Hello Pro fence,
packetfence manage the port that needs to be open, so you don't have to
do anything.
Btw it looks that the issue you have is related to the acl you made on
the WLC. (check is there is some hit)
What you can do is to capture the traffic on the device your are testing
with and see if you see any kind of redirection.
Regards
Fabrice
Le 19-07-21 à 09 h 59, pro fence via PacketFence-users a écrit :
Hi,
For somebody who would encounter the same issue,
to solve the last error, you need to add a new radius client.
Does anybody know exactly what ports need to be open for the VIP
besides radius, http for the portal to pop up ? I mean in the log i
have the right ACL and the http://VIP-IP/CISCO::WLC url but the portal
is not showing.
regards,
On Thu, 18 Jul 2019 at 17:00, pro fence <pfenc...@gmail.com
<mailto:pfenc...@gmail.com>> wrote:
Hi Fabrice,
to be more precise i am going to use the ip adresses of the
installation guide to show you my configuration :
to answer your question, yes, cluster.conf is replicated on the 3
servers with the command:
# /usr/local/pf/bin/cluster/sync --from=192.168.1.5
--api-user=user --api-password=password
here is the content of cluster.conf :
[CLUSTER]
management_ip=192.168.1.10
[CLUSTER interface eth0]
ip=192.168.1.10
[CLUSTER interface eth1.2]
ip=192.168.2.10
[CLUSTER interface eth1.3]
ip=192.168.3.10
[pf1.example.com <http://pf1.example.com>]
management_ip=192.168.1.5
[pf1.example.com <http://pf1.example.com> interface eth0]
ip=192.168.1.5
[pf1.example.com <http://pf1.example.com> interface eth1.2]
ip=192.168.2.5
[pf1.example.com <http://pf1.example.com> interface eth1.3]
ip=192.168.3.5
[pf2.example.com <http://pf2.example.com>]
management_ip=192.168.1.6
[pf2.example.com <http://pf2.example.com> interface eth0]
ip=192.168.1.6
[pf2.example.com <http://pf2.example.com> interface eth1.2]
ip=192.168.2.6
[pf2.example.com <http://pf2.example.com> interface eth1.3]
ip=192.168.3.6
[pf3.example.com <http://pf3.example.com>]
management_ip=192.168.1.7
[pf3.example.com <http://pf3.example.com> interface eth0]
ip=192.168.1.7
[pf3.example.com <http://pf3.example.com> interface eth1.2]
ip=192.168.2.7
[pf3.example.com <http://pf3.example.com> interface eth1.3]
ip=192.168.3.7
the error message becomes :
Ignoring request to auth address 192.168.1.5 port 1812 bound to
server packetfence from unknown client loadBalancer_IP port 8905
proto udp
listening ip and port for the first server for example:
tcp 0 0 192.168.1.10:80 <http://192.168.1.10:80>
0.0.0.0:* LISTEN 24615/haproxy
tcp 0 0 192.168.2.10:80 <http://192.168.2.10:80>
0.0.0.0:* LISTEN 24615/haproxy
tcp 0 0 192.168.3.10:80 <http://192.168.3.10:80>
0.0.0.0:* LISTEN 24615/haproxy
tcp 0 0 192.168.1.5:80 <http://192.168.1.5:80>
0.0.0.0:* LISTEN 1026/httpd
tcp 0 0 192.168.2.5:80 <http://192.168.2.5:80>
0.0.0.0:* LISTEN 1026/httpd
tcp 0 0 192.168.3.5:80 <http://192.168.3.5:80>
0.0.0.0:* LISTEN 1026/httpd
thanks in advance,
Regards
On Thu, 18 Jul 2019 at 15:03, Fabrice Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello Pro fence,
it looks that you miss-configured your cluster.
Did you copy the file cluster.conf on each servers ?
Regards
Fabrice
Le 19-07-18 à 06 h 49, pro fence via PacketFence-users a écrit :
Hello,
does anyone ever encountered the following error using a VIP,
from radius :
" Ignoring request to auth address MANAGEMENT_IP port 1812
bound to server packetfence from unknown client
loadBalancer_IP port 8905 proto udp"
the VIP sends the request using a different ip than the one
configured in cluster.conf, so maybe that's the reason ?
Thanks,
Regards,
On Wed, 17 Jul 2019 at 14:32, pro fence <pfenc...@gmail.com
<mailto:pfenc...@gmail.com>> wrote:
Fabrice,
may god bless you ! thank you very much for your time and
help,
Regards,
On Wed, 17 Jul 2019 at 13:28, Durand fabrice via
PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Yes, only the VIP is need on the WLC.
The WLC send a request to the VIP and the radius
load-balancer will forward to one of the radius
server in the cluster.
Regards
Fabrice
Le 19-07-17 à 05 h 14, pro fence via
PacketFence-users a écrit :
Hi Fabrice,
do you mean that the VIP needs to be configured as
the radius server in the WLC ?
Thanks,
Regards,
On Tue, 16 Jul 2019 at 23:16, Durand fabrice via
PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> wrote:
Hello,
only the VIP needs to be configured as the
radius server.
Regards
Fabrice
Le 19-07-16 à 11 h 53, Domingos Varela via
PacketFence-users a écrit :
Hello,
Does your wlc have hits in the statistics of
communication with radius servers?
Do you have the IPs of the servers in wlc's ACL?
Thanks
Cumprimentos,*
Domingos Varela*
Tel. +244 923 229 330 | Luanda - Angola
pro fence via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>>
escreveu no dia terça, 16/07/2019 à(s) 16:41:
Hi,
thank you for your reply,
i have configured the 3 radius servers on
the wlc, but i thought that more needs to
be done so that the WLC could link the vip
with the ssid ? or maybe i am missing
something ? problem is when i try to
connect to the ssid,nothing happens know
Regards,
On Tue, 16 Jul 2019 at 17:07, Domingos
Varela via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>>
wrote:
Hi,
wlc needs to know who the radius server
will communicate with it, so I think
you have to configure the three radius
servers in wlc, the virtual IP will
only redirect the requests to the servers.
If you configure the virtual IP the
request will be made, but you may have
problems in the response because wlc
will not recognize the server that will
respond to the request.
thanks
Regards
Cumprimentos,*
Domingos Varela*
Tel. +244 923 229 330 | Luanda - Angola
pro fence via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>>
escreveu no dia terça, 16/07/2019 à(s)
14:42:
Hi,
i have a 3 servers' cluster
configured with a Virtual IP,
do you guys know what needs to be
changed or configured on the cisco
WLC for the VIP to make sure that
when the user connects to the ssid
it goes through the VIP ?
Any help would be appreciated,
Thanks,
Regards,
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
PacketFence (http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users