It says that the CLI Radius login is not permitted, did you check the box on the switch config in PF ?
Thanks, Ludovic Zammit Product Support Engineer Principal Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Jun 3, 2021, at 11:27 AM, Ezeh Victor <vickeyzed...@gmail.com> wrote: > > Hi Ludovic, > > Kindly find errors below; > > Packetfence.log: packetfence_httpd.aaa: httpd.aaa(10470) WARN: > [mac:a8:51:5b:c8:3f:67] CLI Access is not permit on this switch 172.29.1.16 > (pf::radius::switch_access) > <image.png> > > Radius.log: > Jun 3 16:11:56 IKJDC-PRD-PKF01 auth[12075]: (1286075) rest: ERROR: Server > returned: > Jun 3 16:11:56 IKJDC-PRD-PKF01 auth[12075]: (1286075) rest: ERROR: > {"control:PacketFence-Authorization-Status":"allow","Reply-Message":"CLI or > VPN Access is not allo > wed by PacketFence on this switch"} > Jun 3 16:11:56 IKJDC-PRD-PKF01 auth[12075]: [mac:] Rejected user: ciscopi > Jun 3 16:11:56 IKJDC-PRD-PKF01 auth[12075]: (1286075) Rejected in post-auth: > [ciscopi] (from client 172.29.1.16/32 > <https://urldefense.com/v3/__http://172.29.1.16/32__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3fWyaHsMg$> > port 1) > <image.png> > > > From the radius logs, it seems the switch is not accepting access via CLI and > it needs to be enabled from Packetfence. > > I have reviewed the configuration on the switch section in PacketFence and > also added the credentials for login to the CLI tab and yet I receive the > same error message. > > On Wed, 2 Jun 2021 at 19:07, Zammit, Ludovic <luza...@akamai.com > <mailto:luza...@akamai.com>> wrote: > Hello Victor, > > It’s probably an authentication issue, check in the radius.log and > packetfence.log for errors. > > The password need to be sent in clear from the switch to PF. > > Thanks, > > Ludovic Zammit > Product Support Engineer Principal > > Cell: +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com/> > <http://blogs.akamai.com/> > <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3cZeoA23A$> > > <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3dO9Maypw$> > > <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3dguSc2cg$> > > <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3dItV6Kog$> > >> On Jun 2, 2021, at 11:50 AM, Ezeh Victor <vickeyzed...@gmail.com >> <mailto:vickeyzed...@gmail.com>> wrote: >> >> Hi, >> >> Thank you for your email. >> >> I tried out that command and retried access but this is the error I received; >> >> <image.png> >> >> The ciscopi account is a locally created account on PacketFence with an >> action set to Admin Role CLI Switches that was created within Admin Access - >> (CLI Read and CLI Write). >> >> Does the software image running on the switch also affect this funtion? >> >> On Wed, 2 Jun 2021 at 11:46, Quiniou-Briand, Nicolas <nquin...@akamai.com >> <mailto:nquin...@akamai.com>> wrote: >> Hello, >> >> >> >> Could you try to add following commands in switch configuration: >> >> >> >> #v+ >> >> conf t >> >> aaa authorization exec default group packetfence local >> >> #v- >> >> >> >> I recently worked with Cisco IOS XE Software, Version 16.09.05 and this step >> was mandatory. >> >> Without this line, it was possible to connect to switch but user get >> privilege 1. If you try to use “enable”, it doesn’t work. >> >> >> >> Nicolas Quiniou-Briand >> Product Support Engineer >> >> <image001.png> >> >> Office: +33156696210 >> >> Akamai Technologies >> 145 Broadway >> Cambridge, MA 02142 >> >> Connect with Us: >> >> <image002.jpg> <https://community.akamai.com/> <image003.png> >> <http://blogs.akamai.com/> <image004.png> >> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsonEWpNFQ$> >> <image005.png> >> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsoPTpAoDA$> >> <image006.png> >> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsqZZ_gRXg$> >> <image007.png> >> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsrplQlfuA$> >> >> >> >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
