That’s what I missed, namely the connection profile for devices registration wasn’t enabled.
Thank you, Ludovic! From: Ludovic Zammit <lzam...@inverse.ca> Sent: Friday, October 30, 2020 10:24 AM To: ype...@gmail.com Cc: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] Issues with roles and VLAN assignment If you node has: status = registered and a role, PacketFence would return the VLAN for the role from the switch (inherited configuration from switch groups or not). Do an authentication and send the logs.packetfence.log. Thanks, Ludovic Zammit lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca <http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) On Oct 30, 2020, at 1:14 PM, <ype...@gmail.com <mailto:ype...@gmail.com> > <ype...@gmail.com <mailto:ype...@gmail.com> > wrote: Hi Ludovic, Thanks for looking into it. My search through packetfence.log didn’t produce any matches for the specific MAC address. Let me paraphrase my question. The group of switches (or rather Wireless AP) has a list of roles. The top is registration with VLAN 2. Then go three more, i.e. isolation, macDetection, inline and reject. Only then do I have Staff role with VLAN 10. I don’t have a way to change this order and my attempt to assign VLAN 10 to registration was reversed after I restarted PacketFence services. Essentially RADIUS assigns by default VLAN 2 which is against my logic and design. I don’t have registration and isolation interfaces/VLANs. It is pure dot1x/RADIUS authentication via management interface Eugene From: Ludovic Zammit <lzam...@inverse.ca <mailto:lzam...@inverse.ca> > Sent: Friday, October 30, 2020 4:47 AM To: packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> Cc: ype...@gmail.com <mailto:ype...@gmail.com> Subject: Re: [PacketFence-users] Issues with roles and VLAN assignment Hello Eugene, The answer is in your logs. grep MAC_ADDRESS /usr/local/pf/logs/packetfence.log Thanks, Ludovic Zammit lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca <http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/> ) and PacketFence (http://packetfence.org <http://packetfence.org/> ) On Oct 29, 2020, at 3:15 PM, ypefti--- via PacketFence-users <packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> > wrote: Folks, Can someone help me identify what I’m missing. My authentication session goes through but the endpoint that connects to WAP (Unifi) never gets an IP address. I investigated it and see that RADIUS assigns the wrong VLAN to the connection. This is what I see in the live session log Oct 29 12:04:29 packetfence auth[1201]: [mac:18:81:0e:7c:3c:ed] Accepted user: it.tech <http://it.tech/> and returned VLAN 2 But my authentication source has a rule with an action to set the Role Staff which is defined with a specific VLAN 10 VLAN 2 on the contrary is assigned to a registration role which I’m not using at the moment. My short term goal is dot1x WiFi authentication with RADIUS assigned VLAN. Eugene _______________________________________________ PacketFence-users mailing list <mailto:PacketFence-users@lists.sourceforge.net> PacketFence-users@lists.sourceforge.net <https://lists.sourceforge.net/lists/listinfo/packetfence-users> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
