Hello, Are you doing Mac authentication or 802.1x?
Post your logs and we will advise. Thanks, Ludovic Zammit lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca <https://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Mar 10, 2021, at 11:03 AM, Robin Cortat via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > What I did: > > I created a Vlan_1 role and a Vlan_2 role. > > In switches, I assigned vlan id 1 to role Vlan_1 and vlan id 2 to role Vlan_2. > > I then created an internal AD source, and made a rule with this condition : > memberOf is member of VLAN1 > Action : set the role vlan_1 > access time 5 days > > Same for vlan2. > > Then in portal profiles : > Filter: MySwitch > Sources: MY_AD > > But it looks like the rules in the source do not apply. > > In the radius logs, I get denied access for the machine that connects to the > switch if I haven't enabled automatic device registration in the portable > profile. If I enable it, I always get the registration role and the vlan ID > corresponding to this role in the role section of the switch. > > And one more thing. Is it possible to automatically assign a vlan without the > user having to log in manually? > > Thanks for your answer > De : Durand fabrice <fdur...@inverse.ca> > Envoyé : mercredi, 10 mars 2021 02:10:40 > À : Robin Cortat; packetfence-users@lists.sourceforge.net > Objet : Re: [PacketFence-users] VLANs assignation for HP Procurve 2824 switch > > Can you share what you configure on the switch ? > Do you see anything in the radius.log file ? > Le 21-03-09 à 08 h 25, Robin Cortat a écrit : >> Precisely and simply, this is what I want to do: >> >> A device plugs into the switch; is this device part of my AD? If yes, it >> joins my company VLAN, if not, it joins an isolation VLAN. >> >> I really need your help because this is an important and decisive project >> for me. I think the problem is that I don't know exactly how and what >> commands I need to perform on my switch and in packetfence to achieve this. >> >> Thank you in advance for your answer. >> >> >> <http://www.imageson.ch/> >> <http://www.bnjpublicite.ch/> >> <http://www.rjb.ch/> >> <http://www.rtn.ch/> >> <http://www.rfj.ch/> >> <http://www.grrif.ch/> >> <https://redir.bnj.ch/site/IS> >> >> De : Robin Cortat >> Envoyé : mardi, 9 mars 2021 07:15 >> À : 'packetfence-users@lists.sourceforge.net >> <mailto:packetfence-users@lists.sourceforge.net>' >> <packetfence-users@lists.sourceforge.net> >> <mailto:packetfence-users@lists.sourceforge.net> >> Cc : Durand fabrice <fdur...@inverse.ca> <mailto:fdur...@inverse.ca> >> Objet : RE: [PacketFence-users] VLANs assignation for HP Procurve 2824 switch >> >> Hello, >> >> Theoretically, there are 2 VLANs on the switch. >> I followed the Network Devices Configuration Guide to configure my switch, >> the HP ProCurve 2500 Series chapter. >> >> On PacketFence, I linked my AD and added my switch. I created a connection >> profile saying that if the device that plugs into my switch was part of the >> AD, it would be on VLAN 1, and if it wasn't, it would be on VLAN 2. >> >> But there is no indication that it works. >> >> Is what I did theoretically correct? >> >> De : Durand fabrice via PacketFence-users >> <packetfence-users@lists.sourceforge.net >> <mailto:packetfence-users@lists.sourceforge.net>> >> Envoyé : mardi, 9 mars 2021 02:53 >> À : packetfence-users@lists.sourceforge.net >> <mailto:packetfence-users@lists.sourceforge.net> >> Cc : Durand fabrice <fdur...@inverse.ca <mailto:fdur...@inverse.ca>> >> Objet : Re: [PacketFence-users] VLANs assignation for HP Procurve 2824 switch >> >> Hello Robin, >> what is the configuration you applied on the switch ? >> What have been done on the packetfence side ? >> Do you have any logs ? >> Regards >> Fabrice >> >> >> Le 21-03-08 à 10 h 15, Robin Cortat via PacketFence-users a écrit : >> Hello, >> >> I use an HP ProCurve 2824 switch, and the only thing I would like to do with >> PacketFence is to assign VLANs to devices that would connect to the switch >> based on authentication rules. >> >> Unfortunately, after hours and hours of reading documentation and testing, I >> did not get what I wanted. Isn't there a simple way to achieve this solution? >> >> Thank you very much for your answer. >> >> >> >> >> >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> <mailto:PacketFence-users@lists.sourceforge.net> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>_______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
