a <username, password> pair as follow: > -The username is the Non-EAPOL MAC address in string format. > -The password is a string that combines the MAC address, switch IP > address, unit and port. Is this behavior configurable ? Some vendors allow you to configure such format. If possible try to set: * Username = MAC address * User Password = MAC address > So I went in the PF Switch configuration tab > and defined CLI access for this switch. I then created an Admin role > with the action "Switch CLI - Read" and "Switch CLI - Write". On all my > authentication source, I added and Administration rule which set to the > one I've created. Even with this configuration, I still have the same > error "CLI Access is not allowed by PacketFence on this switch". Does it > mean the module do not support CLI ? You don't need to do that. CLI access is when you want to allow CLI access to your network devices (for administrators). -- Nicolas Quiniou-Briand [email protected] :: +1.514.447.4918 *140 :: https://inverse.ca Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence (https://packetfence.org) and Fingerbank (http://fingerbank.org) _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
