I did. I set the switch type to the new template and rebooted both PF and the switch to be sure… After reboot PF showed the type as the new template. It was after the reboot that I took the screenshots. Just changing the switch back to the default Extreme template and the VLAN is populated – when using the ‘private-id’ attribute.
Thanks, Bill From: Ludovic Zammit <lzam...@inverse.ca> Sent: Tuesday, May 12, 2020 8:12 AM To: Bill Handler <bhand...@pcsknox.com> Cc: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] Role mapped to Tagged VLANs Hello Bill, Out of curiosity, did you select and apply that template that you created to your switch ? Thanks, Ludovic Zammit lzam...@inverse.ca<mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca<http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) On May 11, 2020, at 4:24 PM, Bill Handler <bhand...@pcsknox.com<mailto:bhand...@pcsknox.com>> wrote: Ludovic, Made a custom template, but it does not seem to be passing the RADIUS Attribute… This is the Template I’ve created: <image005.jpg> The Extreme-Netlogin-Extended-Vlan attribute does not seem to be being passed to the switch… within the Auditing window for the end-system I see: <image006.png> For the canned Extreme Template RADIUS shows: <image007.png> I changed the VLAN within the config to ‘Data’ to ensure it was being read… The radiusd.log shows: [root@pf428 logs]# cat -t 50 radius.log | grep VLAN cat: 50: No such file or directory May 11 04:40:29 pf428 auth[3321]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN 200 May 11 05:40:28 pf428 auth[3321]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN 200 May 11 06:40:27 pf428 auth[3321]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN 200 May 11 06:46:27 pf428 auth[3321]: [mac:a0:d3:c1:12:b6:a2] Accepted user: host/TRAINING-SD03.pcsknox.com<http://training-sd03.pcsknox.com/> and returned VLAN 200 May 11 07:40:26 pf428 auth[3321]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN 200 May 11 08:40:25 pf428 auth[3321]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN 200 May 11 09:40:24 pf428 auth[3321]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN 200 May 11 10:40:23 pf428 auth[3321]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN 200 May 11 11:40:22 pf428 auth[3321]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN 200 May 11 12:40:21 pf428 auth[3321]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN 200 May 11 13:40:19 pf428 auth[3321]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN 200 May 11 14:40:18 pf428 auth[3321]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN 200 May 11 15:40:17 pf428 auth[3321]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN 200 May 11 15:47:26 pf428 auth[3321]: [mac:78:45:c4:1d:7b:e9] Accepted user: and returned VLAN May 11 15:47:27 pf428 auth[3321]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN May 11 15:48:27 pf428 auth[3321]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN May 11 15:53:24 pf428 auth[3357]: [mac:78:45:c4:1d:7b:e9] Accepted user: and returned VLAN May 11 15:53:26 pf428 auth[3357]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN May 11 15:54:27 pf428 auth[3357]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN May 11 16:01:04 pf428 auth[3357]: [mac:78:45:c4:1d:7b:e9] Accepted user: and returned VLAN May 11 16:01:04 pf428 auth[3357]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN May 11 16:02:05 pf428 auth[3357]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN May 11 16:03:05 pf428 auth[3357]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN May 11 16:07:52 pf428 auth[3357]: [mac:78:45:c4:1d:7b:e9] Accepted user: and returned VLAN May 11 16:07:52 pf428 auth[3357]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN May 11 16:08:52 pf428 auth[3357]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN May 11 16:09:37 pf428 auth[3357]: [mac:78:45:c4:1d:7b:e9] Accepted user: and returned VLAN Data May 11 16:09:38 pf428 auth[3357]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN Data May 11 16:10:38 pf428 auth[3357]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN Data May 11 16:16:33 pf428 auth[3357]: [mac:78:45:c4:1d:7b:e9] Accepted user: and returned VLAN Data May 11 16:16:33 pf428 auth[3357]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN Data May 11 16:17:33 pf428 auth[3357]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN Data May 11 16:18:34 pf428 auth[3357]: [mac:78:45:c4:1d:7b:e9] Accepted user: host/pf-test.pcsknox.com<http://pf-test.pcsknox.com/>and returned VLAN Data The end-system is being authenticated, but when using the Extreme Attribute, it is not returning anything from RADIUS, and leaves the VLAN blank in the log… Any help is appreciated Thanks, Bill From: Ludovic Zammit <lzam...@inverse.ca<mailto:lzam...@inverse.ca>> Sent: Thursday, May 7, 2020 8:34 AM To: Bill Handler <bhand...@pcsknox.com<mailto:bhand...@pcsknox.com>> Cc: packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net> Subject: Re: [PacketFence-users] Role mapped to Tagged VLANs Hello Bill, If you are using PacketFence v10 we have implemented switch templates. It’s under Configuration > Integration > Switch Templates You can check out how the Cisco::Switch is done with the voice scope: <image003.png> Or the HP::Switch : <image004.png> If you don’t have PacketFence v10, you would need to create you own switch module in perl. Thanks, Ludovic Zammit lzam...@inverse.ca<mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca<http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu<http://www.sogo.nu/>) and PacketFence (http://packetfence.org<http://packetfence.org/>) On May 7, 2020, at 5:31 AM, Bill Handler <bhand...@pcsknox.com<mailto:bhand...@pcsknox.com>> wrote: Understood, what I was meaning is how do we add the VSAs to PacketFence to enhance/expand the functionality? Or set custom attributes for the certain vendors’ equipment? Thanks, Bill Sent from my iPad On May 6, 2020, at 9:33 PM, Ludovic Zammit <lzam...@inverse.ca<mailto:lzam...@inverse.ca>> wrote: Each vendor have specific ones. It’s the way they support voice, check their radius attributes documentation. Thanks, On May 6, 2020, at 7:51 PM, Bill Handler <bhand...@pcsknox.com<mailto:bhand...@pcsknox.com>> wrote: Ludovic, How do we add vendor-specific VSAs? Thanks, Bill Sent from my iPad On May 6, 2020, at 8:09 AM, Ludovic Zammit <lzam...@inverse.ca<mailto:lzam...@inverse.ca>> wrote: Hello Bill, You would have to rely on the Radius VOIP capabilities of those network equipment. PacketFence supports VOIP on HP/ Aruba switches. On the Aruba AP you would have to process the VOIP as a normal VLAN. You can try to check the VOIP flag under a mac address and connect it on a HP/ Aruba switch. You would need to have your voice VLAN marked as a voice clan under your switch. As per Extreme switch, we don’t support voice VSA. Thanks, Ludovic Zammit lzam...@inverse.ca<mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca<http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu<http://www.sogo.nu/>) and PacketFence (http://packetfence.org<http://packetfence.org/>) On May 6, 2020, at 8:00 AM, Bill Handler <bhand...@pcsknox.com<mailto:bhand...@pcsknox.com>> wrote: Extreme Networks and HP/Aruba switches/APs with a variety of VoIP phones - yealink Avaya polycom etc Sent from my iPhone On May 6, 2020, at 6:53 AM, Ludovic Zammit <lzam...@inverse.ca<mailto:lzam...@inverse.ca>> wrote: Hello Bill, Which kind of equipment are you using ? Thanks, Ludovic Zammit lzam...@inverse.ca<mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca<http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu<http://www.sogo.nu/>) and PacketFence (http://packetfence.org<http://packetfence.org/>) On May 5, 2020, at 6:02 PM, Bill Handler via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> wrote: Team, Is there a way to push a tagged VLAN to the switch when a device authenticates? For example a VoIP phone, or AP. We’ve tested with a phone with a PC on the passthrough port. The PC authenticates fine on the correct VLAN, but we don’t know how to configure PF to send the phone VLAN as tagged to the switch. Thanks, Bill _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
