Hello Victor,
it looks that you defined https://172.20.130.50:1443/... as the
registrationUrl.
And in the switch config you need to enable "External Portal Enforcement".
Also do you have the portal daemon enabled on the management interface ?
(https://mgmt:1443/admin/alt#/configuration/interfaces)
Can you paste a screenshot of the radius audit log (radius tab) when you
connect on the ssid ?
Regards
Fabrice
Le 20-11-16 à 17 h 56, Ezeh Victor via PacketFence-users a écrit :
Hi
Please can someone assist me. This project has come to a halt.
I do not seem to be getting something right. The captive portal does
not come up after connecting to the guest SSID.
I would really appreciate a response as soon as possible.
Best regards
On Mon, Nov 16, 2020, 11:23 Ezeh Victor <vickeyzed...@gmail.com
<mailto:vickeyzed...@gmail.com>> wrote:
Hi Ludovic/All,
Kindly see the status of trying to access the captive portal;
image.png
On Mon, 16 Nov 2020 at 09:42, Ezeh Victor <vickeyzed...@gmail.com
<mailto:vickeyzed...@gmail.com>> wrote:
Hi Ludovic,
Kind reminder.
On Sun, Nov 15, 2020, 16:51 Ezeh Victor
<vickeyzed...@gmail.com <mailto:vickeyzed...@gmail.com>> wrote:
Hi Ludovic,
Please I am still expecting your reply.
On Fri, Nov 13, 2020, 19:27 Ezeh Victor
<vickeyzed...@gmail.com <mailto:vickeyzed...@gmail.com>>
wrote:
Kindly find below;
# Copyright (C) Inverse inc.
#
#
#
# See the enclosed file COPYING for license
information (GPL).
# If you did not receive this file, see
# http://www.fsf.org/licensing/licenses/gpl.html
[default]
type=Cisco::WLC_2500
VoIPDHCPDetect=N
coaPort=3799
uplink_dynamic=0
deauthMethod=RADIUS
always_trigger=1
[172.20.130.252]
description=WLC
RoleMap=Y
VlanMap=N
registrationUrl=http://172.20.130.50/Cisco::WLC
UrlMap=Y
isolationRole=Isolation
defaultRole=Authorize_Any
registrationRole=Pre-Auth-For-WebRedirect
radiusSecret=D4n-n3t0ps
inlineRole=Inline
# Copyright (C) Inverse inc.
#
#
#
# See the enclosed file COPYING for license
information (GPL).
# If you did not receive this file, see
# http://www.fsf.org/licensing/licenses/gpl.html
[192.168.0.1]
description=Test Switch
type=Cisco::Catalyst_2960
mode=production
uplink=23,24
VoIPLLDPDetect=N
#SNMPVersion = 3
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
#SNMPVersionTrap = 3
#SNMPUserNameTrap = readUser
#SNMPAuthProtocolTrap = MD5
#SNMPAuthPasswordTrap = authpwdread
#SNMPPrivProtocolTrap = DES
#SNMPPrivPasswordTrap = privpwdread
[192.168.1.0/24 <http://192.168.1.0/24>]
description=Test Range WLC
type=Cisco::WLC
mode=production
uplink_dynamic=0
VoIPLLDPDetect=N
On Fri, 13 Nov 2020 at 19:22, Ludovic Zammit
<lzam...@inverse.ca <mailto:lzam...@inverse.ca>> wrote:
Send me your conf/switches.conf
Thanks,
On Nov 13, 2020, at 1:20 PM, Ezeh Victor
<vickeyzed...@gmail.com
<mailto:vickeyzed...@gmail.com>> wrote:
Hi Ludovic,
Thank you for your timely assistance.
Kindly below some of the logs observed;
<image.png>
<image.png>
On Fri, 13 Nov 2020 at 18:48, Ludovic Zammit
<lzam...@inverse.ca <mailto:lzam...@inverse.ca>>
wrote:
Glad you are progressing.
In web auth, the client IP address is sent
out to PF management interface inside a HTTP
request.
So if you don’t see the portal, there is a
good chance that IP won’t populate.
Check in the logs/httpd.portal.access you
should see the request I’m talking about above.
Thanks,
Ludovic Zammit
lzam...@inverse.ca <mailto:lzam...@inverse.ca> ::
+1.514.447.4918 (x145) ::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo
(http://www.sogo.nu) and PacketFence (http://packetfence.org)
On Nov 13, 2020, at 10:44 AM, Ezeh Victor
<vickeyzed...@gmail.com
<mailto:vickeyzed...@gmail.com>> wrote:
Hi Ludovic,
Thank you soo much for the last mail.
I have made some progress and the device can
now connect and receive IP information. The
directive on FlexConnect ACL I think did the
trick. Also, it is seen as an online node.
The challenge now is the captive portal does
not pop up as the device remains in
unregistered mode and is assigned a vlan 0
as against the guest vlan 300
<image.png>
<image.png>
How do I ensure that the captive portal
comes up after connection?
On Thu, 12 Nov 2020 at 14:50, Ludovic Zammit
<lzam...@inverse.ca
<mailto:lzam...@inverse.ca>> wrote:
Hello Victor,
Here’s few steps that you can validate
before moving forward.
SSID config:
- AAA override checked, RADIUS NAC (or
ISE) enabled
- Interface set to the correct guest vlan
- Since you are using flex connect, make
sure your vlan / ACL are created on the
flex connect config
PacketFence:
- receive the radius request on each
connection
- reply the portal URL + the ACL name
for the captive portal
- enable the external portal on the switch
- getting the portal deamon listening to
the management interface
Do you have an IP address when you connect?
You can do advanced debuting with the
SSH Cisco CLI like:
debug client mac aa:bb:cc:dd:ee:ff
Look at the logs, they will tell you why
you client can’t connect successfully.
Thanks,
Ludovic Zammit
lzam...@inverse.ca <mailto:lzam...@inverse.ca> ::
+1.514.447.4918 (x145) ::www.inverse.ca <http://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu
<http://www.sogo.nu/>) and PacketFence (http://packetfence.org
<http://packetfence.org/>)
On Nov 12, 2020, at 3:02 AM, Ezeh
Victor <vickeyzed...@gmail.com
<mailto:vickeyzed...@gmail.com>> wrote:
Hi,
Thanks for all your responses but I
have gone through the provided links
prior to making this request.
A little bit of additional detail;
* My SSID is Open and is a flex
connect SSID to enable users to
pick IP addresses from local DHCP
servers
* I have my access-lists in place
* I have configured the controller on
packet fence following the
documentation
* I have enabled the captive portal
on the management interface
* I have enabled self preregistration
My challenges however are;
* I cannot connect to the SSID. I
keep getting an authentication error.
* The captive portal does not show up
* I cannot see the controller node
online as it is recorded as offline
on packetfence
I would appreciate a clear step on what
to do based off of successful
implementations already done.
The documentation has helped but I have
not been successful.
On Wed, 11 Nov 2020 at 20:14, Ludovic
Zammit <lzam...@inverse.ca
<mailto:lzam...@inverse.ca>> wrote:
Hello,
https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_cisco_2
Thanks,
Ludovic Zammit
lzam...@inverse.ca <mailto:lzam...@inverse.ca> ::
+1.514.447.4918 (x145) ::www.inverse.ca <http://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu
<http://www.sogo.nu/>) and PacketFence (http://packetfence.org
<http://packetfence.org/>)
On Nov 10, 2020, at 8:24 AM, Ezeh
Victor via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>>
wrote:
Hi,
Please I need assistance with
figuring how I can integrate
PacketFence with Cisco WLC.
Any assistance will be appreciated.
Regards.
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
