Hi Brandt, It sounds like your Meraki device isn't getting a message from Packetfence to switch the user's VLAN after authentication. This usually done through a radius CoA or disconnect message. Did you catch this caveat on the network configuration guide? It looks like you need to specify port 1700 for Disconnect and your deauth type should be set to "Radius": "The 'Disconnect port' field must be set to '1700'."
Also, you can tail this log to see what happens when the user enters that password of the day: /usr/local/pf/logs/packetfence.log I hope this helps! *Nicholas P. Pier* Network Architect CCNP R&S, PCNSE, VCIX6-DCV, VCIX6-NV, RHCE, CEHv10 On Mon, Mar 16, 2020 at 7:58 PM Brandt Winchell via PacketFence-users < [email protected]> wrote: > Hello, > > I have a 9.3 NAC deployment. > > Isolation vlan:4080 > > PF DHCP 10.10.180.100 – 199 > > PF int IP: 10.10.180.250 > > Registration vlan:4081 > > PF DHCP 10.10.181.100 – 199 > > PF int IP: 10.10.181.250 > > Mgmt. vlan: 80 > > PF int IP: 10.10.80.250 > > Guest vlan: 255 > > Network: 10.10.255.0/24 > > > > I currently have 802.1x_wired working correctly and assigning VLANs based > on authentication. > > I also have 802.1x_wifi working in the same manner. > > > > In the switch profile: > > Cisco (Meraki) MR53 > > Role by VLAN – guest=4081, reg=4081, iso-4080 > > Role by switch – default=”Authorized devices”, guest=”COMPANY_GUEST” > > Role by Web Auth – registration=http://10.10.181.250/Meraki::MR_v2, > guest=”COMPANY_GUEST” > > > > I am having an issue getting the “Guest” environment to work correctly. > > The wifi client is getting a DHCP address from the PF on VLAN 4081. The > client then gets redirected to the captive portal. The internal source for > the connection profile is “Password of the Day” (PotD). The user logs in > with the POTD creds and then nothing. The system does not assign them the > correct VLAN. > > If I change the Role by switch – guest=255 ; then the end-user gets put > directly onto VLAN255 and no redirection occurs (essentially bypassing the > NAC). > > > > Thanks > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
