Re: [PacketFence-users] SG300 port showing up wrong

[Durand fabrice via PacketFence-users]

Hello Stuart,

it looks that the port is set to 49 in the radius request:
May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] handling radius autz 
request: from switch_ip => (10.100.64.67), connection_type => 
Ethernet-NoEAP,switch_mac => (88:f0:77:d9:b2:48), mac => 
[78:7b:8a:d3:ae:74], port => 49, username => "787b8ad3ae74" 
(pf::radius::authorize)

Are you able to check in the radius auditing what is the radius request 
(with all the attributes) and paste it to me ?

Regards

Fabrice


Le 19-05-16 à 11 h 41, Stuart Gendron a écrit :
Logs below:

[root@youi-packetfence-p1 ~]# tail -f 
/usr/local/pf/logs/packetfence.log| grep 78:7b:8a:d3:ae:74
May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] handling radius autz 
request: from switch_ip => (10.100.64.67), connection_type => 
Ethernet-NoEAP,switch_mac => (88:f0:77:d9:b2:48), mac => 
[78:7b:8a:d3:ae:74], port => 49, username => "787b8ad3ae74" 
(pf::radius::authorize)
May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Instantiate profile 
default (pf::Connection::ProfileFactory::_from_profile)
May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Match rule 
mac_lan:unknown&pf_wired_mac_auth (pf::access_filter::test)
May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] vlan filter match ; 
belongs into REJECT VLAN (pf::role::getRegistrationRole)
May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] According to rules in 
fetchRoleForNode this node must be kicked out. Returning USERLOCK 
(pf::Switch::handleRadiusDeny)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] handling radius autz 
request: from switch_ip => (10.100.64.67), connection_type => 
Ethernet-EAP,switch_mac => (88:f0:77:d9:b2:48), mac => 
[78:7b:8a:d3:ae:74], port => 49, username => "testradius" 
(pf::radius::authorize)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Instantiate profile 
802.1x (pf::Connection::ProfileFactory::_from_profile)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Found authentication 
source(s) : 'YOUI-DC-P1' for realm 'null' 
(pf::config::util::filter_authentication_sources)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) WARN: [mac:78:7b:8a:d3:ae:74] Calling match with 
empty/invalid rule class. Defaulting to 'authentication' 
(pf::authentication::match2)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Using sources YOUI-DC-P1 
for matching (pf::authentication::match2)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] LDAP testing connection 
(pf::LDAP::expire_if)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) ERROR: [mac:78:7b:8a:d3:ae:74] Error binding: 
'Connection reset by peer' (pf::LDAP::log_error_msg)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) WARN: [mac:78:7b:8a:d3:ae:74] LDAP connection expired 
(pf::LDAP::expire_if)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Matched rule 
(youi_tv_employees) in source YOUI-DC-P1, returning actions. 
(pf::Authentication::Source::match_rule)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Matched rule 
(youi_tv_employees) in source YOUI-DC-P1, returning actions. 
(pf::Authentication::Source::match)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Role has already been 
computed and we don't want to recompute it. Getting role from 
node_info (pf::role::getRegisteredRole)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Username was defined 
"testradius" - returning role 'default' (pf::role::getRegisteredRole)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] PID: "testradius", 
Status: reg Returned VLAN: (undefined), Role: default 
(pf::role::fetchRoleForNode)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] (10.100.64.67) Added 
VLAN 88 to the returned RADIUS Access-Accept 
(pf::Switch::returnRadiusAccessAccept)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] violation 1300003 
force-closed for 78:7b:8a:d3:ae:74 (pf::violation::violation_force_close)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Instantiate profile 
802.1x (pf::Connection::ProfileFactory::_from_profile)
May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: 
httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Updating locationlog 
from accounting request (pf::api::handle_accounting_metadata)
May 16 11:40:14 youi-packetfence-p1 pfqueue: pfqueue(18291) WARN: 
[mac:78:7b:8a:d3:ae:74] Unable to match MAC address to IP 
'10.100.90.109' (pf::ip4log::ip2mac)

On Tue, May 14, 2019 at 9:18 PM Durand fabrice via PacketFence-users 
<packetfence-users@lists.sourceforge.net 
<mailto:packetfence-users@lists.sourceforge.net>> wrote:

    Hello Stuart,

    can you paste the log when you plug in the switch port ?

    tail -f /usr/local/pf/logs/packetfence.log| grep 00:11:22:33:44:55

    with the real mac address of course.

    Regards

    Fabrice


    Le 19-05-14 à 10 h 43, Stuart Gendron via PacketFence-users a écrit :

    Hey there,

    Was wondering if anyone else has their ports showing up wrong for
    Cisco SG300 switches?

    This is when plugged into port 1 on a 48 port switch:

    Screen Shot 2019-05-14 at 10.42.07 AM.png

    If there's a way to fix it that'd be really appreciated :-)


    -- 

        *Stuart Gendron*
    IT Support Specialist

    *You.i Labs*
    307 Legget Drive, Kanata, ON, K2K 3C8
    
<https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g>
    t (613) 228-9107 x258 | c (613) 697-6853



    _______________________________________________
    PacketFence-users mailing list
    PacketFence-users@lists.sourceforge.net  
<mailto:PacketFence-users@lists.sourceforge.net>
    https://lists.sourceforge.net/lists/listinfo/packetfence-users
    _______________________________________________
    PacketFence-users mailing list
    PacketFence-users@lists.sourceforge.net
    <mailto:PacketFence-users@lists.sourceforge.net>
    https://lists.sourceforge.net/lists/listinfo/packetfence-users



--

        *Stuart Gendron*
IT Support Specialist

*You.i Labs*
307 Legget Drive, Kanata, ON, K2K 3C8 
<https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g>
t (613) 228-9107 x258 | c (613) 697-6853

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users