Did you re-add your switch without the /32? Give me the output of:
mysql -p -upf pf -e "select nasname from radius_nas” Thanks, Ludovic Zammit Product Support Engineer Principal Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Jun 7, 2021, at 11:08 AM, Ezeh Victor <vickeyzed...@gmail.com> wrote: > > Hi Ludovic, > > Is there something else I should check to verify what the issue might be? > > On Thu, 3 Jun 2021 at 23:50, Ezeh Victor <vickeyzed...@gmail.com > <mailto:vickeyzed...@gmail.com>> wrote: > Hi Ludovic, > > The switch was not added with /32 as seen below; > <image.png> > <image.png> > > Or what exactly is being referred to? > > On Thu, 3 Jun 2021 at 21:08, Zammit, Ludovic <luza...@akamai.com > <mailto:luza...@akamai.com>> wrote: > Don’t add your switch with /32, clone it and remove /32 and try again. > > Thanks, > > Ludovic Zammit > Product Support Engineer Principal > > Cell: +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com/> > <http://blogs.akamai.com/> > <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!Ab7bS5waU-yBD_81an-f5r1xInpdK81FU-On9Tk_uGVV_mSENMBXgZA4OAeoUg$> > > <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!Ab7bS5waU-yBD_81an-f5r1xInpdK81FU-On9Tk_uGVV_mSENMBXgZCIgejhbw$> > > <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!Ab7bS5waU-yBD_81an-f5r1xInpdK81FU-On9Tk_uGVV_mSENMBXgZBu520SBw$> > > <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!Ab7bS5waU-yBD_81an-f5r1xInpdK81FU-On9Tk_uGVV_mSENMBXgZBlQ9xcPw$> > >> On Jun 3, 2021, at 12:16 PM, Ezeh Victor <vickeyzed...@gmail.com >> <mailto:vickeyzed...@gmail.com>> wrote: >> >> Hi Ludovic, >> >> That feature is now turned on as seen below; >> <image.png> >> >> httpd.aaa and radiusd-auth services were restarted after this >> >> But the error still persists but with a different log message: >> Jun 3 17:10:55 IKJDC-PRD-PKF01 auth[12075]: [mac:] Rejected user: ciscopi >> Jun 3 17:10:55 IKJDC-PRD-PKF01 auth[12075]: (1290157) Rejected in >> post-auth: [ciscopi] (from client 172.29.1.16/32 >> <https://urldefense.com/v3/__http://172.29.1.16/32__;!!GjvTz_vk!ABP6xJ_ORORRZQcQvDk11-8j2qlOKG3QFWJKt0PrunEwkdA2J6CnVWhKfD_IBw$> >> port 1) >> Jun 3 17:10:55 IKJDC-PRD-PKF01 auth[12075]: (1290157) Login incorrect >> (rest: Server returned:): [ciscopi] (from client 172.29.1.16/32 >> <https://urldefense.com/v3/__http://172.29.1.16/32__;!!GjvTz_vk!ABP6xJ_ORORRZQcQvDk11-8j2qlOKG3QFWJKt0PrunEwkdA2J6CnVWhKfD_IBw$> >> port 1) >> >> >> On Thu, 3 Jun 2021 at 17:03, Zammit, Ludovic <luza...@akamai.com >> <mailto:luza...@akamai.com>> wrote: >> It says that the CLI Radius login is not permitted, did you check the box on >> the switch config in PF ? >> >> <PastedGraphic-4.tiff> >> >> Thanks, >> >> Ludovic Zammit >> Product Support Engineer Principal >> >> Cell: +1.613.670.8432 >> Akamai Technologies - Inverse >> 145 Broadway >> Cambridge, MA 02142 >> Connect with Us: <https://community.akamai.com/> >> <http://blogs.akamai.com/> >> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!ABP6xJ_ORORRZQcQvDk11-8j2qlOKG3QFWJKt0PrunEwkdA2J6CnVWhRP_okcg$> >> >> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!ABP6xJ_ORORRZQcQvDk11-8j2qlOKG3QFWJKt0PrunEwkdA2J6CnVWgD_Sro-w$> >> >> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!ABP6xJ_ORORRZQcQvDk11-8j2qlOKG3QFWJKt0PrunEwkdA2J6CnVWgkxfneBA$> >> >> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!ABP6xJ_ORORRZQcQvDk11-8j2qlOKG3QFWJKt0PrunEwkdA2J6CnVWgMOOHD4w$> >> >>> On Jun 3, 2021, at 11:27 AM, Ezeh Victor <vickeyzed...@gmail.com >>> <mailto:vickeyzed...@gmail.com>> wrote: >>> >>> Hi Ludovic, >>> >>> Kindly find errors below; >>> >>> Packetfence.log: packetfence_httpd.aaa: httpd.aaa(10470) WARN: >>> [mac:a8:51:5b:c8:3f:67] CLI Access is not permit on this switch 172.29.1.16 >>> (pf::radius::switch_access) >>> <image.png> >>> >>> Radius.log: >>> Jun 3 16:11:56 IKJDC-PRD-PKF01 auth[12075]: (1286075) rest: ERROR: Server >>> returned: >>> Jun 3 16:11:56 IKJDC-PRD-PKF01 auth[12075]: (1286075) rest: ERROR: >>> {"control:PacketFence-Authorization-Status":"allow","Reply-Message":"CLI or >>> VPN Access is not allo >>> wed by PacketFence on this switch"} >>> Jun 3 16:11:56 IKJDC-PRD-PKF01 auth[12075]: [mac:] Rejected user: ciscopi >>> Jun 3 16:11:56 IKJDC-PRD-PKF01 auth[12075]: (1286075) Rejected in >>> post-auth: [ciscopi] (from client 172.29.1.16/32 >>> <https://urldefense.com/v3/__http://172.29.1.16/32__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3fWyaHsMg$> >>> port 1) >>> <image.png> >>> >>> >>> From the radius logs, it seems the switch is not accepting access via CLI >>> and it needs to be enabled from Packetfence. >>> >>> I have reviewed the configuration on the switch section in PacketFence and >>> also added the credentials for login to the CLI tab and yet I receive the >>> same error message. >>> >>> On Wed, 2 Jun 2021 at 19:07, Zammit, Ludovic <luza...@akamai.com >>> <mailto:luza...@akamai.com>> wrote: >>> Hello Victor, >>> >>> It’s probably an authentication issue, check in the radius.log and >>> packetfence.log for errors. >>> >>> The password need to be sent in clear from the switch to PF. >>> >>> Thanks, >>> >>> Ludovic Zammit >>> Product Support Engineer Principal >>> >>> Cell: +1.613.670.8432 >>> Akamai Technologies - Inverse >>> 145 Broadway >>> Cambridge, MA 02142 >>> Connect with Us: <https://community.akamai.com/> >>> <http://blogs.akamai.com/> >>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3cZeoA23A$> >>> >>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3dO9Maypw$> >>> >>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3dguSc2cg$> >>> >>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!GSKYmLR2pndwTcTNvoM4939F7-2D21WD6V-lOVsf2R1oqIU8cT7Qr3dItV6Kog$> >>> >>>> On Jun 2, 2021, at 11:50 AM, Ezeh Victor <vickeyzed...@gmail.com >>>> <mailto:vickeyzed...@gmail.com>> wrote: >>>> >>>> Hi, >>>> >>>> Thank you for your email. >>>> >>>> I tried out that command and retried access but this is the error I >>>> received; >>>> >>>> <image.png> >>>> >>>> The ciscopi account is a locally created account on PacketFence with an >>>> action set to Admin Role CLI Switches that was created within Admin Access >>>> - (CLI Read and CLI Write). >>>> >>>> Does the software image running on the switch also affect this funtion? >>>> >>>> On Wed, 2 Jun 2021 at 11:46, Quiniou-Briand, Nicolas <nquin...@akamai.com >>>> <mailto:nquin...@akamai.com>> wrote: >>>> Hello, >>>> >>>> >>>> >>>> Could you try to add following commands in switch configuration: >>>> >>>> >>>> >>>> #v+ >>>> >>>> conf t >>>> >>>> aaa authorization exec default group packetfence local >>>> >>>> #v- >>>> >>>> >>>> >>>> I recently worked with Cisco IOS XE Software, Version 16.09.05 and this >>>> step was mandatory. >>>> >>>> Without this line, it was possible to connect to switch but user get >>>> privilege 1. If you try to use “enable”, it doesn’t work. >>>> >>>> >>>> >>>> Nicolas Quiniou-Briand >>>> Product Support Engineer >>>> >>>> <image001.png> >>>> >>>> Office: +33156696210 >>>> >>>> Akamai Technologies >>>> 145 Broadway >>>> Cambridge, MA 02142 >>>> >>>> Connect with Us: >>>> >>>> <image002.jpg> <https://community.akamai.com/> <image003.png> >>>> <http://blogs.akamai.com/> <image004.png> >>>> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsonEWpNFQ$> >>>> <image005.png> >>>> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsoPTpAoDA$> >>>> <image006.png> >>>> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsqZZ_gRXg$> >>>> <image007.png> >>>> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!Gma_IAPl6qJeAvlr8GwY3vxTjN3I4UloaBaougPxCIcekFdN-OhAMsrplQlfuA$> >>>> >>>> >>>> >>> >> >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
