Hi all PacketFence users, I've configured a 802.1X auth successfully by using certificates issued by a local CA. Now I want to add some printers to the LAN, so I tried using the Security Events but I've had no success. I'm trying to trigger a Security Event when certain MAC address is connected to the switch, but anything happens when I do it. This is what I've configured in the security_events.conf file:
[3000006] priority=1 trigger=mac::3C:D9:2B:A4:7C:80,mac::3c:d9:2b:a4:7c:80,mac::3CD92BA47C80,mac::3cd92ba47c80,mac::3C-D9-2B-A4-7C-80,mac::3c-d9-2b-a4-7c-80,device::8 actions=autoreg,role desc=Printers enabled=Y access_duration=5D target_category=Printers As you can see, I've put the MAC address in many different ways just to check if some was the correct but it doesn't work anyway. Against that, the "device::8" refers to "printers or scanners" device type but nothing happens either. This is the packetfence.log file when I plug the printer to the switch (VLAN 75 is the registration VLAN, and VLAN 50 is the production VLAN): Jun 5 12:56:48 charlie packetfence_httpd.aaa: httpd.aaa(1951) INFO: [mac:3c:d9:2b:a4:7c:80] handling radius autz request: from switch_ip => (192.168.221.18), connection_type => Ethernet-NoEAP,switch_mac => (00:23:47:c8:63:73), mac => [3c:d9:2b:a4:7c:80], port => 13, username => "3cd92ba47c80" (pf::radius::authorize) Jun 5 12:56:48 charlie packetfence_httpd.aaa: httpd.aaa(1951) INFO: [mac:3c:d9:2b:a4:7c:80] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Jun 5 12:56:48 charlie packetfence_httpd.aaa: httpd.aaa(1951) INFO: [mac:3c:d9:2b:a4:7c:80] is of status unreg; belongs into registration VLAN (pf::role::getRegistrationRole) Jun 5 12:56:48 charlie packetfence_httpd.aaa: httpd.aaa(1951) INFO: [mac:3c:d9:2b:a4:7c:80] (192.168.221.18) Added VLAN 75 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Jun 5 12:56:55 charlie pfdhcp[26433]: t=2019-06-05T12:56:55+0200 lvl=info msg="DHCPDISCOVER from 3c:d9:2b:a4:7c:80 (NPIA47C80)" pid=26433 mac=3c:d9:2b:a4:7c:80 Jun 5 12:56:56 charlie pfdhcp[26433]: t=2019-06-05T12:56:56+0200 lvl=info msg="DHCPOFFER on 192.168.75.224 to 3c:d9:2b:a4:7c:80 (NPIA47C80)" pid=26433 mac=3c:d9:2b:a4:7c:80 Jun 5 12:56:56 charlie pfdhcp[26433]: t=2019-06-05T12:56:56+0200 lvl=info msg="DHCPREQUEST for 192.168.75.224 from 3c:d9:2b:a4:7c:80 (NPIA47C80)" pid=26433 mac=3c:d9:2b:a4:7c:80 Jun 5 12:56:56 charlie pfdhcp[26433]: t=2019-06-05T12:56:56+0200 lvl=info msg="DHCPACK on 192.168.75.224 to 3c:d9:2b:a4:7c:80 (NPIA47C80)" pid=26433 mac=3c:d9:2b:a4:7c:80 Jun 5 12:56:56 charlie pfqueue: pfqueue(26429) WARN: [mac:3c:d9:2b:a4:7c:80] Unable to match MAC address to IP '192.168.75.224' (pf::ip4log::ip2mac) radius.log file: Jun 5 12:56:48 charlie auth[1745]: [mac:3c:d9:2b:a4:7c:80] Accepted user: and returned VLAN 75 Jun 5 12:56:48 charlie auth[1745]: (29360) Login OK: [3cd92ba47c80] (from client 192.168.221.18 port 13 cli 3c:d9:2b:a4:7c:80) Now, when I trigger the Event manually, the packetfence.log: Jun 5 13:02:46 charlie packetfence: INFO pfperl-api(29486): Force security event 3000006 for node 3c:d9:2b:a4:7c:80 even if 332 grace remaining (pf::security_event::security_event_add) Jun 5 13:02:46 charlie packetfence: INFO pfperl-api(29486): security event 3000006 added for 3c:d9:2b:a4:7c:80 (pf::security_event::security_event_add) Jun 5 13:02:46 charlie packetfence: INFO pfperl-api(29486): executing action 'role' on class 3000006 (pf::action::action_execute) Jun 5 13:02:46 charlie packetfence: INFO pfperl-api(29486): executing action 'autoreg' on class 3000006 (pf::action::action_execute) Jun 5 13:02:46 charlie packetfence: INFO pfperl-api(29486): security_event 1300003 force-closed for 3c:d9:2b:a4:7c:80 (pf::security_event::security_event_force_close) Jun 5 13:02:46 charlie packetfence: INFO pfperl-api(29486): Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Jun 5 13:02:46 charlie packetfence: INFO pfperl-api(29486): re-evaluating access (manage_register called) (pf::enforcement::reevaluate_access) Jun 5 13:02:46 charlie packetfence: INFO pfperl-api(29486): is currentlog connected at (192.168.221.18) ifIndex 13 registration (pf::enforcement::_should_we_reassign_vlan) Jun 5 13:02:46 charlie packetfence: INFO pfperl-api(29486): Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Jun 5 13:02:46 charlie packetfence: INFO pfperl-api(29486): Connection type is Ethernet-NoEAP. Getting role from node_info (pf::role::getRegisteredRole) Jun 5 13:02:46 charlie packetfence: INFO pfperl-api(29486): Username was defined "3cd92ba47c80" - returning role 'Printers' (pf::role::getRegisteredRole) Jun 5 13:02:46 charlie packetfence: INFO pfperl-api(29486): PID: "default", Status: reg Returned VLAN: (undefined), Role: Printers (pf::role::fetchRoleForNode) Jun 5 13:02:46 charlie packetfence: INFO pfperl-api(29486): VLAN reassignment required (current VLAN = 75 but should be in VLAN 50) (pf::enforcement::_should_we_reassign_vlan) Jun 5 13:02:46 charlie packetfence: INFO pfperl-api(29486): switch port is (192.168.221.18) ifIndex 13 connection type: Wired MAC Auth (pf::enforcement::_vlan_reevaluation) Jun 5 13:02:46 charlie packetfence: INFO pfperl-api(29486): this is a non-reevaluate-access security_event, closing security_event entry now (pf::action::action_execute) Jun 5 13:02:46 charlie packetfence: INFO pfperl-api(29486): security_event 3000006 force-closed for 3c:d9:2b:a4:7c:80 (pf::security_event::security_event_force_close) Jun 5 13:02:47 charlie packetfence: INFO pfperl-api(16012): Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Jun 5 13:02:48 charlie pfqueue: pfqueue(29244) WARN: [mac:3c:d9:2b:a4:7c:80] Until CoA is implemented we will bounce the port on VLAN re-assignment traps for MAC-Auth (pf::Switch::handleReAssignVlanTrapForWiredMacAuth) Jun 5 13:02:52 charlie pfqueue: pfqueue(29244) ERROR: [mac:3c:d9:2b:a4:7c:80] error creating SNMP v1 write connection to 192.168.221.18: No response from remote host "192.168.221.18" (pf::Switch::connectWriteTo) I tried to correct the error in the last line but I haven't been able to do it, also, I'm not sure if that's the problem. Every drop of help will be appreciated. Regards, Jose _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
