Hi Martin, Thanks for the email. I’ve attached the file as you requested.
Cheers. Woo Seok Choi Network Engineer D: +61 292536532 [cid:[email protected]]<http://www.gbst.com/> [cid:[email protected]] <https://www.linkedin.com/company/gbst> [cid:[email protected]] <https://twitter.com/gbstholdings> From: Martin Rodriguez <[email protected]> Sent: Tuesday, 22 October 2019 6:48 PM To: [email protected] Cc: Woo Seok Choi <[email protected]> Subject: Re: [PacketFence-users] Message says that "Your network should be enabled within a minute or two. If it is not reboot your computer" Hi. Can you share the IAP config for the wlan network? I believe MAC auth is meassing and derivation roles too. Regards El lun., 21 de oct. de 2019 08:14, Woo Seok Choi via PacketFence-users <[email protected]<mailto:[email protected]>> escribió: Hi, I try to set up a PacketFence with Aruba IAP for guest wireless, but I get the Message says that "Your network should be enabled within a minute or two. If it is not reboot your computer" even though I can see the MAC & IP address on the page. Anyway, I use Null Source for test. Here is the log from packetfence.log: ------------ Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. (Class::MOP::Class:::after) Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. (Class::MOP::Class:::after) Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) WARN: [mac:ac:b5:7d:xx:xx:xx] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match) Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) INFO: [mac:ac:b5:7d:xx:xx:xx] Using sources null for matching (pf::authentication::match) Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) INFO: [mac:ac:b5:7d:xx:xx:xx] Matched rule (catchall) in source null, returning actions. (pf::Authentication::Source::match_rule) Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) INFO: [mac:ac:b5:7d:xx:xx:xx] Matched rule (catchall) in source null, returning actions. (pf::Authentication::Source::match) Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. (Class::MOP::Class:::after) Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) WARN: [mac:ac:b5:7d:xx:xx:xx] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match) Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) INFO: [mac:ac:b5:7d:xx:xx:xx] Using sources null for matching (pf::authentication::match) Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) INFO: [mac:ac:b5:7d:xx:xx:xx] Matched rule (catchall) in source null, returning actions. (pf::Authentication::Source::match_rule) Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) INFO: [mac:ac:b5:7d:xx:xx:xx] Matched rule (catchall) in source null, returning actions. (pf::Authentication::Source::match) Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. (Class::MOP::Class:::after) Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) WARN: [mac:ac:b5:7d:xx:xx:xx] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match) Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) INFO: [mac:ac:b5:7d:xx:xx:xx] Using sources null for matching (pf::authentication::match) Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. (Class::MOP::Class:::after) Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) WARN: [mac:ac:b5:7d:xx:xx:xx] Calling match with empty/invalid rule class. Defaulting to 'authentication' (pf::authentication::match) Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(52273) INFO: [mac:ac:b5:7d:xx:xx:xx] Using sources null for matching (pf::authentication::match) Oct 14 12:47:15 packetfence packetfence_httpd.portal: httpd.portal(53669) INFO: [mac:ac:b5:7d:xx:xx:xx] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) INFO: [mac:ac:b5:7d:xx:xx:xx] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. (Class::MOP::Class:::after) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) INFO: [mac:ac:b5:7d:xx:xx:xx] No provisioner found for ac:b5:7d:xx:xx:xx. Continuing. (captiveportal::PacketFence::DynamicRouting::Module::Provisioning::execute_child) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. (Class::MOP::Class:::after) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. (Class::MOP::Class:::after) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. (Class::MOP::Class:::after) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. (Class::MOP::Class:::after) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. (Class::MOP::Class:::after) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. (Class::MOP::Class:::after) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) INFO: [mac:ac:b5:7d:xx:xx:xx] security_event 1300003 force-closed for ac:b5:7d:xx:xx:xx (pf::security_event::security_event_force_close) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) INFO: [mac:ac:b5:7d:xx:xx:xx] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(51577) WARN: [mac:ac:b5:7d:xx:xx:xx] Use of uninitialized value in concatenation (.) or string at /usr/local/pf/lib/captiveportal/PacketFence/DynamicRouting/Module/Root.pm line 89. (captiveportal::PacketFence::DynamicRouting::Module::Root::release) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(53669) WARN: [mac:unknown] locale from the URL is not supported (pf::Portal::Session::getLanguages) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(53669) WARN: [mac:ac:b5:7d:xx:xx:xx] locale from the URL is not supported (pf::Portal::Session::getLanguages) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(53669) INFO: [mac:ac:b5:7d:xx:xx:xx] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(53669) WARN: [mac:ac:b5:7d:xx:xx:xx] locale from the URL is not supported (captiveportal::PacketFence::Controller::Root::getLanguages) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(53669) INFO: [mac:ac:b5:7d:xx:xx:xx] Releasing device (captiveportal::PacketFence::DynamicRouting::Module::Root::release) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(53669) INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. (Class::MOP::Class:::after) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(53669) WARN: [mac:ac:b5:7d:xx:xx:xx] locale from the URL is not supported (pf::Portal::Session::getLanguages) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(53669) INFO: [mac:ac:b5:7d:xx:xx:xx] re-evaluating access (manage_register called) (pf::enforcement::reevaluate_access) Oct 14 12:47:16 packetfence packetfence_httpd.portal: httpd.portal(53669) WARN: [mac:ac:b5:7d:xx:xx:xx] Can't re-evaluate access because no open locationlog entry was found (pf::enforcement::reevaluate_access) Oct 14 12:47:26 packetfence packetfence_httpd.portal: httpd.portal(51577) INFO: [mac:ac:b5:7d:xx:xx:xx] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) Oct 14 12:47:26 packetfence packetfence_httpd.portal: httpd.portal(51577) INFO: [mac:ac:b5:7d:xx:xx:xx] User default has authenticated on the portal. (Class::MOP::Class:::after) Oct 14 12:47:26 packetfence packetfence_httpd.portal: httpd.portal(51577) INFO: [mac:ac:b5:7d:xx:xx:xx] Reevaluating access of device. (captiveportal::PacketFence::DynamicRouting::Module::Root::unknown_state) Oct 14 12:47:26 packetfence packetfence_httpd.portal: httpd.portal(51577) INFO: [mac:ac:b5:7d:xx:xx:xx] re-evaluating access (manage_register called) (pf::enforcement::reevaluate_access) Oct 14 12:47:26 packetfence packetfence_httpd.portal: httpd.portal(51577) WARN: [mac:ac:b5:7d:xx:xx:xx] Can't re-evaluate access because no open locationlog entry was found (pf::enforcement::reevaluate_access) Oct 14 12:50:09 packetfence pfipset[2046]: t=2019-10-14T12:50:09+1000 lvl=info msg="No Inline Network bypass ipsets reload" pid=2046 Oct 14 12:55:09 packetfence pfipset[2046]: t=2019-10-14T12:55:09+1000 lvl=info msg="No Inline Network bypass ipsets reload" pid=2046 Oct 14 13:00:09 packetfence pfipset[2046]: t=2019-10-14T13:00:09+1000 lvl=info msg="No Inline Network bypass ipsets reload" pid=2046 ------------ Please let me know if you need more info. Thanks. Best Regards, Woo Seok Choi The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and / or privileged material that may be governed by confidential information provisions contained in the agreement between GBST and your company. Any disclosure, copying, distribution, or other use without the express consent of the sender is prohibited. If you received this in error, please contact the sender and delete the material from any computer. All rights in the information transmitted, including copyright, are reserved. Nothing in this message should be interpreted as a digital signature that can be used to authenticate a document. No warranty is given by the sender that any attachments to this email are free from viruses or other defects. _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=02%7C01%7CWooseok.Choi%40gbst.com%7Cb4c954e879e2476d46c508d756c43e15%7C1c2da354196b481891e4f760cbaac9e4%7C0%7C0%7C637073273187329426&sdata=P%2FCgARtEieJT6lOlpD3a5fkZaLFIDvvQQKQy16W5yyA%3D&reserved=0> The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and / or privileged material that may be governed by confidential information provisions contained in the agreement between GBST and your company. Any disclosure, copying, distribution, or other use without the express consent of the sender is prohibited. If you received this in error, please contact the sender and delete the material from any computer. All rights in the information transmitted, including copyright, are reserved. Nothing in this message should be interpreted as a digital signature that can be used to authenticate a document. No warranty is given by the sender that any attachments to this email are free from viruses or other defects.
L24-near-lift# sh run version 6.4.4.0-4.2.4 virtual-controller-country AU virtual-controller-key 2fc9633e01470ef7b1e28f632bb0a5a07d7f74c1a130dc6aae name syd-vc organization Sydney virtual-controller-ip 192.168.201.250 syslog-server 172.22.5.252 syslog-level notice terminal-access ntp-server 192.168.21.249 clock timezone Sydney 10 00 rf-band all dynamic-radius-proxy ams-ip 172.28.18.245 ams-key xxxxxxxxxxxxxxxxxxxxxx ams-identity xxxxxxxxxxxxxxxxxxxx allow-new-aps allowed-ap 24:de:c6:c4:ae:93 allowed-ap 24:de:c6:c4:ae:8b allowed-ap 24:de:c6:c4:ac:74 allowed-ap 24:de:c6:c4:ae:91 allowed-ap 24:de:c6:c4:ae:94 snmp-server community xxxxxxxxxxxxxxxxxxx arm wide-bands 5ghz min-tx-power 18 max-tx-power 127 band-steering-mode prefer-5ghz air-time-fairness-mode fair-access client-aware scanning rf dot11g-radio-profile spectrum-monitor rf dot11a-radio-profile spectrum-monitor syslog-level emergency ap-debug syslog-level emergency network syslog-level emergency security syslog-level emergency system syslog-level notice user syslog-level emergency user-debug syslog-level emergency wireless mgmt-user admin xxxxxxxxxxxxxxxxx wlan access-rule default_wired_port_profile index 0 rule any any match any any any permit wlan access-rule CaptivePortal-PreAuth index 1 rule 172.28.18.248 255.255.255.255 match tcp 443 443 permit rule 172.28.18.248 255.255.255.255 match tcp 80 80 permit rule any any match udp 53 53 permit rule any any match any any any deny wlan access-rule External index 2 rule any any match udp 67 68 permit rule 8.8.8.8 255.255.255.255 match udp 53 53 permit rule 8.8.4.4 255.255.255.255 match udp 53 53 permit rule 208.67.222.222 255.255.255.255 match udp 53 53 permit rule 208.67.220.220 255.255.255.255 match udp 53 53 permit rule 172.28.18.248 255.255.255.255 match tcp 443 443 permit rule 10.0.0.0 255.0.0.0 match any any any deny rule 172.16.0.0 255.240.0.0 match any any any deny rule 192.168.0.0 255.255.0.0 match any any any deny rule any any match any any any permit wlan access-rule Internal index 3 rule any any match any any any permit wlan access-rule gbst-guest index 4 rule any any match udp 67 68 permit rule 8.8.8.8 255.255.255.255 match udp 53 53 permit rule 8.8.4.4 255.255.255.255 match udp 53 53 permit rule 208.67.222.222 255.255.255.255 match udp 53 53 permit rule 208.67.220.220 255.255.255.255 match udp 53 53 permit rule 172.28.18.248 255.255.255.255 match tcp 443 443 permit rule 172.28.18.248 255.255.255.255 match tcp 80 80 permit rule 10.0.0.0 255.0.0.0 match any any any deny rule 192.168.0.0 255.255.0.0 match any any any deny rule 172.16.0.0 255.240.0.0 match any any any deny rule any any match any any any permit wlan access-rule wired-instant index 5 rule masterip 0.0.0.0 match tcp 80 80 permit rule masterip 0.0.0.0 match tcp 4343 4343 permit rule any any match udp 67 68 permit rule any any match udp 53 53 permit wlan access-rule packetfence index 6 rule 10.11.8.37 255.255.255.255 match app http permit rule 10.11.8.37 255.255.255.255 match app https permit rule any any match app dns permit rule any any match any any any deny wlan access-rule test-guest index 7 rule any any match app dhcp permit rule 8.8.8.8 255.255.255.255 match app dns permit rule 10.11.8.37 255.255.255.255 match app http permit rule 10.11.8.37 255.255.255.255 match app https permit rule 192.168.0.0 255.255.0.0 match any any any deny rule 172.16.0.0 255.240.0.0 match any any any deny rule 10.0.0.0 255.0.0.0 match any any any deny rule any any match any any any permit wlan access-rule test-guest-1 index 8 rule 172.28.19.231 255.255.255.255 match app http permit rule 172.28.19.231 255.255.255.255 match app https permit rule any any match app dhcp permit rule 8.8.8.8 255.255.255.255 match app dns permit rule 192.168.0.0 255.255.0.0 match any any any deny rule 172.16.0.0 255.240.0.0 match any any any deny rule 10.0.0.0 255.0.0.0 match any any any deny rule any any match any any any permit wlan ssid-profile External enable index 0 type employee essid External opmode wpa2-aes max-authentication-failures 0 vlan 203 auth-server clearpass rf-band all captive-portal disable dtim-period 1 inactivity-timeout 3600 broadcast-filter none radius-reauth-interval 420 radius-accounting radius-interim-accounting-interval 40 dmo-channel-utilization-threshold 90 local-probe-req-thresh 0 max-clients-threshold 64 wlan ssid-profile Internal enable index 1 type employee essid Internal opmode wpa2-aes max-authentication-failures 0 auth-server clearpass rf-band all captive-portal disable dtim-period 1 inactivity-timeout 3600 broadcast-filter none radius-reauth-interval 420 radius-accounting radius-interim-accounting-interval 5 dmo-channel-utilization-threshold 90 local-probe-req-thresh 0 max-clients-threshold 64 wlan ssid-profile gbst-guest enable index 2 type guest essid gbst-guest opmode opensystem max-authentication-failures 0 vlan 203 auth-server clearpass set-role-pre-auth CaptivePortal-PreAuth rf-band all captive-portal external dtim-period 1 inactivity-timeout 3600 broadcast-filter none radius-reauth-interval 420 radius-accounting radius-interim-accounting-interval 5 dmo-channel-utilization-threshold 90 local-probe-req-thresh 0 max-clients-threshold 64 wlan ssid-profile test-guest enable index 3 type guest essid test-guest opmode opensystem max-authentication-failures 0 vlan 203 auth-server packetfence set-role-pre-auth packetfence rf-band all captive-portal external profile guest dtim-period 1 broadcast-filter arp radius-reauth-interval 480 radius-accounting radius-interim-accounting-interval 5 dmo-channel-utilization-threshold 90 local-probe-req-thresh 0 max-clients-threshold 64 wlan ssid-profile test-guest-1 enable index 4 type guest essid test-guest-1 opmode opensystem max-authentication-failures 0 vlan 203 auth-server PFinternal set-role-pre-auth packetfence rf-band all captive-portal external profile testguest dtim-period 1 broadcast-filter arp radius-reauth-interval 480 radius-accounting radius-interim-accounting-interval 5 dmo-channel-utilization-threshold 90 local-probe-req-thresh 0 max-clients-threshold 64 auth-survivability cache-time-out 24 wlan auth-server clearpass ip 172.28.18.248 port 1812 acctport 1813 key xxxxxxxxxxxxxxxxxxxxx nas-ip 192.168.201.250 nas-id 192.168.201.250 rfc3576 cppm-rfc3576-port 5999 wlan auth-server packetfence ip 10.11.8.37 port 1812 acctport 1813 timeout 10 retry-count 5 key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx nas-ip 192.168.201.250 rfc3576 cppm-rfc3576-port 3799 wlan auth-server PFinternal ip 172.28.19.231 port 1812 acctport 1813 timeout 10 key xxxxxxxxxxxxxxxxxxxxxxxx nas-ip 192.168.201.250 wlan external-captive-portal server clearpass.gbst.net port 80 url "/guest/gbst_guest.php" auth-text "" wlan external-captive-portal guest server 10.11.8.37 port 80 url "/signup" auth-text "" server-offload switch-ip wlan external-captive-portal testguest server 172.28.19.231 port 80 url "/signup" auth-text "" auto-whitelist-disable blacklist-time 3600 auth-failure-blacklist-time 3600 ids wireless-containment none wired-port-profile default_wired_port_profile switchport-mode trunk allowed-vlan all native-vlan 1 shutdown access-rule-name default_wired_port_profile speed auto duplex full no poe type employee captive-portal disable no dot1x wired-port-profile wired-instant switchport-mode access allowed-vlan all native-vlan 1 no shutdown access-rule-name wired-instant speed auto duplex auto no poe type guest captive-portal disable no dot1x enet0-port-profile default_wired_port_profile uplink preemption enforce none failover-internet-pkt-lost-cnt 10 failover-internet-pkt-send-freq 30 failover-vpn-timeout 180 airgroup disable airgroupservice airplay disable description AirPlay airgroupservice airprint disable description AirPrint firewall-external-enforcement pan ip 172.22.5.252 port 514 user admin-aruba xxxxxxxxxxxxxxxxxxxxxxxxxxxx enable
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
