Hey Zacharry, Thanks for making time for the back and forth.
I've used all templates (EX, EX2200, EX2200 v15, EX2300) and a mix of auth methods with each. I've tried to be pretty thorough without luck. If someone who's using Juniper switches chimes in and tells me a combo that's working it would really help me to narrow my troubleshooting. *Nicholas P. Pier* Network Architect CCNP R&S, PCNSE, VCIX6-DCV, VCIX6-NV, RHCE, CEHv10 On Fri, Mar 13, 2020 at 1:47 PM Zacharry Williams <[email protected]> wrote: > I wonder if it's like the Aruba 2930s where it supports half of 3576 (COA) > only. For device type are you using EX series? Or one of the others? You > may have to change the device type and play with it a bit > > On Fri, Mar 13, 2020, 10:40 AM Nicholas Pier <[email protected]> wrote: > >> I'm seeing conflicting information there. The switch lets me configure an >> alternate CoA port. It's clearly an option in the CLI. >> >> However, the official documentation doesn't list the EX4200s as >> supporting changes to authorization. They're an end of support device. So, >> it could just be that the documentation doesn't cover legacy devices. >> >> https://www.juniper.net/documentation/en_US/junos/topics/topic-map/802-1x-authentication-switching-devices.html >> >> Also, I never see packetfence send a deauth message in a packet capture. >> So, I don't know if this is a compatibility issue with hardware or server >> side configuration issue. >> >> My hope was to find someone in this user group who's successfully using >> them - which profile - which deauth method - etc... >> >> >> *Nicholas P. Pier* >> Network Architect >> CCNP R&S, PCNSE, VCIX6-DCV, VCIX6-NV, RHCE, CEHv10 >> >> >> On Fri, Mar 13, 2020 at 1:27 PM Zacharry Williams <[email protected]> >> wrote: >> >>> Lol whoops! I was working on a couple firewalls and totally mixed up my >>> rfcs! 3576 is the one I meant. >>> >>> On Fri, Mar 13, 2020, 8:49 AM Nicholas Pier <[email protected]> wrote: >>> >>>> **accidentally sent too soon*** >>>> >>>> >>>> https://www.juniper.net/documentation/en_US/junos/topics/reference/standards/ospf.html >>>> Click on "Platform and Release Support" for details. >>>> >>>> >>>> *Nicholas P. Pier* >>>> Network Architect >>>> CCNP R&S, PCNSE, VCIX6-DCV, VCIX6-NV, RHCE, CEHv10 >>>> >>>> >>>> On Fri, Mar 13, 2020 at 11:48 AM Nicholas Pier <[email protected]> >>>> wrote: >>>> >>>>> Hi Zachary, >>>>> >>>>> How does OSPF help in the scenario? Is that the right RFC? >>>>> >>>>> To answer your question, the OSPF VPN feature is not supported until >>>>> later hardware (according to the following link). >>>>> >>>>> *Nicholas P. Pier* >>>>> Network Architect >>>>> CCNP R&S, PCNSE, VCIX6-DCV, VCIX6-NV, RHCE, CEHv10 >>>>> >>>>> >>>>> On Fri, Mar 13, 2020 at 11:21 AM Zacharry Williams < >>>>> [email protected]> wrote: >>>>> >>>>>> Do those switches support rfc 4576? >>>>>> >>>>>> On Thu, Mar 12, 2020, 5:42 PM Nicholas Pier via PacketFence-users < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> The Juniper switches are properly placing nodes on vlans based on >>>>>>> roles if there's an up/down port event. The problem is that, I can't >>>>>>> seem >>>>>>> to get de-authentication devices to change their VLAN without an up/down >>>>>>> event. We have an important workflow where a user changes role after >>>>>>> logging into a captive portal page. But, the role won't change unless >>>>>>> they >>>>>>> disconnect/connect or reboot. I also did a packet capture using tcpdump >>>>>>> on >>>>>>> the packetefence server and never see it send a CoA/Radius message to >>>>>>> the >>>>>>> switch to deauth the port when a role changes. >>>>>>> >>>>>>> Also, packetfence's feature to restart the port doesn't seem to be >>>>>>> working. >>>>>>> >>>>>>> I have an existing Packetfence environment with Cisco switches and >>>>>>> am trying to introduce some older Juniper switches (EX4200s with 15.1 >>>>>>> firmware). Cisco devices transition VLANs without the need to restart >>>>>>> the >>>>>>> port manually. >>>>>>> >>>>>>> Can anyone offer some guidance? >>>>>>> >>>>>>> Packetfence version is 9.3. >>>>>>> packetfence-9.3.0-20200113144930.108928498.0007.el7.x86_64 >>>>>>> CentOS 7.7 - 3.10.0-1062.12.1.el7.x86_64 >>>>>>> I'm using the Juniper::EX2200_v15 template. >>>>>>> Switches affected are EX4200s with JUNOS 15.1R7.9 firmware >>>>>>> >>>>>>> I can provide switch configurations if need-be. >>>>>>> >>>>>>> *Nicholas P. Pier* >>>>>>> Network Architect >>>>>>> CCNP R&S, PCNSE, VCIX6-DCV, VCIX6-NV, RHCE, CEHv10 >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> [email protected] >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>>
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
