Hi Durand, I have done as directed.
Also, find below a screenshot of Radius Audit Logs [image: image.png] On Tue, 17 Nov 2020 at 04:07, Durand fabrice via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Hello Victor, > > it looks that you defined https://172.20.130.50:1443/... as the > registrationUrl. > > And in the switch config you need to enable "External Portal Enforcement". > > Also do you have the portal daemon enabled on the management interface ? ( > https://mgmt:1443/admin/alt#/configuration/interfaces) > > Can you paste a screenshot of the radius audit log (radius tab) when you > connect on the ssid ? > > Regards > > Fabrice > > > Le 20-11-16 à 17 h 56, Ezeh Victor via PacketFence-users a écrit : > > Hi > > Please can someone assist me. This project has come to a halt. > > I do not seem to be getting something right. The captive portal does not > come up after connecting to the guest SSID. > > I would really appreciate a response as soon as possible. > > Best regards > > On Mon, Nov 16, 2020, 11:23 Ezeh Victor <vickeyzed...@gmail.com> wrote: > >> Hi Ludovic/All, >> >> Kindly see the status of trying to access the captive portal; >> >> [image: image.png] >> >> On Mon, 16 Nov 2020 at 09:42, Ezeh Victor <vickeyzed...@gmail.com> wrote: >> >>> Hi Ludovic, >>> >>> Kind reminder. >>> >>> On Sun, Nov 15, 2020, 16:51 Ezeh Victor <vickeyzed...@gmail.com> wrote: >>> >>>> Hi Ludovic, >>>> >>>> Please I am still expecting your reply. >>>> >>>> On Fri, Nov 13, 2020, 19:27 Ezeh Victor <vickeyzed...@gmail.com> wrote: >>>> >>>>> Kindly find below; >>>>> >>>>> # Copyright (C) Inverse inc. >>>>> # >>>>> # >>>>> # >>>>> # See the enclosed file COPYING for license information (GPL). >>>>> # If you did not receive this file, see >>>>> # http://www.fsf.org/licensing/licenses/gpl.html >>>>> [default] >>>>> type=Cisco::WLC_2500 >>>>> VoIPDHCPDetect=N >>>>> coaPort=3799 >>>>> uplink_dynamic=0 >>>>> deauthMethod=RADIUS >>>>> always_trigger=1 >>>>> >>>>> [172.20.130.252] >>>>> description=WLC >>>>> RoleMap=Y >>>>> VlanMap=N >>>>> registrationUrl=http://172.20.130.50/Cisco::WLC >>>>> UrlMap=Y >>>>> isolationRole=Isolation >>>>> defaultRole=Authorize_Any >>>>> registrationRole=Pre-Auth-For-WebRedirect >>>>> radiusSecret=D4n-n3t0ps >>>>> inlineRole=Inline >>>>> >>>>> # Copyright (C) Inverse inc. >>>>> # >>>>> # >>>>> # >>>>> # See the enclosed file COPYING for license information (GPL). >>>>> # If you did not receive this file, see >>>>> # http://www.fsf.org/licensing/licenses/gpl.html >>>>> [192.168.0.1] >>>>> description=Test Switch >>>>> type=Cisco::Catalyst_2960 >>>>> mode=production >>>>> uplink=23,24 >>>>> VoIPLLDPDetect=N >>>>> >>>>> #SNMPVersion = 3 >>>>> #SNMPEngineID = 0000000000000 >>>>> #SNMPUserNameRead = readUser >>>>> #SNMPAuthProtocolRead = MD5 >>>>> #SNMPAuthPasswordRead = authpwdread >>>>> #SNMPPrivProtocolRead = DES >>>>> #SNMPPrivPasswordRead = privpwdread >>>>> #SNMPUserNameWrite = writeUser >>>>> #SNMPAuthProtocolWrite = MD5 >>>>> #SNMPAuthPasswordWrite = authpwdwrite >>>>> #SNMPPrivProtocolWrite = DES >>>>> #SNMPPrivPasswordWrite = privpwdwrite >>>>> #SNMPVersionTrap = 3 >>>>> #SNMPUserNameTrap = readUser >>>>> #SNMPAuthProtocolTrap = MD5 >>>>> #SNMPAuthPasswordTrap = authpwdread >>>>> #SNMPPrivProtocolTrap = DES >>>>> #SNMPPrivPasswordTrap = privpwdread >>>>> [192.168.1.0/24] >>>>> description=Test Range WLC >>>>> type=Cisco::WLC >>>>> mode=production >>>>> uplink_dynamic=0 >>>>> VoIPLLDPDetect=N >>>>> >>>>> On Fri, 13 Nov 2020 at 19:22, Ludovic Zammit <lzam...@inverse.ca> >>>>> wrote: >>>>> >>>>>> Send me your conf/switches.conf >>>>>> >>>>>> Thanks, >>>>>> >>>>>> On Nov 13, 2020, at 1:20 PM, Ezeh Victor <vickeyzed...@gmail.com> >>>>>> wrote: >>>>>> >>>>>> >>>>>> Hi Ludovic, >>>>>> >>>>>> Thank you for your timely assistance. >>>>>> >>>>>> Kindly below some of the logs observed; >>>>>> <image.png> >>>>>> >>>>>> >>>>>> <image.png> >>>>>> >>>>>> >>>>>> On Fri, 13 Nov 2020 at 18:48, Ludovic Zammit <lzam...@inverse.ca> >>>>>> wrote: >>>>>> >>>>>>> Glad you are progressing. >>>>>>> >>>>>>> In web auth, the client IP address is sent out to PF management >>>>>>> interface inside a HTTP request. >>>>>>> >>>>>>> So if you don’t see the portal, there is a good chance that IP won’t >>>>>>> populate. >>>>>>> >>>>>>> Check in the logs/httpd.portal.access you should see the request I’m >>>>>>> talking about above. >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> Ludovic zammitlzam...@inverse.ca :: +1.514.447.4918 (x145) :: >>>>>>> www.inverse.ca >>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>> PacketFence (http://packetfence.org) >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Nov 13, 2020, at 10:44 AM, Ezeh Victor <vickeyzed...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>> Hi Ludovic, >>>>>>> >>>>>>> Thank you soo much for the last mail. >>>>>>> >>>>>>> I have made some progress and the device can now connect and receive >>>>>>> IP information. The directive on FlexConnect ACL I think did the trick. >>>>>>> Also, it is seen as an online node. >>>>>>> >>>>>>> The challenge now is the captive portal does not pop up as the >>>>>>> device remains in unregistered mode and is assigned a vlan 0 as against >>>>>>> the >>>>>>> guest vlan 300 >>>>>>> <image.png> >>>>>>> >>>>>>> <image.png> >>>>>>> >>>>>>> How do I ensure that the captive portal comes up after connection? >>>>>>> >>>>>>> On Thu, 12 Nov 2020 at 14:50, Ludovic Zammit <lzam...@inverse.ca> >>>>>>> wrote: >>>>>>> >>>>>>>> Hello Victor, >>>>>>>> >>>>>>>> Here’s few steps that you can validate before moving forward. >>>>>>>> >>>>>>>> SSID config: >>>>>>>> >>>>>>>> - AAA override checked, RADIUS NAC (or ISE) enabled >>>>>>>> - Interface set to the correct guest vlan >>>>>>>> - Since you are using flex connect, make sure your vlan / ACL are >>>>>>>> created on the flex connect config >>>>>>>> >>>>>>>> PacketFence: >>>>>>>> >>>>>>>> - receive the radius request on each connection >>>>>>>> - reply the portal URL + the ACL name for the captive portal >>>>>>>> - enable the external portal on the switch >>>>>>>> - getting the portal deamon listening to the management interface >>>>>>>> >>>>>>>> Do you have an IP address when you connect? >>>>>>>> >>>>>>>> You can do advanced debuting with the SSH Cisco CLI like: >>>>>>>> >>>>>>>> debug client mac aa:bb:cc:dd:ee:ff >>>>>>>> >>>>>>>> Look at the logs, they will tell you why you client can’t connect >>>>>>>> successfully. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> Ludovic zammitlzam...@inverse.ca :: +1.514.447.4918 (x145) :: >>>>>>>> www.inverse.ca >>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>>> PacketFence (http://packetfence.org) >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Nov 12, 2020, at 3:02 AM, Ezeh Victor <vickeyzed...@gmail.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> Thanks for all your responses but I have gone through the provided >>>>>>>> links prior to making this request. >>>>>>>> >>>>>>>> A little bit of additional detail; >>>>>>>> >>>>>>>> - My SSID is Open and is a flex connect SSID to enable users to >>>>>>>> pick IP addresses from local DHCP servers >>>>>>>> - I have my access-lists in place >>>>>>>> - I have configured the controller on packet fence following >>>>>>>> the documentation >>>>>>>> - I have enabled the captive portal on the management interface >>>>>>>> - I have enabled self preregistration >>>>>>>> >>>>>>>> My challenges however are; >>>>>>>> >>>>>>>> - I cannot connect to the SSID. I keep getting an >>>>>>>> authentication error. >>>>>>>> - The captive portal does not show up >>>>>>>> - I cannot see the controller node online as it is recorded as >>>>>>>> offline on packetfence >>>>>>>> >>>>>>>> >>>>>>>> I would appreciate a clear step on what to do based off of >>>>>>>> successful implementations already done. >>>>>>>> >>>>>>>> The documentation has helped but I have not been successful. >>>>>>>> >>>>>>>> On Wed, 11 Nov 2020 at 20:14, Ludovic Zammit <lzam...@inverse.ca> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> >>>>>>>>> https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_cisco_2 >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> >>>>>>>>> Ludovic zammitlzam...@inverse.ca :: +1.514.447.4918 (x145) :: >>>>>>>>> www.inverse.ca >>>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>>>> PacketFence (http://packetfence.org) >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Nov 10, 2020, at 8:24 AM, Ezeh Victor via PacketFence-users < >>>>>>>>> packetfence-users@lists.sourceforge.net> wrote: >>>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> Please I need assistance with figuring how I can integrate >>>>>>>>> PacketFence with Cisco WLC. >>>>>>>>> >>>>>>>>> Any assistance will be appreciated. >>>>>>>>> >>>>>>>>> Regards. >>>>>>>>> _______________________________________________ >>>>>>>>> PacketFence-users mailing list >>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> > > _______________________________________________ > PacketFence-users mailing > listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
