Hello Ludovic, thans for your reply. I see the answer below. I think I have edited it right. According to this answer, he appointed me to vlan160. I think you say that in this case I should check the access point.I checked it. There is 160 vlan on the access point. What other controls do you think I can do?
RADIUS Reply EAP-Message = 0x038b0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "[email protected]" Tunnel-Type = VLAN Tunnel-Private-Group-Id = "160" Tunnel-Medium-Type = IEEE-802 Ludovic Zammit <[email protected]>, 25 Şub 2020 Sal, 16:40 tarihinde şunu yazdı: > Hello Sinan, > > Check in the radius reply in the Auditing tab in Packetfence for your > connection. It would tell you which radius attribute are send to your AP. > > If you see something like: > > RADIUS Reply > Tunnel-Type = VLAN > Tunnel-Private-Group-Id = "14" > Tunnel-Medium-Type = IEEE-802 > > You would need to check on the wireless controller if the client is being > placed on the vlan 14, if yes, check if the vlan 14 is span on the AP > switch port. > > Thanks, > > > Ludovic [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > > > > On Feb 24, 2020, at 7:49 AM, Sinan Yosunkaya via PacketFence-users < > [email protected]> wrote: > > I'm very new to nac. This is the first time I have experienced a nac > solution. So I'm also far from concepts. So I may be making obvious > mistakes. I will ask you to help. > > We have a fortigate device in the workplace and we have a lot of fortiap. > > 1. Following the instructions, I installed Packetfence zen. > 2. I made the active directory connection. > 3. I added the Authentication sources and connection profiles by following > the instructions. > 4. I added my Fortigate device from both the "switches" menu and the > "Firewall SSO" menus. > 5. I showed packetfence as a radius source on fortigate and I was > successful. > 6. I have a vlan on Fortigate. I added Vlan ID of this vlan to my > fortigate from the "switches" menu. > > I can successfully login to ssid, which is broadcasting on Fortiap, by > using "radius authentication" on packetfence. But I can't get a IP from the > vlan on fortigate. I get an address like this. (sample: 169.254.222.174) > > and I could not overcome this problem. Although I have read the documents > many times, I could not find a solution. Can someone help? > > -- > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > -- Sinan Yosunkaya
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
