Hi Ludovic/All, Kindly see the status of trying to access the captive portal;
[image: image.png] On Mon, 16 Nov 2020 at 09:42, Ezeh Victor <vickeyzed...@gmail.com> wrote: > Hi Ludovic, > > Kind reminder. > > On Sun, Nov 15, 2020, 16:51 Ezeh Victor <vickeyzed...@gmail.com> wrote: > >> Hi Ludovic, >> >> Please I am still expecting your reply. >> >> On Fri, Nov 13, 2020, 19:27 Ezeh Victor <vickeyzed...@gmail.com> wrote: >> >>> Kindly find below; >>> >>> # Copyright (C) Inverse inc. >>> # >>> # >>> # >>> # See the enclosed file COPYING for license information (GPL). >>> # If you did not receive this file, see >>> # http://www.fsf.org/licensing/licenses/gpl.html >>> [default] >>> type=Cisco::WLC_2500 >>> VoIPDHCPDetect=N >>> coaPort=3799 >>> uplink_dynamic=0 >>> deauthMethod=RADIUS >>> always_trigger=1 >>> >>> [172.20.130.252] >>> description=WLC >>> RoleMap=Y >>> VlanMap=N >>> registrationUrl=http://172.20.130.50/Cisco::WLC >>> UrlMap=Y >>> isolationRole=Isolation >>> defaultRole=Authorize_Any >>> registrationRole=Pre-Auth-For-WebRedirect >>> radiusSecret=D4n-n3t0ps >>> inlineRole=Inline >>> >>> # Copyright (C) Inverse inc. >>> # >>> # >>> # >>> # See the enclosed file COPYING for license information (GPL). >>> # If you did not receive this file, see >>> # http://www.fsf.org/licensing/licenses/gpl.html >>> [192.168.0.1] >>> description=Test Switch >>> type=Cisco::Catalyst_2960 >>> mode=production >>> uplink=23,24 >>> VoIPLLDPDetect=N >>> >>> #SNMPVersion = 3 >>> #SNMPEngineID = 0000000000000 >>> #SNMPUserNameRead = readUser >>> #SNMPAuthProtocolRead = MD5 >>> #SNMPAuthPasswordRead = authpwdread >>> #SNMPPrivProtocolRead = DES >>> #SNMPPrivPasswordRead = privpwdread >>> #SNMPUserNameWrite = writeUser >>> #SNMPAuthProtocolWrite = MD5 >>> #SNMPAuthPasswordWrite = authpwdwrite >>> #SNMPPrivProtocolWrite = DES >>> #SNMPPrivPasswordWrite = privpwdwrite >>> #SNMPVersionTrap = 3 >>> #SNMPUserNameTrap = readUser >>> #SNMPAuthProtocolTrap = MD5 >>> #SNMPAuthPasswordTrap = authpwdread >>> #SNMPPrivProtocolTrap = DES >>> #SNMPPrivPasswordTrap = privpwdread >>> [192.168.1.0/24] >>> description=Test Range WLC >>> type=Cisco::WLC >>> mode=production >>> uplink_dynamic=0 >>> VoIPLLDPDetect=N >>> >>> On Fri, 13 Nov 2020 at 19:22, Ludovic Zammit <lzam...@inverse.ca> wrote: >>> >>>> Send me your conf/switches.conf >>>> >>>> Thanks, >>>> >>>> On Nov 13, 2020, at 1:20 PM, Ezeh Victor <vickeyzed...@gmail.com> >>>> wrote: >>>> >>>> >>>> Hi Ludovic, >>>> >>>> Thank you for your timely assistance. >>>> >>>> Kindly below some of the logs observed; >>>> <image.png> >>>> >>>> >>>> <image.png> >>>> >>>> >>>> On Fri, 13 Nov 2020 at 18:48, Ludovic Zammit <lzam...@inverse.ca> >>>> wrote: >>>> >>>>> Glad you are progressing. >>>>> >>>>> In web auth, the client IP address is sent out to PF management >>>>> interface inside a HTTP request. >>>>> >>>>> So if you don’t see the portal, there is a good chance that IP won’t >>>>> populate. >>>>> >>>>> Check in the logs/httpd.portal.access you should see the request I’m >>>>> talking about above. >>>>> >>>>> Thanks, >>>>> >>>>> >>>>> Ludovic zammitlzam...@inverse.ca :: +1.514.447.4918 (x145) :: >>>>> www.inverse.ca >>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>> (http://packetfence.org) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Nov 13, 2020, at 10:44 AM, Ezeh Victor <vickeyzed...@gmail.com> >>>>> wrote: >>>>> >>>>> Hi Ludovic, >>>>> >>>>> Thank you soo much for the last mail. >>>>> >>>>> I have made some progress and the device can now connect and receive >>>>> IP information. The directive on FlexConnect ACL I think did the trick. >>>>> Also, it is seen as an online node. >>>>> >>>>> The challenge now is the captive portal does not pop up as the device >>>>> remains in unregistered mode and is assigned a vlan 0 as against the guest >>>>> vlan 300 >>>>> <image.png> >>>>> >>>>> <image.png> >>>>> >>>>> How do I ensure that the captive portal comes up after connection? >>>>> >>>>> On Thu, 12 Nov 2020 at 14:50, Ludovic Zammit <lzam...@inverse.ca> >>>>> wrote: >>>>> >>>>>> Hello Victor, >>>>>> >>>>>> Here’s few steps that you can validate before moving forward. >>>>>> >>>>>> SSID config: >>>>>> >>>>>> - AAA override checked, RADIUS NAC (or ISE) enabled >>>>>> - Interface set to the correct guest vlan >>>>>> - Since you are using flex connect, make sure your vlan / ACL are >>>>>> created on the flex connect config >>>>>> >>>>>> PacketFence: >>>>>> >>>>>> - receive the radius request on each connection >>>>>> - reply the portal URL + the ACL name for the captive portal >>>>>> - enable the external portal on the switch >>>>>> - getting the portal deamon listening to the management interface >>>>>> >>>>>> Do you have an IP address when you connect? >>>>>> >>>>>> You can do advanced debuting with the SSH Cisco CLI like: >>>>>> >>>>>> debug client mac aa:bb:cc:dd:ee:ff >>>>>> >>>>>> Look at the logs, they will tell you why you client can’t connect >>>>>> successfully. >>>>>> >>>>>> Thanks, >>>>>> >>>>>> >>>>>> Ludovic zammitlzam...@inverse.ca :: +1.514.447.4918 (x145) :: >>>>>> www.inverse.ca >>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>>> (http://packetfence.org) >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Nov 12, 2020, at 3:02 AM, Ezeh Victor <vickeyzed...@gmail.com> >>>>>> wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> Thanks for all your responses but I have gone through the provided >>>>>> links prior to making this request. >>>>>> >>>>>> A little bit of additional detail; >>>>>> >>>>>> - My SSID is Open and is a flex connect SSID to enable users to >>>>>> pick IP addresses from local DHCP servers >>>>>> - I have my access-lists in place >>>>>> - I have configured the controller on packet fence following the >>>>>> documentation >>>>>> - I have enabled the captive portal on the management interface >>>>>> - I have enabled self preregistration >>>>>> >>>>>> My challenges however are; >>>>>> >>>>>> - I cannot connect to the SSID. I keep getting an authentication >>>>>> error. >>>>>> - The captive portal does not show up >>>>>> - I cannot see the controller node online as it is recorded as >>>>>> offline on packetfence >>>>>> >>>>>> >>>>>> I would appreciate a clear step on what to do based off of successful >>>>>> implementations already done. >>>>>> >>>>>> The documentation has helped but I have not been successful. >>>>>> >>>>>> On Wed, 11 Nov 2020 at 20:14, Ludovic Zammit <lzam...@inverse.ca> >>>>>> wrote: >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> >>>>>>> https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_cisco_2 >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> >>>>>>> Ludovic zammitlzam...@inverse.ca :: +1.514.447.4918 (x145) :: >>>>>>> www.inverse.ca >>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>> PacketFence (http://packetfence.org) >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Nov 10, 2020, at 8:24 AM, Ezeh Victor via PacketFence-users < >>>>>>> packetfence-users@lists.sourceforge.net> wrote: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> Please I need assistance with figuring how I can integrate >>>>>>> PacketFence with Cisco WLC. >>>>>>> >>>>>>> Any assistance will be appreciated. >>>>>>> >>>>>>> Regards. >>>>>>> _______________________________________________ >>>>>>> PacketFence-users mailing list >>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
