Hi Ludovic,
Kindly find errors below;
Packetfence.log: *packetfence_httpd.aaa: httpd.aaa(10470) WARN:
[mac:a8:51:5b:c8:3f:67] CLI Access is not permit on this switch 172.29.1.16
(pf::radius::switch_access)*
[image: image.png]
Radius.log:
*Jun 3 16:11:56 IKJDC-PRD-PKF01 auth[12075]: (1286075) rest: ERROR: Server
returned:*
*Jun 3 16:11:56 IKJDC-PRD-PKF01 auth[12075]: (1286075) rest: ERROR:
{"control:PacketFence-Authorization-Status":"allow","Reply-Message":"CLI or
VPN Access is not allowed by PacketFence on this switch"}Jun 3 16:11:56
IKJDC-PRD-PKF01 auth[12075]: [mac:] Rejected user: ciscopiJun 3 16:11:56
IKJDC-PRD-PKF01 auth[12075]: (1286075) Rejected in post-auth: [ciscopi]
(from client 172.29.1.16/32 <http://172.29.1.16/32> port 1)*
[image: image.png]
>From the radius logs, it seems the switch is not accepting access via CLI
and it needs to be enabled from Packetfence.
I have reviewed the configuration on the switch section in PacketFence and
also added the credentials for login to the CLI tab and yet I receive the
same error message.
On Wed, 2 Jun 2021 at 19:07, Zammit, Ludovic <luza...@akamai.com> wrote:
> Hello Victor,
>
> It’s probably an authentication issue, check in the radius.log and
> packetfence.log for errors.
>
> The password need to be sent in clear from the switch to PF.
>
> Thanks,
>
> *Ludovic Zammit*
> *Product Support Engineer Principal*
> *Cell:* +1.613.670.8432
> Akamai Technologies - Inverse
> 145 Broadway
> Cambridge, MA 02142
> Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com>
> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies>
> <http://www.linkedin.com/company/akamai-technologies>
> <http://www.youtube.com/user/akamaitechnologies?feature=results_main>
>
> On Jun 2, 2021, at 11:50 AM, Ezeh Victor <vickeyzed...@gmail.com> wrote:
>
> Hi,
>
> Thank you for your email.
>
> I tried out that command and retried access but this is the error I
> received;
>
> <image.png>
>
> The ciscopi account is a locally created account on PacketFence with an
> action set to Admin Role *CLI Switches* that was created within Admin
> Access - (CLI Read and CLI Write).
>
> Does the software image running on the switch also affect this funtion?
>
> On Wed, 2 Jun 2021 at 11:46, Quiniou-Briand, Nicolas <nquin...@akamai.com>
> wrote:
>
>> Hello,
>>
>>
>>
>> Could you try to add following commands in switch configuration:
>>
>>
>>
>> #v+
>>
>> conf t
>>
>> aaa authorization exec default group packetfence local
>>
>> #v-
>>
>>
>>
>> I recently worked with Cisco IOS XE Software, Version 16.09.05 and this
>> step was mandatory.
>>
>> Without this line, it was possible to connect to switch but user get
>> privilege 1. If you try to use “enable”, it doesn’t work.
>>
>>
>>
>> *Nicolas Quiniou-Briand*
>> *Product Support Engineer*
>>
>> <image001.png>
>>
>> *Office:* +33156696210
>>
>> Akamai Technologies
>> 145 Broadway
>> Cambridge, MA 02142
>>
>> Connect with Us:
>>
>> <image002.jpg> <https://community.akamai.com/> <image003.png>
>> <http://blogs.akamai.com/> <image004.png>
>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsonEWpNFQ$>
>> <image005.png>
>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsoPTpAoDA$>
>> <image006.png>
>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsqZZ_gRXg$>
>> <image007.png>
>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsrplQlfuA$>
>>
>>
>>
>
>
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
