What happen if you start a capture on the packetfence server like this: tcpdump -I eth0 port 443 or port 80 -w webauth.pcap
On the client you do: http://172.20.130.5/captive-portal <http://172.20.130.5/captive-portal> Show/send me the capture Thanks, Ludovic Zammit lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca <http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Dec 1, 2020, at 2:38 PM, Ezeh Victor <vickeyzed...@gmail.com> wrote: > > I can reach it if I ping sourcing from the guest network gateway on the > router. But when I ping from a host, I cannot reach it. > > On Tue, Dec 1, 2020, 20:22 Ludovic Zammit <lzam...@inverse.ca > <mailto:lzam...@inverse.ca>> wrote: > Can you reach the captive portal on the management interface of PF from you > guest network ? > > Thanks, > > Ludovic Zammit > lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: > www.inverse.ca <http://www.inverse.ca/> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu > <http://www.sogo.nu/>) and PacketFence (http://packetfence.org > <http://packetfence.org/>) > > > > >> On Dec 1, 2020, at 1:10 PM, Ezeh Victor <vickeyzed...@gmail.com >> <mailto:vickeyzed...@gmail.com>> wrote: >> >> Hi Ludovic, >> >> I removed the access list from the VLAN. >> >> On Tue, Dec 1, 2020, 19:08 Ludovic Zammit <lzam...@inverse.ca >> <mailto:lzam...@inverse.ca>> wrote: >> >> >> Did you remove that? If not, remove it. >> >> Thanks, >> >> Ludovic Zammit >> lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: >> www.inverse.ca <http://www.inverse.ca/> >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >> <http://packetfence.org/>) >> >> >> >> >>> On Dec 1, 2020, at 12:35 PM, Ezeh Victor <vickeyzed...@gmail.com >>> <mailto:vickeyzed...@gmail.com>> wrote: >>> >>> Hi Ludovic, >>> >>> Kindly find attached the logs. >>> >>> On Tue, 1 Dec 2020 at 17:24, Ludovic Zammit <lzam...@inverse.ca >>> <mailto:lzam...@inverse.ca>> wrote: >>> In that case, on that version the ACL just need to be there on the >>> controller as you did create it. >>> >>> The ACL is assigned dynamically to your device and not the SSID. >>> >>> Try to debug with that command using SSH on the controller: >>> >>> (Cisco Controller) >debug client ? >>> >>> <MAC addr1> Enter MAC address >>> >>> Command: debug client aa:bb:cc:dd:ee:ff >>> >>> Send me the output please. >>> >>> Thanks, >>> >>> Ludovic Zammit >>> lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) >>> :: www.inverse.ca <http://www.inverse.ca/> >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >>> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >>> <http://packetfence.org/>) >>> >>> >>> >>> >>>> On Dec 1, 2020, at 10:15 AM, Ezeh Victor <vickeyzed...@gmail.com >>>> <mailto:vickeyzed...@gmail.com>> wrote: >>>> >>>> Also, when I tried applying it to the WLAN in the Flexconnect group below >>>> is the error I received >>>> >>>> <image.png> >>>> >>>> On Tue, 1 Dec 2020 at 15:44, Ezeh Victor <vickeyzed...@gmail.com >>>> <mailto:vickeyzed...@gmail.com>> wrote: >>>> Hi Ludovic, >>>> >>>> Thanks for the response and the correction. >>>> >>>> Kindly note that the WLAN is in flex connect mode and from initial >>>> correspondence, I created a flex connect ACL. >>>> >>>> I cannot assign a flex connect ACL to a WLAN directly. >>>> >>>> However, I created an ACL on the controller and applied it to the WLAN >>>> directly as seen below; >>>> >>>> <image.png> >>>> >>>> >>>> <image.png> >>>> >>>> This did not also work and I am not getting automatic re-direction as I >>>> previously got. >>>> <image.png> >>>> >>>> <image.png> >>>> >>>> On Tue, 1 Dec 2020 at 14:17, Ludovic Zammit <lzam...@inverse.ca >>>> <mailto:lzam...@inverse.ca>> wrote: >>>> Hello Victor, >>>> >>>> Your Web auth reg ACL is not good, the TCP should match the PF management >>>> IP address. >>>> >>>> When you add the ACL on the flexconnect, you need to add them under the >>>> WLAN and not the VLAN itself. >>>> >>>> Thanks, >>>> >>>> Ludovic Zammit >>>> lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) >>>> :: www.inverse.ca <http://www.inverse.ca/> >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >>>> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >>>> <http://packetfence.org/>) >>>> >>>> >>>> >>>> >>>>> On Dec 1, 2020, at 3:36 AM, Ezeh Victor <vickeyzed...@gmail.com >>>>> <mailto:vickeyzed...@gmail.com>> wrote: >>>>> >>>>> Hi Ludovic, >>>>> >>>>> Kindly find the response below; >>>>> >>>>> >>>>> - Do you have the portal listening on 172.20.130.50? >>>>> <image.png> >>>>> >>>>> >>>>> >>>>> >>>>> - Could you show me the radius reply regarding that wireless connection? >>>>> <image.png> >>>>> >>>>> >>>>> >>>>> - Do you have the External portal checked on your switch module? >>>>> <image.png> >>>>> >>>>> >>>>> >>>>> >>>>> - Do you have access to the portal from your guest network? >>>>> >>>>> A user connected to the Guest SSID - I do not understand why this is >>>>> happening because the gateway can reach the PacketFence management IP >>>>> <image.png> >>>>> >>>>> Core device reachability to PacketFence from GUEST SSID Gateway >>>>> <image.png> >>>>> >>>>> PacketFence reachability to GUEST Gateway >>>>> <image.png> >>>>> >>>>> PacketFence reachability to a client connected to the GUEST SSID - This >>>>> is also surprising since the server can reach the Guest gateway >>>>> <image.png> >>>>> >>>>> The route to the GUEST network from PacketFence >>>>> <image.png> >>>>> >>>>> >>>>> >>>>> >>>>> - Does your ACL Pre-Auth-For-WebRedirect is correctly configured on the >>>>> controller? >>>>> <image.png> >>>>> >>>>> Tried the following combinations below; >>>>> <image.png> >>>>> >>>>> <image.png> >>>>> >>>>> <image.png> >>>>> >>>>> But it keeps showing a blank page with via this link: >>>>> http://172.20.130.50/Cisco::WLC/sid774610 >>>>> <http://172.20.130.50/Cisco::WLC/sid774610>? >>>>> >>>>> On Mon, 30 Nov 2020 at 20:32, Ludovic Zammit <lzam...@inverse.ca >>>>> <mailto:lzam...@inverse.ca>> wrote: >>>>> Alright, few things to checkout: >>>>> >>>>> - Do you have the portal listening on 172.20.130.50? >>>>> - Could you show me the radius reply regarding that wireless connection ? >>>>> - Do you have the External portal checked on your switch module? >>>>> - Do you have access to the portal from your guest network ? >>>>> - Does your ACL Pre-Auth-For-WebRedirect is correctly configured on the >>>>> controller? >>>>> >>>>> Thanks, >>>>> >>>>> Ludovic Zammit >>>>> lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) >>>>> :: www.inverse.ca <http://www.inverse.ca/> >>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >>>>> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >>>>> <http://packetfence.org/>) >>>>> >>>>> >>>>> >>>>> >>>>>> On Nov 30, 2020, at 9:00 AM, Ezeh Victor <vickeyzed...@gmail.com >>>>>> <mailto:vickeyzed...@gmail.com>> wrote: >>>>>> >>>>>> Hi Ludovic, >>>>>> >>>>>> Thank you for your email. >>>>>> >>>>>> Kindly find below issue experienced. >>>>>> >>>>>> When I connect to the SSID Guest-Test, the processes below are what >>>>>> takes place; >>>>>> The computer opens a browser and tries to visit >>>>>> http://www.msftconnecttest.com/redirect >>>>>> <http://www.msftconnecttest.com/redirect> then >>>>>> http://172.20.130.50/Cisco::WLC/sidff17da >>>>>> <http://172.20.130.50/Cisco::WLC/sidff17da>? >>>>>> It then ends http://172.20.130.50/access?lang= >>>>>> <http://172.20.130.50/access?lang=> with no display. >>>>>> When I now try to change the SSID back to the normal staff SSID, it then >>>>>> continues to >>>>>> http://172.20.130.50/captive-portal?destination_url=http://172.20.130.50/Cisco::WLC/sidff17da?&; >>>>>> >>>>>> <http://172.20.130.50/captive-portal?destination_url=http://172.20.130.50/Cisco::WLC/sidff17da?&;> >>>>>> and displays the captive portal which obviously returns with an error >>>>>> that no network access is detected. >>>>>> Kindly advise, what am I missing? >>>>>> >>>>>> >>>>>> On Thu, 26 Nov 2020 at 15:59, Ezeh Victor <vickeyzed...@gmail.com >>>>>> <mailto:vickeyzed...@gmail.com>> wrote: >>>>>> Hi Durand, >>>>>> >>>>>> I also made some observations today; >>>>>> >>>>>> When I connect to the SSID Guest-Test, the processes below are what >>>>>> takes place; >>>>>> The computer opens a browser and tries to visit >>>>>> http://www.msftconnecttest.com/redirect >>>>>> <http://www.msftconnecttest.com/redirect> then >>>>>> http://172.20.130.50/Cisco::WLC/sidff17da >>>>>> <http://172.20.130.50/Cisco::WLC/sidff17da>? >>>>>> It then ends http://172.20.130.50/access?lang= >>>>>> <http://172.20.130.50/access?lang=> with no display. >>>>>> >>>>>> When I now try to change the SSID back to the normal staff SSID, it then >>>>>> continues to >>>>>> http://172.20.130.50/captive-portal?destination_url=http://172.20.130.50/Cisco::WLC/sidff17da?&; >>>>>> >>>>>> <http://172.20.130.50/captive-portal?destination_url=http://172.20.130.50/Cisco::WLC/sidff17da?&;> >>>>>> and displays the captive portal which obviously returns with an error >>>>>> that no network access is detected. >>>>>> >>>>>> Kindly advise, what am I missing? >>>>>> >>>>>> >>>>>> On Thu, 26 Nov 2020 at 09:26, Ezeh Victor <vickeyzed...@gmail.com >>>>>> <mailto:vickeyzed...@gmail.com>> wrote: >>>>>> Dear Durand, >>>>>> >>>>>> Kindly find below; >>>>>> >>>>>> Access-list changed >>>>>> <image.png> >>>>>> >>>>>> Pings to Packet fence from a wire device >>>>>> <image.png> >>>>>> >>>>>> <image.png> >>>>>> >>>>>> Pings from Packet Fence and route table >>>>>> >>>>>> <image.png> >>>>>> >>>>>> After connecting to the Guest SSID, I got a re-direction but the captive >>>>>> portal did not show up; >>>>>> >>>>>> <image.png> >>>>>> >>>>>> It seems I have an issue with the captive portal. >>>>>> >>>>>> Kindly assist. >>>>>> >>>>>> On Thu, 26 Nov 2020 at 02:33, Durand fabrice <fdur...@inverse.ca >>>>>> <mailto:fdur...@inverse.ca>> wrote: >>>>>> If i understand correctly, your vlan 300 is the guest vlan where the >>>>>> user device is, right ? >>>>>> >>>>>> And if i understand correctly the ACL, you permit the source >>>>>> 172.20.130.50 to reach 172.26.80.0/25 <http://172.26.80.0/25> but it >>>>>> should be the inverse ! (your ACL is in IN direction) >>>>>> >>>>>> So put a wire device in the vlan 300 and try to ping 172.20.130.50 , if >>>>>> it doesn't work then remove your acl and retry. >>>>>> >>>>>> Also from the packetfence server are you able to ping 172.26.80.1 ? >>>>>> >>>>>> What is the result of : ip route get 172.26.80.1 >>>>>> >>>>>> is it returning the source interface where the portal is ? >>>>>> >>>>>> Regards >>>>>> >>>>>> Fabrice >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Le 20-11-25 à 05 h 31, Ezeh Victor a écrit : >>>>>>> Hi Durand, >>>>>>> >>>>>>> Kindly find below screenshots; >>>>>>> >>>>>>> <image.png> >>>>>>> <image.png> >>>>>>> <image.png> >>>>>>> <image.png> >>>>>>> <image.png> >>>>>>> <image.png> >>>>>>> >>>>>>> <image.png> >>>>>>> <image.png> >>>>>>> >>>>>>> >>>>>>> On Wed, 25 Nov 2020 at 03:01, Durand fabrice <fdur...@inverse.ca >>>>>>> <mailto:fdur...@inverse.ca>> wrote: >>>>>>> First you need to try with a acl with permit any any and try to go on >>>>>>> the portal url. >>>>>>> >>>>>>> If it doesn't show the portal then it mean that there is a network >>>>>>> issue between the vlan where the device is and the ip of the captive >>>>>>> portal. >>>>>>> >>>>>>> What you can try also is to put a wired device in this guest vlan and >>>>>>> try to go on https://172.20.130.50/captive-portal >>>>>>> <https://172.20.130.50/captive-portal> >>>>>>> Regards >>>>>>> >>>>>>> Fabrice >>>>>>> >>>>>>> >>>>>>> >>>>>>> Le 20-11-24 à 05 h 57, Ezeh Victor a écrit : >>>>>>>> Hi Durand, >>>>>>>> >>>>>>>> This is the result of trying to access the captive portal; >>>>>>>> >>>>>>>> <image.png> >>>>>>>> >>>>>>>> Is that the right URL? >>>>>>>> >>>>>>>> I would appreciate your response. >>>>>>>> >>>>>>>> Best Regards >>>>>>>> >>>>>>>> On Tue, 24 Nov 2020 at 10:01, Ezeh Victor <vickeyzed...@gmail.com >>>>>>>> <mailto:vickeyzed...@gmail.com>> wrote: >>>>>>>> Hi Durand, >>>>>>>> >>>>>>>> Any feedback on my previous response? >>>>>>>> >>>>>>>> Find screenshot again >>>>>>>> <image.png> >>>>>>>> >>>>>>>> On Mon, 23 Nov 2020 at 12:57, Ezeh Victor <vickeyzed...@gmail.com >>>>>>>> <mailto:vickeyzed...@gmail.com>> wrote: >>>>>>>> Hi Durand, >>>>>>>> >>>>>>>> I have done as directed. >>>>>>>> >>>>>>>> >>>>>>>> Also, find below a screenshot of Radius Audit Logs >>>>>>>> >>>>>>>> <image.png> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Tue, 17 Nov 2020 at 04:07, Durand fabrice via PacketFence-users >>>>>>>> <packetfence-users@lists.sourceforge.net >>>>>>>> <mailto:packetfence-users@lists.sourceforge.net>> wrote: >>>>>>>> Hello Victor, >>>>>>>> >>>>>>>> it looks that you defined https://172.20.130.50:1443/ >>>>>>>> <https://172.20.130.50:1443/>... as the registrationUrl. >>>>>>>> >>>>>>>> And in the switch config you need to enable "External Portal >>>>>>>> Enforcement". >>>>>>>> >>>>>>>> Also do you have the portal daemon enabled on the management interface >>>>>>>> ? (https://mgmt:1443/admin/alt#/configuration/interfaces >>>>>>>> <https://mgmt:1443/admin/alt#/configuration/interfaces>) >>>>>>>> >>>>>>>> Can you paste a screenshot of the radius audit log (radius tab) when >>>>>>>> you connect on the ssid ? >>>>>>>> >>>>>>>> Regards >>>>>>>> >>>>>>>> Fabrice >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Le 20-11-16 à 17 h 56, Ezeh Victor via PacketFence-users a écrit : >>>>>>>>> Hi >>>>>>>>> >>>>>>>>> Please can someone assist me. This project has come to a halt. >>>>>>>>> >>>>>>>>> I do not seem to be getting something right. The captive portal does >>>>>>>>> not come up after connecting to the guest SSID. >>>>>>>>> >>>>>>>>> I would really appreciate a response as soon as possible. >>>>>>>>> >>>>>>>>> Best regards >>>>>>>>> >>>>>>>>> On Mon, Nov 16, 2020, 11:23 Ezeh Victor <vickeyzed...@gmail.com >>>>>>>>> <mailto:vickeyzed...@gmail.com>> wrote: >>>>>>>>> Hi Ludovic/All, >>>>>>>>> >>>>>>>>> Kindly see the status of trying to access the captive portal; >>>>>>>>> >>>>>>>>> <image.png> >>>>>>>>> >>>>>>>>> On Mon, 16 Nov 2020 at 09:42, Ezeh Victor <vickeyzed...@gmail.com >>>>>>>>> <mailto:vickeyzed...@gmail.com>> wrote: >>>>>>>>> Hi Ludovic, >>>>>>>>> >>>>>>>>> Kind reminder. >>>>>>>>> >>>>>>>>> On Sun, Nov 15, 2020, 16:51 Ezeh Victor <vickeyzed...@gmail.com >>>>>>>>> <mailto:vickeyzed...@gmail.com>> wrote: >>>>>>>>> Hi Ludovic, >>>>>>>>> >>>>>>>>> Please I am still expecting your reply. >>>>>>>>> >>>>>>>>> On Fri, Nov 13, 2020, 19:27 Ezeh Victor <vickeyzed...@gmail.com >>>>>>>>> <mailto:vickeyzed...@gmail.com>> wrote: >>>>>>>>> Kindly find below; >>>>>>>>> >>>>>>>>> # Copyright (C) Inverse inc. >>>>>>>>> # >>>>>>>>> # >>>>>>>>> # >>>>>>>>> # See the enclosed file COPYING for license information (GPL). >>>>>>>>> # If you did not receive this file, see >>>>>>>>> # http://www.fsf.org/licensing/licenses/gpl.html >>>>>>>>> <http://www.fsf.org/licensing/licenses/gpl.html> >>>>>>>>> [default] >>>>>>>>> type=Cisco::WLC_2500 >>>>>>>>> VoIPDHCPDetect=N >>>>>>>>> coaPort=3799 >>>>>>>>> uplink_dynamic=0 >>>>>>>>> deauthMethod=RADIUS >>>>>>>>> always_trigger=1 >>>>>>>>> >>>>>>>>> [172.20.130.252] >>>>>>>>> description=WLC >>>>>>>>> RoleMap=Y >>>>>>>>> VlanMap=N >>>>>>>>> registrationUrl=http://172.20.130.50/Cisco::WLC >>>>>>>>> <http://172.20.130.50/Cisco::WLC> >>>>>>>>> UrlMap=Y >>>>>>>>> isolationRole=Isolation >>>>>>>>> defaultRole=Authorize_Any >>>>>>>>> registrationRole=Pre-Auth-For-WebRedirect >>>>>>>>> radiusSecret=D4n-n3t0ps >>>>>>>>> inlineRole=Inline >>>>>>>>> >>>>>>>>> # Copyright (C) Inverse inc. >>>>>>>>> # >>>>>>>>> # >>>>>>>>> # >>>>>>>>> # See the enclosed file COPYING for license information (GPL). >>>>>>>>> # If you did not receive this file, see >>>>>>>>> # http://www.fsf.org/licensing/licenses/gpl.html >>>>>>>>> <http://www.fsf.org/licensing/licenses/gpl.html> >>>>>>>>> [192.168.0.1] >>>>>>>>> description=Test Switch >>>>>>>>> type=Cisco::Catalyst_2960 >>>>>>>>> mode=production >>>>>>>>> uplink=23,24 >>>>>>>>> VoIPLLDPDetect=N >>>>>>>>> >>>>>>>>> #SNMPVersion = 3 >>>>>>>>> #SNMPEngineID = 0000000000000 >>>>>>>>> #SNMPUserNameRead = readUser >>>>>>>>> #SNMPAuthProtocolRead = MD5 >>>>>>>>> #SNMPAuthPasswordRead = authpwdread >>>>>>>>> #SNMPPrivProtocolRead = DES >>>>>>>>> #SNMPPrivPasswordRead = privpwdread >>>>>>>>> #SNMPUserNameWrite = writeUser >>>>>>>>> #SNMPAuthProtocolWrite = MD5 >>>>>>>>> #SNMPAuthPasswordWrite = authpwdwrite >>>>>>>>> #SNMPPrivProtocolWrite = DES >>>>>>>>> #SNMPPrivPasswordWrite = privpwdwrite >>>>>>>>> #SNMPVersionTrap = 3 >>>>>>>>> #SNMPUserNameTrap = readUser >>>>>>>>> #SNMPAuthProtocolTrap = MD5 >>>>>>>>> #SNMPAuthPasswordTrap = authpwdread >>>>>>>>> #SNMPPrivProtocolTrap = DES >>>>>>>>> #SNMPPrivPasswordTrap = privpwdread >>>>>>>>> [192.168.1.0/24 <http://192.168.1.0/24>] >>>>>>>>> description=Test Range WLC >>>>>>>>> type=Cisco::WLC >>>>>>>>> mode=production >>>>>>>>> uplink_dynamic=0 >>>>>>>>> VoIPLLDPDetect=N >>>>>>>>> >>>>>>>>> On Fri, 13 Nov 2020 at 19:22, Ludovic Zammit <lzam...@inverse.ca >>>>>>>>> <mailto:lzam...@inverse.ca>> wrote: >>>>>>>>> Send me your conf/switches.conf >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> >>>>>>>>>> On Nov 13, 2020, at 1:20 PM, Ezeh Victor <vickeyzed...@gmail.com >>>>>>>>>> <mailto:vickeyzed...@gmail.com>> wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Hi Ludovic, >>>>>>>>>> >>>>>>>>>> Thank you for your timely assistance. >>>>>>>>>> >>>>>>>>>> Kindly below some of the logs observed; >>>>>>>>>> <image.png> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> <image.png> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Fri, 13 Nov 2020 at 18:48, Ludovic Zammit <lzam...@inverse.ca >>>>>>>>>> <mailto:lzam...@inverse.ca>> wrote: >>>>>>>>>> Glad you are progressing. >>>>>>>>>> >>>>>>>>>> In web auth, the client IP address is sent out to PF management >>>>>>>>>> interface inside a HTTP request. >>>>>>>>>> >>>>>>>>>> So if you don’t see the portal, there is a good chance that IP won’t >>>>>>>>>> populate. >>>>>>>>>> >>>>>>>>>> Check in the logs/httpd.portal.access you should see the request I’m >>>>>>>>>> talking about above. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Ludovic Zammit >>>>>>>>>> lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 >>>>>>>>>> (x145) :: www.inverse.ca <http://www.inverse.ca/> >>>>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >>>>>>>>>> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >>>>>>>>>> <http://packetfence.org/>) >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> On Nov 13, 2020, at 10:44 AM, Ezeh Victor <vickeyzed...@gmail.com >>>>>>>>>>> <mailto:vickeyzed...@gmail.com>> wrote: >>>>>>>>>>> >>>>>>>>>>> Hi Ludovic, >>>>>>>>>>> >>>>>>>>>>> Thank you soo much for the last mail. >>>>>>>>>>> >>>>>>>>>>> I have made some progress and the device can now connect and >>>>>>>>>>> receive IP information. The directive on FlexConnect ACL I think >>>>>>>>>>> did the trick. Also, it is seen as an online node. >>>>>>>>>>> >>>>>>>>>>> The challenge now is the captive portal does not pop up as the >>>>>>>>>>> device remains in unregistered mode and is assigned a vlan 0 as >>>>>>>>>>> against the guest vlan 300 >>>>>>>>>>> <image.png> >>>>>>>>>>> >>>>>>>>>>> <image.png> >>>>>>>>>>> >>>>>>>>>>> How do I ensure that the captive portal comes up after connection? >>>>>>>>>>> >>>>>>>>>>> On Thu, 12 Nov 2020 at 14:50, Ludovic Zammit <lzam...@inverse.ca >>>>>>>>>>> <mailto:lzam...@inverse.ca>> wrote: >>>>>>>>>>> Hello Victor, >>>>>>>>>>> >>>>>>>>>>> Here’s few steps that you can validate before moving forward. >>>>>>>>>>> >>>>>>>>>>> SSID config: >>>>>>>>>>> >>>>>>>>>>> - AAA override checked, RADIUS NAC (or ISE) enabled >>>>>>>>>>> - Interface set to the correct guest vlan >>>>>>>>>>> - Since you are using flex connect, make sure your vlan / ACL are >>>>>>>>>>> created on the flex connect config >>>>>>>>>>> >>>>>>>>>>> PacketFence: >>>>>>>>>>> >>>>>>>>>>> - receive the radius request on each connection >>>>>>>>>>> - reply the portal URL + the ACL name for the captive portal >>>>>>>>>>> - enable the external portal on the switch >>>>>>>>>>> - getting the portal deamon listening to the management interface >>>>>>>>>>> >>>>>>>>>>> Do you have an IP address when you connect? >>>>>>>>>>> >>>>>>>>>>> You can do advanced debuting with the SSH Cisco CLI like: >>>>>>>>>>> >>>>>>>>>>> debug client mac aa:bb:cc:dd:ee:ff >>>>>>>>>>> >>>>>>>>>>> Look at the logs, they will tell you why you client can’t connect >>>>>>>>>>> successfully. >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Ludovic Zammit >>>>>>>>>>> lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 >>>>>>>>>>> (x145) :: www.inverse.ca <http://www.inverse.ca/> >>>>>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >>>>>>>>>>> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >>>>>>>>>>> <http://packetfence.org/>) >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> On Nov 12, 2020, at 3:02 AM, Ezeh Victor <vickeyzed...@gmail.com >>>>>>>>>>>> <mailto:vickeyzed...@gmail.com>> wrote: >>>>>>>>>>>> >>>>>>>>>>>> Hi, >>>>>>>>>>>> >>>>>>>>>>>> Thanks for all your responses but I have gone through the provided >>>>>>>>>>>> links prior to making this request. >>>>>>>>>>>> >>>>>>>>>>>> A little bit of additional detail; >>>>>>>>>>>> My SSID is Open and is a flex connect SSID to enable users to pick >>>>>>>>>>>> IP addresses from local DHCP servers >>>>>>>>>>>> I have my access-lists in place >>>>>>>>>>>> I have configured the controller on packet fence following the >>>>>>>>>>>> documentation >>>>>>>>>>>> I have enabled the captive portal on the management interface >>>>>>>>>>>> I have enabled self preregistration >>>>>>>>>>>> My challenges however are; >>>>>>>>>>>> I cannot connect to the SSID. I keep getting an authentication >>>>>>>>>>>> error. >>>>>>>>>>>> The captive portal does not show up >>>>>>>>>>>> I cannot see the controller node online as it is recorded as >>>>>>>>>>>> offline on packetfence >>>>>>>>>>>> >>>>>>>>>>>> I would appreciate a clear step on what to do based off of >>>>>>>>>>>> successful implementations already done. >>>>>>>>>>>> >>>>>>>>>>>> The documentation has helped but I have not been successful. >>>>>>>>>>>> >>>>>>>>>>>> On Wed, 11 Nov 2020 at 20:14, Ludovic Zammit <lzam...@inverse.ca >>>>>>>>>>>> <mailto:lzam...@inverse.ca>> wrote: >>>>>>>>>>>> Hello, >>>>>>>>>>>> >>>>>>>>>>>> https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_cisco_2 >>>>>>>>>>>> >>>>>>>>>>>> <https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_cisco_2> >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> Ludovic Zammit >>>>>>>>>>>> lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 >>>>>>>>>>>> (x145) :: www.inverse.ca <http://www.inverse.ca/> >>>>>>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >>>>>>>>>>>> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >>>>>>>>>>>> <http://packetfence.org/>) >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> On Nov 10, 2020, at 8:24 AM, Ezeh Victor via PacketFence-users >>>>>>>>>>>>> <packetfence-users@lists.sourceforge.net >>>>>>>>>>>>> <mailto:packetfence-users@lists.sourceforge.net>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> Hi, >>>>>>>>>>>>> >>>>>>>>>>>>> Please I need assistance with figuring how I can integrate >>>>>>>>>>>>> PacketFence with Cisco WLC. >>>>>>>>>>>>> >>>>>>>>>>>>> Any assistance will be appreciated. >>>>>>>>>>>>> >>>>>>>>>>>>> Regards. >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>>>>>> <mailto:PacketFence-users@lists.sourceforge.net> >>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> PacketFence-users mailing list >>>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>>> <mailto:PacketFence-users@lists.sourceforge.net> >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >>>>>>>> _______________________________________________ >>>>>>>> PacketFence-users mailing list >>>>>>>> PacketFence-users@lists.sourceforge.net >>>>>>>> <mailto:PacketFence-users@lists.sourceforge.net> >>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >>>>> >>>> >>> >>> <putty.log> >> >> <image.png><image.png> >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
