Hi Ludovic, Kindly find the result of the command run [image: image.png]
[image: image.png] Note that the workstation used to connect to the guest network no longer receives IP configuration. I do not know why this is the case, but I think that is the reason for no packets in the .pcap file. On Wed, 2 Dec 2020 at 13:56, Ludovic Zammit <[email protected]> wrote: > PS: yum install -y tcpdump > > > Ludovic [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > > > > On Dec 2, 2020, at 7:53 AM, Ludovic Zammit via PacketFence-users < > [email protected]> wrote: > > Sorry it’s lowercase i for interface: > > tcpdump -i eth0 port 443 or port 80 -w webauth.pcap > > Thanks, > > > Ludovic [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > > > > On Dec 2, 2020, at 3:02 AM, Ezeh Victor <[email protected]> wrote: > > Hi Ludovic, > > Kindly find errors from the server below > <image.png> > <image.png> > > On Tue, 1 Dec 2020 at 20:42, Ludovic Zammit <[email protected]> wrote: > >> What happen if you start a capture on the packetfence server like this: >> >> tcpdump -I eth0 port 443 or port 80 -w webauth.pcap >> >> On the client you do: >> >> http://172.20.130.5/captive-portal >> >> Show/send me the capture >> >> Thanks, >> >> >> Ludovic [email protected] :: +1.514.447.4918 (x145) :: >> www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> >> >> >> >> On Dec 1, 2020, at 2:38 PM, Ezeh Victor <[email protected]> wrote: >> >> I can reach it if I ping sourcing from the guest network gateway on the >> router. But when I ping from a host, I cannot reach it. >> >> On Tue, Dec 1, 2020, 20:22 Ludovic Zammit <[email protected]> wrote: >> >>> Can you reach the captive portal on the management interface of PF from >>> you guest network ? >>> >>> Thanks, >>> >>> >>> Ludovic [email protected] :: +1.514.447.4918 (x145) :: >>> www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> >>> >>> >>> >>> On Dec 1, 2020, at 1:10 PM, Ezeh Victor <[email protected]> wrote: >>> >>> Hi Ludovic, >>> >>> I removed the access list from the VLAN. >>> >>> On Tue, Dec 1, 2020, 19:08 Ludovic Zammit <[email protected]> wrote: >>> >>>> [image: image.png] >>>> >>>> Did you remove that? If not, remove it. >>>> >>>> Thanks, >>>> >>>> >>>> Ludovic [email protected] :: +1.514.447.4918 (x145) :: >>>> www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>> (http://packetfence.org) >>>> >>>> >>>> >>>> >>>> >>>> On Dec 1, 2020, at 12:35 PM, Ezeh Victor <[email protected]> >>>> wrote: >>>> >>>> Hi Ludovic, >>>> >>>> Kindly find attached the logs. >>>> >>>> On Tue, 1 Dec 2020 at 17:24, Ludovic Zammit <[email protected]> wrote: >>>> >>>>> In that case, on that version the ACL just need to be there on the >>>>> controller as you did create it. >>>>> >>>>> The ACL is assigned dynamically to your device and not the SSID. >>>>> >>>>> Try to debug with that command using SSH on the controller: >>>>> >>>>> (Cisco Controller) >debug client ? >>>>> >>>>> <MAC addr1> Enter MAC address >>>>> >>>>> Command: debug client aa:bb:cc:dd:ee:ff >>>>> >>>>> Send me the output please. >>>>> >>>>> Thanks, >>>>> >>>>> >>>>> Ludovic [email protected] :: +1.514.447.4918 (x145) :: >>>>> www.inverse.ca >>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>> (http://packetfence.org) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Dec 1, 2020, at 10:15 AM, Ezeh Victor <[email protected]> >>>>> wrote: >>>>> >>>>> Also, when I tried applying it to the WLAN in the Flexconnect group >>>>> below is the error I received >>>>> >>>>> <image.png> >>>>> >>>>> On Tue, 1 Dec 2020 at 15:44, Ezeh Victor <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Ludovic, >>>>>> >>>>>> Thanks for the response and the correction. >>>>>> >>>>>> Kindly note that the WLAN is in flex connect mode and from initial >>>>>> correspondence, I created a flex connect ACL. >>>>>> >>>>>> I cannot assign a flex connect ACL to a WLAN directly. >>>>>> >>>>>> However, I created an ACL on the controller and applied it to the >>>>>> WLAN directly as seen below; >>>>>> >>>>>> <image.png> >>>>>> >>>>>> >>>>>> <image.png> >>>>>> >>>>>> This did not also work and I am not getting automatic re-direction as >>>>>> I previously got. >>>>>> <image.png> >>>>>> >>>>>> <image.png> >>>>>> >>>>>> On Tue, 1 Dec 2020 at 14:17, Ludovic Zammit <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hello Victor, >>>>>>> >>>>>>> Your Web auth reg ACL is not good, the TCP should match the PF >>>>>>> management IP address. >>>>>>> >>>>>>> When you add the ACL on the flexconnect, you need to add them under >>>>>>> the WLAN and not the VLAN itself. >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> >>>>>>> Ludovic [email protected] :: +1.514.447.4918 (x145) :: >>>>>>> www.inverse.ca >>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>> PacketFence (http://packetfence.org) >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Dec 1, 2020, at 3:36 AM, Ezeh Victor <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>> Hi Ludovic, >>>>>>> >>>>>>> Kindly find the response below; >>>>>>> >>>>>>> >>>>>>> - Do you have the portal listening on 172.20.130.50? >>>>>>> <image.png> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> - Could you show me the radius reply regarding that wireless >>>>>>> connection? >>>>>>> <image.png> >>>>>>> >>>>>>> >>>>>>> >>>>>>> - Do you have the External portal checked on your switch module? >>>>>>> <image.png> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> - Do you have access to the portal from your guest network? >>>>>>> >>>>>>> *A user connected to the Guest SSID - * I do not understand why >>>>>>> this is happening because the gateway can reach the PacketFence >>>>>>> management >>>>>>> IP >>>>>>> <image.png> >>>>>>> >>>>>>> *Core device reachability to PacketFence from GUEST SSID Gateway* >>>>>>> <image.png> >>>>>>> >>>>>>> *PacketFence reachability to GUEST Gateway* >>>>>>> <image.png> >>>>>>> >>>>>>> *PacketFence reachability to a client connected to the GUEST SSID - >>>>>>> *This >>>>>>> is also surprising since the server can reach the Guest gateway >>>>>>> <image.png> >>>>>>> >>>>>>> *The route to the GUEST network from PacketFence* >>>>>>> <image.png> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> - Does your ACL Pre-Auth-For-WebRedirect is correctly configured on >>>>>>> the controller? >>>>>>> <image.png> >>>>>>> >>>>>>> *Tried the following combinations below;* >>>>>>> <image.png> >>>>>>> >>>>>>> <image.png> >>>>>>> >>>>>>> <image.png> >>>>>>> >>>>>>> But it keeps showing a blank page with via this link: >>>>>>> *http://172.20.130.50/Cisco::WLC/sid774610 >>>>>>> <http://172.20.130.50/Cisco::WLC/sid774610>?* >>>>>>> >>>>>>> On Mon, 30 Nov 2020 at 20:32, Ludovic Zammit <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Alright, few things to checkout: >>>>>>>> >>>>>>>> - Do you have the portal listening on 172.20.130.50? >>>>>>>> - Could you show me the radius reply regarding that wireless >>>>>>>> connection ? >>>>>>>> - Do you have the External portal checked on your switch module? >>>>>>>> - Do you have access to the portal from your guest network ? >>>>>>>> - Does your ACL Pre-Auth-For-WebRedirect is correctly configured on >>>>>>>> the controller? >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> >>>>>>>> Ludovic [email protected] :: +1.514.447.4918 (x145) :: >>>>>>>> www.inverse.ca >>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>>>>>> PacketFence (http://packetfence.org) >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Nov 30, 2020, at 9:00 AM, Ezeh Victor <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>> Hi Ludovic, >>>>>>>> >>>>>>>> Thank you for your email. >>>>>>>> >>>>>>>> Kindly find below issue experienced. >>>>>>>> >>>>>>>> When I connect to the SSID Guest-Test, the processes below are what >>>>>>>> takes place; >>>>>>>> >>>>>>>> - The computer opens a browser and tries to visit >>>>>>>> *http://www.msftconnecttest.com/redirect >>>>>>>> <http://www.msftconnecttest.com/redirect>* then >>>>>>>> *http://172.20.130.50/Cisco::WLC/sidff17da >>>>>>>> <http://172.20.130.50/Cisco::WLC/sidff17da>?* >>>>>>>> - It then ends *http://172.20.130.50/access?lang= >>>>>>>> <http://172.20.130.50/access?lang=> * with no display. >>>>>>>> >>>>>>>> >>>>>>>> - When I now try to change the SSID back to the normal staff >>>>>>>> SSID, it then continues to >>>>>>>> *http://172.20.130.50/captive-portal?destination_url=http://172.20.130.50/Cisco::WLC/sidff17da?&; >>>>>>>> >>>>>>>> <http://172.20.130.50/captive-portal?destination_url=http://172.20.130.50/Cisco::WLC/sidff17da?&;> >>>>>>>> *and >>>>>>>> displays the captive portal which obviously returns with an error >>>>>>>> that no >>>>>>>> network access is detected. >>>>>>>> >>>>>>>> Kindly advise, what am I missing? >>>>>>>> >>>>>>>> >>>>>>>> On Thu, 26 Nov 2020 at 15:59, Ezeh Victor <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi Durand, >>>>>>>>> >>>>>>>>> I also made some observations today; >>>>>>>>> >>>>>>>>> When I connect to the SSID Guest-Test, the processes below are >>>>>>>>> what takes place; >>>>>>>>> The computer opens a browser and tries to visit >>>>>>>>> *http://www.msftconnecttest.com/redirect >>>>>>>>> <http://www.msftconnecttest.com/redirect>* then >>>>>>>>> *http://172.20.130.50/Cisco::WLC/sidff17da >>>>>>>>> <http://172.20.130.50/Cisco::WLC/sidff17da>?* >>>>>>>>> It then ends *http://172.20.130.50/access?lang= >>>>>>>>> <http://172.20.130.50/access?lang=> * with no display. >>>>>>>>> >>>>>>>>> When I now try to change the SSID back to the normal staff SSID, >>>>>>>>> it then continues to >>>>>>>>> *http://172.20.130.50/captive-portal?destination_url=http://172.20.130.50/Cisco::WLC/sidff17da?&; >>>>>>>>> <http://172.20.130.50/captive-portal?destination_url=http://172.20.130.50/Cisco::WLC/sidff17da?&;> >>>>>>>>> *and >>>>>>>>> displays the captive portal which obviously returns with an error >>>>>>>>> that no >>>>>>>>> network access is detected. >>>>>>>>> >>>>>>>>> Kindly advise, what am I missing? >>>>>>>>> >>>>>>>>> >>>>>>>>> On Thu, 26 Nov 2020 at 09:26, Ezeh Victor <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Dear Durand, >>>>>>>>>> >>>>>>>>>> Kindly find below; >>>>>>>>>> >>>>>>>>>> Access-list changed >>>>>>>>>> <image.png> >>>>>>>>>> >>>>>>>>>> Pings to Packet fence from a wire device >>>>>>>>>> <image.png> >>>>>>>>>> >>>>>>>>>> <image.png> >>>>>>>>>> >>>>>>>>>> Pings from Packet Fence and route table >>>>>>>>>> >>>>>>>>>> <image.png> >>>>>>>>>> >>>>>>>>>> After connecting to the Guest SSID, I got a re-direction but the >>>>>>>>>> captive portal did not show up; >>>>>>>>>> >>>>>>>>>> <image.png> >>>>>>>>>> >>>>>>>>>> It seems I have an issue with the captive portal. >>>>>>>>>> >>>>>>>>>> Kindly assist. >>>>>>>>>> >>>>>>>>>> On Thu, 26 Nov 2020 at 02:33, Durand fabrice <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> If i understand correctly, your vlan 300 is the guest vlan where >>>>>>>>>>> the user device is, right ? >>>>>>>>>>> >>>>>>>>>>> And if i understand correctly the ACL, you permit the source >>>>>>>>>>> 172.20.130.50 to reach 172.26.80.0/25 but it should be the >>>>>>>>>>> inverse ! (your ACL is in IN direction) >>>>>>>>>>> >>>>>>>>>>> So put a wire device in the vlan 300 and try to ping >>>>>>>>>>> 172.20.130.50 , if it doesn't work then remove your acl and retry. >>>>>>>>>>> >>>>>>>>>>> Also from the packetfence server are you able to ping >>>>>>>>>>> 172.26.80.1 ? >>>>>>>>>>> >>>>>>>>>>> What is the result of : ip route get 172.26.80.1 >>>>>>>>>>> >>>>>>>>>>> is it returning the source interface where the portal is ? >>>>>>>>>>> >>>>>>>>>>> Regards >>>>>>>>>>> >>>>>>>>>>> Fabrice >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Le 20-11-25 à 05 h 31, Ezeh Victor a écrit : >>>>>>>>>>> >>>>>>>>>>> Hi Durand, >>>>>>>>>>> >>>>>>>>>>> Kindly find below screenshots; >>>>>>>>>>> >>>>>>>>>>> <image.png> >>>>>>>>>>> <image.png> >>>>>>>>>>> <image.png> >>>>>>>>>>> <image.png> >>>>>>>>>>> <image.png> >>>>>>>>>>> <image.png> >>>>>>>>>>> >>>>>>>>>>> <image.png> >>>>>>>>>>> <image.png> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Wed, 25 Nov 2020 at 03:01, Durand fabrice <[email protected]> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> First you need to try with a acl with permit any any and try to >>>>>>>>>>>> go on the portal url. >>>>>>>>>>>> >>>>>>>>>>>> If it doesn't show the portal then it mean that there is a >>>>>>>>>>>> network issue between the vlan where the device is and the ip of >>>>>>>>>>>> the >>>>>>>>>>>> captive portal. >>>>>>>>>>>> >>>>>>>>>>>> What you can try also is to put a wired device in this guest >>>>>>>>>>>> vlan and try to go on https://172.20.130.50/captive-portal >>>>>>>>>>>> >>>>>>>>>>>> Regards >>>>>>>>>>>> >>>>>>>>>>>> Fabrice >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Le 20-11-24 à 05 h 57, Ezeh Victor a écrit : >>>>>>>>>>>> >>>>>>>>>>>> Hi Durand, >>>>>>>>>>>> >>>>>>>>>>>> This is the result of trying to access the captive portal; >>>>>>>>>>>> >>>>>>>>>>>> <image.png> >>>>>>>>>>>> >>>>>>>>>>>> Is that the right URL? >>>>>>>>>>>> >>>>>>>>>>>> I would appreciate your response. >>>>>>>>>>>> >>>>>>>>>>>> Best Regards >>>>>>>>>>>> >>>>>>>>>>>> On Tue, 24 Nov 2020 at 10:01, Ezeh Victor < >>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi Durand, >>>>>>>>>>>>> >>>>>>>>>>>>> Any feedback on my previous response? >>>>>>>>>>>>> >>>>>>>>>>>>> Find screenshot again >>>>>>>>>>>>> <image.png> >>>>>>>>>>>>> >>>>>>>>>>>>> On Mon, 23 Nov 2020 at 12:57, Ezeh Victor < >>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Hi Durand, >>>>>>>>>>>>>> >>>>>>>>>>>>>> I have done as directed. >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Also, find below a screenshot of Radius Audit Logs >>>>>>>>>>>>>> >>>>>>>>>>>>>> <image.png> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Tue, 17 Nov 2020 at 04:07, Durand fabrice via >>>>>>>>>>>>>> PacketFence-users <[email protected]> >>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hello Victor, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> it looks that you defined https://172.20.130.50:1443/... as >>>>>>>>>>>>>>> the registrationUrl. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> And in the switch config you need to enable "External Portal >>>>>>>>>>>>>>> Enforcement". >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Also do you have the portal daemon enabled on the management >>>>>>>>>>>>>>> interface ? ( >>>>>>>>>>>>>>> https://mgmt:1443/admin/alt#/configuration/interfaces) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Can you paste a screenshot of the radius audit log (radius >>>>>>>>>>>>>>> tab) when you connect on the ssid ? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Regards >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Fabrice >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Le 20-11-16 à 17 h 56, Ezeh Victor via PacketFence-users a >>>>>>>>>>>>>>> écrit : >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Please can someone assist me. This project has come to a >>>>>>>>>>>>>>> halt. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I do not seem to be getting something right. The captive >>>>>>>>>>>>>>> portal does not come up after connecting to the guest SSID. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I would really appreciate a response as soon as possible. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Best regards >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Mon, Nov 16, 2020, 11:23 Ezeh Victor < >>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi Ludovic/All, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Kindly see the status of trying to access the captive >>>>>>>>>>>>>>>> portal; >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> <image.png> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Mon, 16 Nov 2020 at 09:42, Ezeh Victor < >>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi Ludovic, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Kind reminder. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Sun, Nov 15, 2020, 16:51 Ezeh Victor < >>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi Ludovic, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Please I am still expecting your reply. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On Fri, Nov 13, 2020, 19:27 Ezeh Victor < >>>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Kindly find below; >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> # Copyright (C) Inverse inc. >>>>>>>>>>>>>>>>>>> # >>>>>>>>>>>>>>>>>>> # >>>>>>>>>>>>>>>>>>> # >>>>>>>>>>>>>>>>>>> # See the enclosed file COPYING for license information >>>>>>>>>>>>>>>>>>> (GPL). >>>>>>>>>>>>>>>>>>> # If you did not receive this file, see >>>>>>>>>>>>>>>>>>> # http://www.fsf.org/licensing/licenses/gpl.html >>>>>>>>>>>>>>>>>>> [default] >>>>>>>>>>>>>>>>>>> type=Cisco::WLC_2500 >>>>>>>>>>>>>>>>>>> VoIPDHCPDetect=N >>>>>>>>>>>>>>>>>>> coaPort=3799 >>>>>>>>>>>>>>>>>>> uplink_dynamic=0 >>>>>>>>>>>>>>>>>>> deauthMethod=RADIUS >>>>>>>>>>>>>>>>>>> always_trigger=1 >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> [172.20.130.252] >>>>>>>>>>>>>>>>>>> description=WLC >>>>>>>>>>>>>>>>>>> RoleMap=Y >>>>>>>>>>>>>>>>>>> VlanMap=N >>>>>>>>>>>>>>>>>>> registrationUrl=http://172.20.130.50/Cisco::WLC >>>>>>>>>>>>>>>>>>> UrlMap=Y >>>>>>>>>>>>>>>>>>> isolationRole=Isolation >>>>>>>>>>>>>>>>>>> defaultRole=Authorize_Any >>>>>>>>>>>>>>>>>>> registrationRole=Pre-Auth-For-WebRedirect >>>>>>>>>>>>>>>>>>> radiusSecret=D4n-n3t0ps >>>>>>>>>>>>>>>>>>> inlineRole=Inline >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> # Copyright (C) Inverse inc. >>>>>>>>>>>>>>>>>>> # >>>>>>>>>>>>>>>>>>> # >>>>>>>>>>>>>>>>>>> # >>>>>>>>>>>>>>>>>>> # See the enclosed file COPYING for license information >>>>>>>>>>>>>>>>>>> (GPL). >>>>>>>>>>>>>>>>>>> # If you did not receive this file, see >>>>>>>>>>>>>>>>>>> # http://www.fsf.org/licensing/licenses/gpl.html >>>>>>>>>>>>>>>>>>> [192.168.0.1] >>>>>>>>>>>>>>>>>>> description=Test Switch >>>>>>>>>>>>>>>>>>> type=Cisco::Catalyst_2960 >>>>>>>>>>>>>>>>>>> mode=production >>>>>>>>>>>>>>>>>>> uplink=23,24 >>>>>>>>>>>>>>>>>>> VoIPLLDPDetect=N >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> #SNMPVersion = 3 >>>>>>>>>>>>>>>>>>> #SNMPEngineID = 0000000000000 >>>>>>>>>>>>>>>>>>> #SNMPUserNameRead = readUser >>>>>>>>>>>>>>>>>>> #SNMPAuthProtocolRead = MD5 >>>>>>>>>>>>>>>>>>> #SNMPAuthPasswordRead = authpwdread >>>>>>>>>>>>>>>>>>> #SNMPPrivProtocolRead = DES >>>>>>>>>>>>>>>>>>> #SNMPPrivPasswordRead = privpwdread >>>>>>>>>>>>>>>>>>> #SNMPUserNameWrite = writeUser >>>>>>>>>>>>>>>>>>> #SNMPAuthProtocolWrite = MD5 >>>>>>>>>>>>>>>>>>> #SNMPAuthPasswordWrite = authpwdwrite >>>>>>>>>>>>>>>>>>> #SNMPPrivProtocolWrite = DES >>>>>>>>>>>>>>>>>>> #SNMPPrivPasswordWrite = privpwdwrite >>>>>>>>>>>>>>>>>>> #SNMPVersionTrap = 3 >>>>>>>>>>>>>>>>>>> #SNMPUserNameTrap = readUser >>>>>>>>>>>>>>>>>>> #SNMPAuthProtocolTrap = MD5 >>>>>>>>>>>>>>>>>>> #SNMPAuthPasswordTrap = authpwdread >>>>>>>>>>>>>>>>>>> #SNMPPrivProtocolTrap = DES >>>>>>>>>>>>>>>>>>> #SNMPPrivPasswordTrap = privpwdread >>>>>>>>>>>>>>>>>>> [192.168.1.0/24] >>>>>>>>>>>>>>>>>>> description=Test Range WLC >>>>>>>>>>>>>>>>>>> type=Cisco::WLC >>>>>>>>>>>>>>>>>>> mode=production >>>>>>>>>>>>>>>>>>> uplink_dynamic=0 >>>>>>>>>>>>>>>>>>> VoIPLLDPDetect=N >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> On Fri, 13 Nov 2020 at 19:22, Ludovic Zammit < >>>>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Send me your conf/switches.conf >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> On Nov 13, 2020, at 1:20 PM, Ezeh Victor < >>>>>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Hi Ludovic, >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Thank you for your timely assistance. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Kindly below some of the logs observed; >>>>>>>>>>>>>>>>>>>> <image.png> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> <image.png> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> On Fri, 13 Nov 2020 at 18:48, Ludovic Zammit < >>>>>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Glad you are progressing. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> In web auth, the client IP address is sent out to PF >>>>>>>>>>>>>>>>>>>>> management interface inside a HTTP request. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> So if you don’t see the portal, there is a good chance >>>>>>>>>>>>>>>>>>>>> that IP won’t populate. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Check in the logs/httpd.portal.access you should see >>>>>>>>>>>>>>>>>>>>> the request I’m talking about above. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Ludovic [email protected] :: +1.514.447.4918 >>>>>>>>>>>>>>>>>>>>> (x145) :: www.inverse.ca >>>>>>>>>>>>>>>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) >>>>>>>>>>>>>>>>>>>>> and PacketFence (http://packetfence.org) >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> On Nov 13, 2020, at 10:44 AM, Ezeh Victor < >>>>>>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Hi Ludovic, >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Thank you soo much for the last mail. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> I have made some progress and the device can now >>>>>>>>>>>>>>>>>>>>> connect and receive IP information. The directive on >>>>>>>>>>>>>>>>>>>>> FlexConnect ACL I >>>>>>>>>>>>>>>>>>>>> think did the trick. Also, it is seen as an online node. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> The challenge now is the captive portal does not pop >>>>>>>>>>>>>>>>>>>>> up as the device remains in unregistered mode and is >>>>>>>>>>>>>>>>>>>>> assigned a vlan 0 as >>>>>>>>>>>>>>>>>>>>> against the guest vlan 300 >>>>>>>>>>>>>>>>>>>>> <image.png> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> <image.png> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> How do I ensure that the captive portal comes up after >>>>>>>>>>>>>>>>>>>>> connection? >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> On Thu, 12 Nov 2020 at 14:50, Ludovic Zammit < >>>>>>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Hello Victor, >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Here’s few steps that you can validate before moving >>>>>>>>>>>>>>>>>>>>>> forward. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> SSID config: >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> - AAA override checked, RADIUS NAC (or ISE) enabled >>>>>>>>>>>>>>>>>>>>>> - Interface set to the correct guest vlan >>>>>>>>>>>>>>>>>>>>>> - Since you are using flex connect, make sure your >>>>>>>>>>>>>>>>>>>>>> vlan / ACL are created on the flex connect config >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> PacketFence: >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> - receive the radius request on each connection >>>>>>>>>>>>>>>>>>>>>> - reply the portal URL + the ACL name for the captive >>>>>>>>>>>>>>>>>>>>>> portal >>>>>>>>>>>>>>>>>>>>>> - enable the external portal on the switch >>>>>>>>>>>>>>>>>>>>>> - getting the portal deamon listening to the >>>>>>>>>>>>>>>>>>>>>> management interface >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Do you have an IP address when you connect? >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> You can do advanced debuting with the SSH Cisco CLI >>>>>>>>>>>>>>>>>>>>>> like: >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> debug client mac aa:bb:cc:dd:ee:ff >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Look at the logs, they will tell you why you client >>>>>>>>>>>>>>>>>>>>>> can’t connect successfully. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Ludovic [email protected] :: +1.514.447.4918 >>>>>>>>>>>>>>>>>>>>>> (x145) :: www.inverse.ca >>>>>>>>>>>>>>>>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) >>>>>>>>>>>>>>>>>>>>>> and PacketFence (http://packetfence.org) >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> On Nov 12, 2020, at 3:02 AM, Ezeh Victor < >>>>>>>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Thanks for all your responses but I have gone through >>>>>>>>>>>>>>>>>>>>>> the provided links prior to making this request. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> A little bit of additional detail; >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> - My SSID is Open and is a flex connect SSID to >>>>>>>>>>>>>>>>>>>>>> enable users to pick IP addresses from local DHCP >>>>>>>>>>>>>>>>>>>>>> servers >>>>>>>>>>>>>>>>>>>>>> - I have my access-lists in place >>>>>>>>>>>>>>>>>>>>>> - I have configured the controller on packet >>>>>>>>>>>>>>>>>>>>>> fence following the documentation >>>>>>>>>>>>>>>>>>>>>> - I have enabled the captive portal on the >>>>>>>>>>>>>>>>>>>>>> management interface >>>>>>>>>>>>>>>>>>>>>> - I have enabled self preregistration >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> My challenges however are; >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> - I cannot connect to the SSID. I keep getting an >>>>>>>>>>>>>>>>>>>>>> authentication error. >>>>>>>>>>>>>>>>>>>>>> - The captive portal does not show up >>>>>>>>>>>>>>>>>>>>>> - I cannot see the controller node online as it >>>>>>>>>>>>>>>>>>>>>> is recorded as offline on packetfence >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> I would appreciate a clear step on what to do based >>>>>>>>>>>>>>>>>>>>>> off of successful implementations already done. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> The documentation has helped but I have not been >>>>>>>>>>>>>>>>>>>>>> successful. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> On Wed, 11 Nov 2020 at 20:14, Ludovic Zammit < >>>>>>>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_cisco_2 >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Ludovic [email protected] :: +1.514.447.4918 >>>>>>>>>>>>>>>>>>>>>>> (x145) :: www.inverse.ca >>>>>>>>>>>>>>>>>>>>>>> Inverse inc. :: Leaders behind SOGo >>>>>>>>>>>>>>>>>>>>>>> (http://www.sogo.nu) and PacketFence >>>>>>>>>>>>>>>>>>>>>>> (http://packetfence.org) >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> On Nov 10, 2020, at 8:24 AM, Ezeh Victor via >>>>>>>>>>>>>>>>>>>>>>> PacketFence-users < >>>>>>>>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Please I need assistance with figuring how I can >>>>>>>>>>>>>>>>>>>>>>> integrate PacketFence with Cisco WLC. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Any assistance will be appreciated. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Regards. >>>>>>>>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>> PacketFence-users mailing >>>>>>>>>>>>>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>> PacketFence-users mailing list >>>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>> >>>>>>> >>>>> <putty.log> >>>> >>>> >>>> <image.png><image.png> >>> >>> >>> >> > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
