Correct - it seems that the proper port for the SG300 switches is n-48 (where 48 is however many ports it has).
Is this a global change, or can be tied to the device profile itself? On Tue, May 21, 2019 at 12:36 PM Fabrice Durand <[email protected]> wrote: > Hello Stuart, > > yes it's possible but when you plug in the port 2 is it the port 50 who > appear in the log ? > > Regards > > Fabrice > > > Le 19-05-21 à 11 h 42, Stuart Gendron a écrit : > > Logs below: > > May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Closing > connection (106): Hit idle_timeout, was idle for 431977 seconds > May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Closing > connection (108): Hit idle_timeout, was idle for 431977 seconds > May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Closing > connection (107): Hit idle_timeout, was idle for 431977 seconds > May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Closing > connection (105): Hit idle_timeout, was idle for 431977 seconds > May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Opening > additional connection (109), 1 of 64 pending slots used > May 21 11:39:50 youi-packetfence-p1 auth[25948]: Need 2 more connections > to reach min connections (3) > May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Opening > additional connection (110), 1 of 63 pending slots used > May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Closing > connection (98): Hit idle_timeout, was idle for 431989 seconds > May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Closing > connection (97): Hit idle_timeout, was idle for 431977 seconds > May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Closing > connection (99): Hit idle_timeout, was idle for 431977 seconds > May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Opening > additional connection (100), 1 of 64 pending slots used > May 21 11:39:51 youi-packetfence-p1 auth[25948]: Need 2 more connections > to reach min connections (3) > May 21 11:39:51 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Opening > additional connection (101), 1 of 63 pending slots used > May 21 11:39:51 youi-packetfence-p1 auth[25948]: Need 1 more connections > to reach min connections (3) > May 21 11:39:51 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Opening > additional connection (111), 1 of 62 pending slots used > May 21 11:39:51 youi-packetfence-p1 auth[25948]: [mac:0c:4d:e9:b9:23:ac] > Rejected user: 0c4de9b923ac > May 21 11:39:51 youi-packetfence-p1 auth[25948]: (41096) Rejected in > post-auth: [0c4de9b923ac] (from client 10.100.64.67 port 49 cli > 0c:4d:e9:b9:23:ac) > May 21 11:39:51 youi-packetfence-p1 auth[25948]: (41096) Login incorrect: > [0c4de9b923ac] (from client 10.100.64.67 port 49 cli 0c:4d:e9:b9:23:ac) > May 21 11:40:02 youi-packetfence-p1 auth[25948]: Need 7 more connections > to reach 10 spares > May 21 11:40:02 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Opening > additional connection (112), 1 of 61 pending slots used > May 21 11:40:02 youi-packetfence-p1 auth[25948]: Need 1 more connections > to reach min connections (3) > May 21 11:40:02 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Opening > additional connection (102), 1 of 62 pending slots used > May 21 11:40:02 youi-packetfence-p1 auth[25948]: (41106) Login OK: > [testradius] (from client 10.100.64.67 port 49 cli 0c:4d:e9:b9:23:ac via > TLS tunnel) > May 21 11:40:02 youi-packetfence-p1 auth[25948]: [mac:0c:4d:e9:b9:23:ac] > Accepted user: testradius and returned VLAN 88 > May 21 11:40:02 youi-packetfence-p1 auth[25948]: (41107) Login OK: > [testradius] (from client 10.100.64.67 port 49 cli 0c:4d:e9:b9:23:ac) > > Looks like it's also sending port 49. > > Is there somewhere to make a modification where I can say $Port = $Port - > 48 or something? > > On Thu, May 16, 2019 at 9:27 PM Durand fabrice <[email protected]> wrote: > >> Hello Stuart, >> >> it looks that the port is set to 49 in the radius request: >> >> May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] handling radius autz request: >> from switch_ip => (10.100.64.67), connection_type => >> Ethernet-NoEAP,switch_mac => (88:f0:77:d9:b2:48), mac => >> [78:7b:8a:d3:ae:74], port => 49, username => "787b8ad3ae74" >> (pf::radius::authorize) >> >> Are you able to check in the radius auditing what is the radius request >> (with all the attributes) and paste it to me ? >> >> Regards >> >> Fabrice >> >> >> Le 19-05-16 à 11 h 41, Stuart Gendron a écrit : >> >> Logs below: >> >> [root@youi-packetfence-p1 ~]# tail -f >> /usr/local/pf/logs/packetfence.log| grep 78:7b:8a:d3:ae:74 >> May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] handling radius autz request: >> from switch_ip => (10.100.64.67), connection_type => >> Ethernet-NoEAP,switch_mac => (88:f0:77:d9:b2:48), mac => >> [78:7b:8a:d3:ae:74], port => 49, username => "787b8ad3ae74" >> (pf::radius::authorize) >> May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Instantiate profile default >> (pf::Connection::ProfileFactory::_from_profile) >> May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Match rule >> mac_lan:unknown&pf_wired_mac_auth (pf::access_filter::test) >> May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] vlan filter match ; belongs >> into REJECT VLAN (pf::role::getRegistrationRole) >> May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] According to rules in >> fetchRoleForNode this node must be kicked out. Returning USERLOCK >> (pf::Switch::handleRadiusDeny) >> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] handling radius autz request: >> from switch_ip => (10.100.64.67), connection_type => >> Ethernet-EAP,switch_mac => (88:f0:77:d9:b2:48), mac => [78:7b:8a:d3:ae:74], >> port => 49, username => "testradius" (pf::radius::authorize) >> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Instantiate profile 802.1x >> (pf::Connection::ProfileFactory::_from_profile) >> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Found authentication >> source(s) : 'YOUI-DC-P1' for realm 'null' >> (pf::config::util::filter_authentication_sources) >> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) WARN: [mac:78:7b:8a:d3:ae:74] Calling match with >> empty/invalid rule class. Defaulting to 'authentication' >> (pf::authentication::match2) >> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Using sources YOUI-DC-P1 for >> matching (pf::authentication::match2) >> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] LDAP testing connection >> (pf::LDAP::expire_if) >> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) ERROR: [mac:78:7b:8a:d3:ae:74] Error binding: 'Connection >> reset by peer' (pf::LDAP::log_error_msg) >> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) WARN: [mac:78:7b:8a:d3:ae:74] LDAP connection expired >> (pf::LDAP::expire_if) >> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Matched rule >> (youi_tv_employees) in source YOUI-DC-P1, returning actions. >> (pf::Authentication::Source::match_rule) >> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Matched rule >> (youi_tv_employees) in source YOUI-DC-P1, returning actions. >> (pf::Authentication::Source::match) >> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Role has already been >> computed and we don't want to recompute it. Getting role from node_info >> (pf::role::getRegisteredRole) >> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Username was defined >> "testradius" - returning role 'default' (pf::role::getRegisteredRole) >> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] PID: "testradius", Status: >> reg Returned VLAN: (undefined), Role: default (pf::role::fetchRoleForNode) >> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] (10.100.64.67) Added VLAN 88 >> to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) >> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] violation 1300003 >> force-closed for 78:7b:8a:d3:ae:74 (pf::violation::violation_force_close) >> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Instantiate profile 802.1x >> (pf::Connection::ProfileFactory::_from_profile) >> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Updating locationlog from >> accounting request (pf::api::handle_accounting_metadata) >> May 16 11:40:14 youi-packetfence-p1 pfqueue: pfqueue(18291) WARN: >> [mac:78:7b:8a:d3:ae:74] Unable to match MAC address to IP '10.100.90.109' >> (pf::ip4log::ip2mac) >> >> On Tue, May 14, 2019 at 9:18 PM Durand fabrice via PacketFence-users < >> [email protected]> wrote: >> >>> Hello Stuart, >>> >>> can you paste the log when you plug in the switch port ? >>> >>> tail -f /usr/local/pf/logs/packetfence.log| grep 00:11:22:33:44:55 >>> >>> with the real mac address of course. >>> >>> Regards >>> >>> Fabrice >>> >>> >>> Le 19-05-14 à 10 h 43, Stuart Gendron via PacketFence-users a écrit : >>> >>> >>> Hey there, >>> >>> Was wondering if anyone else has their ports showing up wrong for Cisco >>> SG300 switches? >>> >>> This is when plugged into port 1 on a 48 port switch: >>> >>> [image: Screen Shot 2019-05-14 at 10.42.07 AM.png] >>> >>> If there's a way to fix it that'd be really appreciated :-) >>> >>> >>> -- >>> >>> *Stuart Gendron* >>> IT Support Specialist >>> >>> *You.i Labs* >>> 307 Legget Drive, Kanata, ON, K2K 3C8 >>> <https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g> >>> t (613) 228-9107 x258 | c (613) 697-6853 >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing >>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> >> >> -- >> >> *Stuart Gendron* >> IT Support Specialist >> >> *You.i Labs* >> 307 Legget Drive, Kanata, ON, K2K 3C8 >> <https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g> >> t (613) 228-9107 x258 | c (613) 697-6853 >> >> > > -- > > *Stuart Gendron* > IT Support Specialist > > *You.i Labs* > 307 Legget Drive, Kanata, ON, K2K 3C8 > <https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g> > t (613) 228-9107 x258 | c (613) 697-6853 > > -- > Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > -- *Stuart Gendron* IT Support Specialist *You.i Labs* 307 Legget Drive, Kanata, ON, K2K 3C8 <https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g> t (613) 228-9107 x258 | c (613) 697-6853
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
