Hi Ludovic, Is there something else I should check to verify what the issue might be?
On Thu, 3 Jun 2021 at 23:50, Ezeh Victor <vickeyzed...@gmail.com> wrote: > Hi Ludovic, > > The switch was not added with /32 as seen below; > [image: image.png] > [image: image.png] > > Or what exactly is being referred to? > > On Thu, 3 Jun 2021 at 21:08, Zammit, Ludovic <luza...@akamai.com> wrote: > >> Don’t add your switch with /32, clone it and remove /32 and try again. >> >> Thanks, >> >> *Ludovic Zammit* >> *Product Support Engineer Principal* >> *Cell:* +1.613.670.8432 >> Akamai Technologies - Inverse >> 145 Broadway >> Cambridge, MA 02142 >> Connect with Us: <https://community.akamai.com> <http://blogs.akamai.com> >> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> >> <http://www.linkedin.com/company/akamai-technologies> >> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> >> >> On Jun 3, 2021, at 12:16 PM, Ezeh Victor <vickeyzed...@gmail.com> wrote: >> >> Hi Ludovic, >> >> That feature is now turned on as seen below; >> <image.png> >> >> httpd.aaa and radiusd-auth services were restarted after this >> >> But the error still persists but with a different log message: >> >> >> *Jun 3 17:10:55 IKJDC-PRD-PKF01 auth[12075]: [mac:] Rejected user: >> ciscopiJun 3 17:10:55 IKJDC-PRD-PKF01 auth[12075]: (1290157) Rejected in >> post-auth: [ciscopi] (from client 172.29.1.16/32 >> <https://urldefense.com/v3/__http://172.29.1.16/32__;!!GjvTz_vk!ABP6xJ_ORORRZQcQvDk11-8j2qlOKG3QFWJKt0PrunEwkdA2J6CnVWhKfD_IBw$> >> port 1)Jun 3 17:10:55 IKJDC-PRD-PKF01 auth[12075]: (1290157) Login >> incorrect (rest: Server returned:): [ciscopi] (from client 172.29.1.16/32 >> <https://urldefense.com/v3/__http://172.29.1.16/32__;!!GjvTz_vk!ABP6xJ_ORORRZQcQvDk11-8j2qlOKG3QFWJKt0PrunEwkdA2J6CnVWhKfD_IBw$> >> port 1)* >> >> >> On Thu, 3 Jun 2021 at 17:03, Zammit, Ludovic <luza...@akamai.com> wrote: >> >>> It says that the CLI Radius login is not permitted, did you check the >>> box on the switch config in PF ? >>> >>> <PastedGraphic-4.tiff> >>> >>> Thanks, >>> >>> *Ludovic Zammit* >>> *Product Support Engineer Principal* >>> *Cell:* +1.613.670.8432 >>> Akamai Technologies - Inverse >>> 145 Broadway >>> Cambridge, MA 02142 >>> Connect with Us: <https://community.akamai.com/> >>> <http://blogs.akamai.com/> >>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!ABP6xJ_ORORRZQcQvDk11-8j2qlOKG3QFWJKt0PrunEwkdA2J6CnVWhRP_okcg$> >>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!ABP6xJ_ORORRZQcQvDk11-8j2qlOKG3QFWJKt0PrunEwkdA2J6CnVWgD_Sro-w$> >>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!ABP6xJ_ORORRZQcQvDk11-8j2qlOKG3QFWJKt0PrunEwkdA2J6CnVWgkxfneBA$> >>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!ABP6xJ_ORORRZQcQvDk11-8j2qlOKG3QFWJKt0PrunEwkdA2J6CnVWgMOOHD4w$> >>> >>> On Jun 3, 2021, at 11:27 AM, Ezeh Victor <vickeyzed...@gmail.com> wrote: >>> >>> Hi Ludovic, >>> >>> Kindly find errors below; >>> >>> Packetfence.log: *packetfence_httpd.aaa: httpd.aaa(10470) WARN: >>> [mac:a8:51:5b:c8:3f:67] CLI Access is not permit on this switch 172.29.1.16 >>> (pf::radius::switch_access)* >>> <image.png> >>> >>> Radius.log: >>> *Jun 3 16:11:56 IKJDC-PRD-PKF01 auth[12075]: (1286075) rest: ERROR: >>> Server returned:* >>> >>> >>> >>> *Jun 3 16:11:56 IKJDC-PRD-PKF01 auth[12075]: (1286075) rest: ERROR: >>> {"control:PacketFence-Authorization-Status":"allow","Reply-Message":"CLI or >>> VPN Access is not allowed by PacketFence on this switch"}Jun 3 16:11:56 >>> IKJDC-PRD-PKF01 auth[12075]: [mac:] Rejected user: ciscopiJun 3 16:11:56 >>> IKJDC-PRD-PKF01 auth[12075]: (1286075) Rejected in post-auth: [ciscopi] >>> (from client 172.29.1.16/32 >>> <https://urldefense.com/v3/__http://172.29.1.16/32__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3fWyaHsMg$> >>> port 1)* >>> <image.png> >>> >>> >>> From the radius logs, it seems the switch is not accepting access via >>> CLI and it needs to be enabled from Packetfence. >>> >>> I have reviewed the configuration on the switch section in PacketFence >>> and also added the credentials for login to the CLI tab and yet I receive >>> the same error message. >>> >>> On Wed, 2 Jun 2021 at 19:07, Zammit, Ludovic <luza...@akamai.com> wrote: >>> >>>> Hello Victor, >>>> >>>> It’s probably an authentication issue, check in the radius.log and >>>> packetfence.log for errors. >>>> >>>> The password need to be sent in clear from the switch to PF. >>>> >>>> Thanks, >>>> >>>> *Ludovic Zammit* >>>> *Product Support Engineer Principal* >>>> *Cell:* +1.613.670.8432 >>>> Akamai Technologies - Inverse >>>> 145 Broadway >>>> Cambridge, MA 02142 >>>> Connect with Us: <https://community.akamai.com/> >>>> <http://blogs.akamai.com/> >>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3cZeoA23A$> >>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3dO9Maypw$> >>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3dguSc2cg$> >>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3dItV6Kog$> >>>> >>>> On Jun 2, 2021, at 11:50 AM, Ezeh Victor <vickeyzed...@gmail.com> >>>> wrote: >>>> >>>> Hi, >>>> >>>> Thank you for your email. >>>> >>>> I tried out that command and retried access but this is the error I >>>> received; >>>> >>>> <image.png> >>>> >>>> The ciscopi account is a locally created account on PacketFence with an >>>> action set to Admin Role *CLI Switches* that was created within Admin >>>> Access - (CLI Read and CLI Write). >>>> >>>> Does the software image running on the switch also affect this funtion? >>>> >>>> On Wed, 2 Jun 2021 at 11:46, Quiniou-Briand, Nicolas < >>>> nquin...@akamai.com> wrote: >>>> >>>>> Hello, >>>>> >>>>> >>>>> >>>>> Could you try to add following commands in switch configuration: >>>>> >>>>> >>>>> >>>>> #v+ >>>>> >>>>> conf t >>>>> >>>>> aaa authorization exec default group packetfence local >>>>> >>>>> #v- >>>>> >>>>> >>>>> >>>>> I recently worked with Cisco IOS XE Software, Version 16.09.05 and >>>>> this step was mandatory. >>>>> >>>>> Without this line, it was possible to connect to switch but user get >>>>> privilege 1. If you try to use “enable”, it doesn’t work. >>>>> >>>>> >>>>> >>>>> *Nicolas Quiniou-Briand* >>>>> *Product Support Engineer* >>>>> >>>>> <image001.png> >>>>> >>>>> *Office:* +33156696210 >>>>> >>>>> Akamai Technologies >>>>> 145 Broadway >>>>> Cambridge, MA 02142 >>>>> >>>>> Connect with Us: >>>>> >>>>> <image002.jpg> <https://community.akamai.com/> <image003.png> >>>>> <http://blogs.akamai.com/> <image004.png> >>>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsonEWpNFQ$> >>>>> <image005.png> >>>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsoPTpAoDA$> >>>>> <image006.png> >>>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsqZZ_gRXg$> >>>>> <image007.png> >>>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsrplQlfuA$> >>>>> >>>>> >>>>> >>>> >>>> >>> >>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
