Not a problem. No change Friday has me a little board this week. As for the restart port fewture it works. I use it all the time. Not sure what snmp version your using but I'm using v3 and haven't had an issue. It may be a mib that's not loaded.
I have some old ex's laying around somewhere. If I get some time I'll add em and see what I can figure out. What you might try is the filter engines and sending a custom answer in the radius message. Good luck! On Fri, Mar 13, 2020, 11:04 AM Nicholas Pier <[email protected]> wrote: > Hey Zacharry, > > Thanks for making time for the back and forth. > > I've used all templates (EX, EX2200, EX2200 v15, EX2300) and a mix of auth > methods with each. I've tried to be pretty thorough without luck. If > someone who's using Juniper switches chimes in and tells me a combo that's > working it would really help me to narrow my troubleshooting. > > *Nicholas P. Pier* > Network Architect > CCNP R&S, PCNSE, VCIX6-DCV, VCIX6-NV, RHCE, CEHv10 > > > On Fri, Mar 13, 2020 at 1:47 PM Zacharry Williams <[email protected]> > wrote: > >> I wonder if it's like the Aruba 2930s where it supports half of 3576 >> (COA) only. For device type are you using EX series? Or one of the others? >> You may have to change the device type and play with it a bit >> >> On Fri, Mar 13, 2020, 10:40 AM Nicholas Pier <[email protected]> wrote: >> >>> I'm seeing conflicting information there. The switch lets me configure >>> an alternate CoA port. It's clearly an option in the CLI. >>> >>> However, the official documentation doesn't list the EX4200s as >>> supporting changes to authorization. They're an end of support device. So, >>> it could just be that the documentation doesn't cover legacy devices. >>> >>> https://www.juniper.net/documentation/en_US/junos/topics/topic-map/802-1x-authentication-switching-devices.html >>> >>> Also, I never see packetfence send a deauth message in a packet capture. >>> So, I don't know if this is a compatibility issue with hardware or server >>> side configuration issue. >>> >>> My hope was to find someone in this user group who's successfully using >>> them - which profile - which deauth method - etc... >>> >>> >>> *Nicholas P. Pier* >>> Network Architect >>> CCNP R&S, PCNSE, VCIX6-DCV, VCIX6-NV, RHCE, CEHv10 >>> >>> >>> On Fri, Mar 13, 2020 at 1:27 PM Zacharry Williams <[email protected]> >>> wrote: >>> >>>> Lol whoops! I was working on a couple firewalls and totally mixed up my >>>> rfcs! 3576 is the one I meant. >>>> >>>> On Fri, Mar 13, 2020, 8:49 AM Nicholas Pier <[email protected]> wrote: >>>> >>>>> **accidentally sent too soon*** >>>>> >>>>> >>>>> https://www.juniper.net/documentation/en_US/junos/topics/reference/standards/ospf.html >>>>> Click on "Platform and Release Support" for details. >>>>> >>>>> >>>>> *Nicholas P. Pier* >>>>> Network Architect >>>>> CCNP R&S, PCNSE, VCIX6-DCV, VCIX6-NV, RHCE, CEHv10 >>>>> >>>>> >>>>> On Fri, Mar 13, 2020 at 11:48 AM Nicholas Pier <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Zachary, >>>>>> >>>>>> How does OSPF help in the scenario? Is that the right RFC? >>>>>> >>>>>> To answer your question, the OSPF VPN feature is not supported until >>>>>> later hardware (according to the following link). >>>>>> >>>>>> *Nicholas P. Pier* >>>>>> Network Architect >>>>>> CCNP R&S, PCNSE, VCIX6-DCV, VCIX6-NV, RHCE, CEHv10 >>>>>> >>>>>> >>>>>> On Fri, Mar 13, 2020 at 11:21 AM Zacharry Williams < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Do those switches support rfc 4576? >>>>>>> >>>>>>> On Thu, Mar 12, 2020, 5:42 PM Nicholas Pier via PacketFence-users < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hello, >>>>>>>> >>>>>>>> The Juniper switches are properly placing nodes on vlans based on >>>>>>>> roles if there's an up/down port event. The problem is that, I can't >>>>>>>> seem >>>>>>>> to get de-authentication devices to change their VLAN without an >>>>>>>> up/down >>>>>>>> event. We have an important workflow where a user changes role after >>>>>>>> logging into a captive portal page. But, the role won't change unless >>>>>>>> they >>>>>>>> disconnect/connect or reboot. I also did a packet capture using >>>>>>>> tcpdump on >>>>>>>> the packetefence server and never see it send a CoA/Radius message to >>>>>>>> the >>>>>>>> switch to deauth the port when a role changes. >>>>>>>> >>>>>>>> Also, packetfence's feature to restart the port doesn't seem to be >>>>>>>> working. >>>>>>>> >>>>>>>> I have an existing Packetfence environment with Cisco switches and >>>>>>>> am trying to introduce some older Juniper switches (EX4200s with 15.1 >>>>>>>> firmware). Cisco devices transition VLANs without the need to restart >>>>>>>> the >>>>>>>> port manually. >>>>>>>> >>>>>>>> Can anyone offer some guidance? >>>>>>>> >>>>>>>> Packetfence version is 9.3. >>>>>>>> packetfence-9.3.0-20200113144930.108928498.0007.el7.x86_64 >>>>>>>> CentOS 7.7 - 3.10.0-1062.12.1.el7.x86_64 >>>>>>>> I'm using the Juniper::EX2200_v15 template. >>>>>>>> Switches affected are EX4200s with JUNOS 15.1R7.9 firmware >>>>>>>> >>>>>>>> I can provide switch configurations if need-be. >>>>>>>> >>>>>>>> *Nicholas P. Pier* >>>>>>>> Network Architect >>>>>>>> CCNP R&S, PCNSE, VCIX6-DCV, VCIX6-NV, RHCE, CEHv10 >>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing list >>>>>>>> [email protected] >>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> >>>>>>>
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
