Hi and thanks for support, I need help for dhcp assignment to client device.
The switch where the client is connect work fine, assign a correct vlan that I want; but the server PF not release an ip into this vlan. In attached file the service of serverPF for troubleshooting In the router I inserted the helper-address of serverPF What can I do for this? Thanks , best regards. Roberto
[root@PacketFence-ZEN ~]# netstat -pnl Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:6380 0.0.0.0:* LISTEN 2462/redis-server 1 tcp 0 0 127.0.0.1:22222 0.0.0.0:* LISTEN 2382/pfdhcp tcp 0 0 127.0.0.1:22223 0.0.0.0:* LISTEN 2372/pfhttpd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN 2518/httpd tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 1600/perl tcp 0 0 10.25.179.200:80 0.0.0.0:* LISTEN 2458/haproxy tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 983/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2120/master tcp 0 0 10.25.179.200:443 0.0.0.0:* LISTEN 2458/haproxy tcp 0 0 127.0.0.1:8125 0.0.0.0:* LISTEN 2526/netdata tcp 0 0 127.0.0.1:7070 0.0.0.0:* LISTEN 2505/httpd tcp 0 0 10.25.179.200:7070 0.0.0.0:* LISTEN 2505/httpd tcp 0 0 127.0.0.1:19999 0.0.0.0:* LISTEN 2526/netdata tcp 0 0 10.25.179.200:19999 0.0.0.0:* LISTEN 2526/netdata tcp 0 0 10.25.179.200:1025 0.0.0.0:* LISTEN 2458/haproxy tcp 0 0 127.0.0.1:9090 0.0.0.0:* LISTEN 2484/httpd tcp 0 0 10.25.179.200:9090 0.0.0.0:* LISTEN 2484/httpd tcp 0 0 10.25.179.200:1443 0.0.0.0:* LISTEN 2879/httpd tcp 0 0 10.25.179.200:2083 0.0.0.0:* LISTEN 2936/radiusd tcp 0 0 10.25.179.200:1444 0.0.0.0:* LISTEN 2518/httpd tcp 0 0 0.0.0.0:5252 0.0.0.0:* LISTEN 2500/httpd tcp 0 0 127.0.0.1:8777 0.0.0.0:* LISTEN 2384/pfhttpd tcp 0 0 10.25.179.200:3306 0.0.0.0:* LISTEN 2341/mysqld tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 963/redis-server 12 tcp6 0 0 :::9999 :::* LISTEN 2374/pfhttpd tcp6 0 0 :::111 :::* LISTEN 1/systemd tcp6 0 0 :::53 :::* LISTEN 2460/pfdns tcp6 0 0 :::54 :::* LISTEN 2460/pfdns tcp6 0 0 :::22 :::* LISTEN 983/sshd tcp6 0 0 :::8888 :::* LISTEN 2373/pfhttpd tcp6 0 0 :::8889 :::* LISTEN 2373/pfhttpd tcp6 0 0 ::1:25 :::* LISTEN 2120/master tcp6 0 0 ::1:8125 :::* LISTEN 2526/netdata udp 0 0 0.0.0.0:44524 0.0.0.0:* 2936/radiusd udp 0 0 127.0.0.1:8125 0.0.0.0:* 2526/netdata udp 0 0 0.0.0.0:67 0.0.0.0:* 2382/pfdhcp udp 0 0 10.25.179.200:67 0.0.0.0:* 2382/pfdhcp udp 0 0 127.0.0.1:323 0.0.0.0:* 655/chronyd udp 0 0 127.0.0.1:18121 0.0.0.0:* 2936/radiusd udp 0 0 127.0.0.1:18122 0.0.0.0:* 2965/radiusd udp 0 0 10.25.179.200:1812 0.0.0.0:* 2936/radiusd udp 0 0 10.25.179.200:1813 0.0.0.0:* 2965/radiusd udp6 0 0 ::1:8125 :::* 2526/netdata udp6 0 0 :::53 :::* 2460/pfdns udp6 0 0 :::54 :::* 2460/pfdns udp6 0 0 ::1:323 :::* 655/chronyd Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 15554171 8987/sshd: root@pts /tmp/ssh-FJjf7kPq8u/agent.8987 unix 2 [ ACC ] STREAM LISTENING 21651 2341/mysqld /var/lib/mysql/mysql.sock unix 2 [ ACC ] STREAM LISTENING 14230 2120/master private/lmtp unix 2 [ ACC ] STREAM LISTENING 14233 2120/master private/anvil unix 2 [ ACC ] SEQPACKET LISTENING 11797 1/systemd /run/udev/control unix 2 [ ACC ] STREAM LISTENING 11840 1/systemd /run/lvm/lvmpolld.socket unix 2 [ ACC ] STREAM LISTENING 30527 2936/radiusd /usr/local/pf/var/run/radiusd.sock unix 2 [ ACC ] STREAM LISTENING 32895 2965/radiusd /usr/local/pf/var/run/radiusd-acct.sock unix 2 [ ACC ] STREAM LISTENING 33485 3021/sshd: root@pts /tmp/ssh-3SmB6QwEM0/agent.3021 unix 2 [ ACC ] STREAM LISTENING 14676 649/gssproxy /run/gssproxy.sock unix 2 [ ACC ] STREAM LISTENING 14675 649/gssproxy /var/lib/gssproxy/default.sock unix 2 [ ACC ] STREAM LISTENING 14179 2120/master private/tlsmgr unix 2 [ ACC ] STREAM LISTENING 14182 2120/master private/rewrite unix 2 [ ACC ] STREAM LISTENING 14185 2120/master private/bounce unix 2 [ ACC ] STREAM LISTENING 14188 2120/master private/defer unix 2 [ ACC ] STREAM LISTENING 14194 2120/master private/verify unix 2 [ ACC ] STREAM LISTENING 14200 2120/master private/proxymap unix 2 [ ACC ] STREAM LISTENING 14203 2120/master private/proxywrite unix 2 [ ACC ] STREAM LISTENING 14209 2120/master private/relay unix 2 [ ACC ] STREAM LISTENING 14218 2120/master private/retry unix 2 [ ACC ] STREAM LISTENING 14221 2120/master private/discard unix 2 [ ACC ] STREAM LISTENING 14224 2120/master private/local unix 2 [ ACC ] STREAM LISTENING 14227 2120/master private/virtual unix 2 [ ACC ] STREAM LISTENING 14236 2120/master private/scache unix 2 [ ACC ] STREAM LISTENING 1396 1/systemd /run/systemd/journal/stdout unix 2 [ ACC ] STREAM LISTENING 14206 2120/master private/smtp unix 2 [ ACC ] STREAM LISTENING 16927 963/redis-server 12 /usr/local/pf/var/run/redis_cache.sock unix 2 [ ACC ] STREAM LISTENING 14093 964/pfconfig /usr/local/pf/var/run/pfconfig.sock unix 2 [ ACC ] STREAM LISTENING 14166 2120/master public/pickup unix 2 [ ACC ] STREAM LISTENING 14170 2120/master public/cleanup unix 2 [ ACC ] STREAM LISTENING 20235 2389/pfstats /usr/local/pf/var/run/collectd-unixsock unix 2 [ ACC ] STREAM LISTENING 23563 2458/haproxy /usr/local/pf/var/run/haproxy-portal.stats.2456.tmp unix 2 [ ACC ] STREAM LISTENING 20293 2462/redis-server 1 /usr/local/pf/var/run/redis_queue.sock unix 2 [ ACC ] STREAM LISTENING 11718 1/systemd /run/systemd/private unix 2 [ ACC ] STREAM LISTENING 14191 2120/master private/trace unix 2 [ ACC ] STREAM LISTENING 14545 1/systemd /var/run/rpcbind.sock unix 2 [ ACC ] STREAM LISTENING 14549 1/systemd /run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 23328 2387/pffilter /usr/local/pf/var/run/pffilter.sock unix 2 [ ACC ] STREAM LISTENING 11739 1/systemd /run/lvm/lvmetad.socket unix 2 [ ACC ] STREAM LISTENING 14215 2120/master private/error unix 2 [ ACC ] STREAM LISTENING 14173 2120/master public/qmgr unix 2 [ ACC ] STREAM LISTENING 14197 2120/master public/flush unix 2 [ ACC ] STREAM LISTENING 14212 2120/master public/showq [root@PacketFence-ZEN ~]# "/usr/local/pf/conf/networks.conf [10.212.179.0] network=10.212.179.0 dns=10.25.179.41,10.26.179.41 next_hop=10.25.179.1 gateway=10.212.179.1 domain-name=vlan-registration.xxx.xxx.com named=enabled netmask=255.255.255.0 dhcp_end=10.212.179.254 dhcp_start=10.212.179.10 nat_enabled=1 ip_reserved=10.212.179.1 dhcp_max_lease_time=7200 fake_mac_enabled=disabled dhcpd=enabled type=vlan-registration dhcp_default_lease_time=3600 [10.213.179.0] network=10.213.179.0 dns=10.25.179.41,10.26.179.41 next_hop=10.25.179.1 gateway=10.213.179.1 domain-name=dns-enforcement.xxx.xxx.com named=enabled netmask=255.255.255.0 dhcp_end=10.213.179.254 dhcp_start=10.213.179.10 nat_enabled=1 ip_reserved=10.213.179.1 dhcp_max_lease_time=7200 fake_mac_enabled=disabled dhcpd=enabled type=dns-enforcement dhcp_default_lease_time=3600 ~ [root@PacketFence-ZEN ~]# tail -f /usr/local/pf/logs/packetfence.log Aug 14 08:24:13 PacketFence-ZEN pfipset[2372]: t=2019-08-14T08:24:13+0000 lvl=info msg="No Inline Network bypass ipsets reload" pid=2372 Aug 14 08:29:13 PacketFence-ZEN pfipset[2372]: t=2019-08-14T08:29:13+0000 lvl=info msg="No Inline Network bypass ipsets reload" pid=2372 Aug 14 08:34:13 PacketFence-ZEN pfipset[2372]: t=2019-08-14T08:34:13+0000 lvl=info msg="No Inline Network bypass ipsets reload" pid=2372 Aug 14 08:39:13 PacketFence-ZEN pfipset[2372]: t=2019-08-14T08:39:13+0000 lvl=info msg="No Inline Network bypass ipsets reload" pid=2372 Aug 14 08:44:13 PacketFence-ZEN pfipset[2372]: t=2019-08-14T08:44:13+0000 lvl=info msg="No Inline Network bypass ipsets reload" pid=2372 Aug 14 08:49:13 PacketFence-ZEN pfipset[2372]: t=2019-08-14T08:49:13+0000 lvl=info msg="No Inline Network bypass ipsets reload" pid=2372 Aug 14 08:54:13 PacketFence-ZEN pfipset[2372]: t=2019-08-14T08:54:13+0000 lvl=info msg="No Inline Network bypass ipsets reload" pid=2372 Aug 14 08:59:13 PacketFence-ZEN pfipset[2372]: t=2019-08-14T08:59:13+0000 lvl=info msg="No Inline Network bypass ipsets reload" pid=2372 Aug 14 09:04:13 PacketFence-ZEN pfipset[2372]: t=2019-08-14T09:04:13+0000 lvl=info msg="No Inline Network bypass ipsets reload" pid=2372 Aug 14 09:09:13 PacketFence-ZEN pfipset[2372]: t=2019-08-14T09:09:13+0000 lvl=info msg="No Inline Network bypass ipsets reload" pid=2372 Aug 14 09:12:27 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2505) INFO: [mac:a0:b3:cc:be:60:69] Instantiate profile guest (pf::Connection::ProfileFactory::_from_profile) Aug 14 09:12:31 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2505) ERROR: [mac:a0:b3:cc:be:60:69] error creating SNMP v2c read connection to 10.20.179.75: No response from remote host "10.20.179.75" (pf::Switch::connectRead) Aug 14 09:12:42 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2505) ERROR: [mac:a0:b3:cc:be:60:69] error creating SNMP v2c read connection to 10.20.179.75: No response from remote host "10.20.179.75" (pf::Switch::connectRead) Aug 14 09:12:42 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2505) INFO: [mac:a0:b3:cc:be:60:69] handling radius autz request: from switch_ip => (10.20.179.75), connection_type => Ethernet-NoEAP,switch_mac => (08:d0:9f:f7:67:89), mac => [a0:b3:cc:be:60:69], port => 10109, username => "a0b3ccbe6069" (pf::radius::authorize) Aug 14 09:12:42 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2505) INFO: [mac:a0:b3:cc:be:60:69] Instantiate profile guest (pf::Connection::ProfileFactory::_from_profile) Aug 14 09:12:42 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2505) INFO: [mac:a0:b3:cc:be:60:69] is of status unreg; belongs into registration VLAN (pf::role::getRegistrationRole) Aug 14 09:12:42 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2505) INFO: [mac:a0:b3:cc:be:60:69] (10.20.179.75) Added VLAN 212 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Aug 14 09:12:42 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2505) INFO: [mac:a0:b3:cc:be:60:69] (10.20.179.75) Added role registration to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Aug 14 09:12:42 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2505) INFO: [mac:a0:b3:cc:be:60:69] Adding web authentication redirection to reply using role: 'registration' and URL: 'http://srvpfmwc1.xxxxxx.com/Cisco::Catalyst_2960/sid031de2' (pf::Switch::Cisco::Catalyst_2960::returnRadiusAccessAccept) Aug 14 09:12:43 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(2505) INFO: [mac:[undef]] Updating locationlog from accounting request (pf::api::handle_accounting_metadata) [root@PacketFence-ZEN ~]# tail -f /usr/local/pf/logs/pfdhcplistener.log Aug 14 04:32:24 PacketFence-ZEN pfdhcplistener: pfqueue(1032) INFO: [mac:unknown] DHCPACK CIADDR from 10.25.179.41 (00:0c:29:25:dd:a6) to host 00:00:00:00:00:00 (10.25.179.41) (pf::dhcp::processor_v4::parse_dhcp_ack) Aug 14 04:32:24 PacketFence-ZEN pfdhcplistener: pfqueue(1032) INFO: [mac:unknown] The listener process is NOT on the same server as the DHCP server. (pf::dhcp::processor_v4::pf_is_dhcp) Aug 14 05:32:29 PacketFence-ZEN pfdhcplistener: pfqueue(3936) INFO: [mac:unknown] DHCPACK CIADDR from 10.25.179.41 (00:0c:29:25:dd:a6) to host 00:00:00:00:00:00 (10.25.179.41) (pf::dhcp::processor_v4::parse_dhcp_ack) Aug 14 05:32:29 PacketFence-ZEN pfdhcplistener: pfqueue(3936) INFO: [mac:unknown] The listener process is NOT on the same server as the DHCP server. (pf::dhcp::processor_v4::pf_is_dhcp) Aug 14 06:32:28 PacketFence-ZEN pfdhcplistener: pfqueue(5400) INFO: [mac:unknown] DHCPACK CIADDR from 10.25.179.41 (00:0c:29:25:dd:a6) to host 00:00:00:00:00:00 (10.25.179.41) (pf::dhcp::processor_v4::parse_dhcp_ack) Aug 14 06:32:28 PacketFence-ZEN pfdhcplistener: pfqueue(5400) INFO: [mac:unknown] The listener process is NOT on the same server as the DHCP server. (pf::dhcp::processor_v4::pf_is_dhcp) Aug 14 07:32:31 PacketFence-ZEN pfdhcplistener: pfqueue(7595) INFO: [mac:unknown] DHCPACK CIADDR from 10.25.179.41 (00:0c:29:25:dd:a6) to host 00:00:00:00:00:00 (10.25.179.41) (pf::dhcp::processor_v4::parse_dhcp_ack) Aug 14 07:32:31 PacketFence-ZEN pfdhcplistener: pfqueue(7595) INFO: [mac:unknown] The listener process is NOT on the same server as the DHCP server. (pf::dhcp::processor_v4::pf_is_dhcp) Aug 14 08:32:31 PacketFence-ZEN pfdhcplistener: pfqueue(10287) INFO: [mac:unknown] DHCPACK CIADDR from 10.25.179.41 (00:0c:29:25:dd:a6) to host 00:00:00:00:00:00 (10.25.179.41) (pf::dhcp::processor_v4::parse_dhcp_ack) Aug 14 08:32:31 PacketFence-ZEN pfdhcplistener: pfqueue(10287) INFO: [mac:unknown] The listener process is NOT on the same server as the DHCP server. (pf::dhcp::processor_v4::pf_is_dhcp)
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
