Hi all, I have been through this mailing trying to find if someone had this problem before, but I could not find anything similar.
I am trying to configure VLAN Enforcement with MAC address authentication: * I am using Cisco 2950 with PF 10 on Centos 7 * I have configured 4 networks: see network.conf attached * Management and Normal- default VLAN (1) * Registration - VLAN 2 * Isolation - VLAN 3 * MAC detection - VLAN 4 (no configured on PF, only on the router) * I have configured my router and PF can see and manage the VLANs. See my router config attached * I have manually registered a device on PF * I want to manually register devices and all registered devices should go to VLAN 1 (Normal and management) and unregistered devices to just sit in registration VLAN, and in future registered devices that does not meet the requirements to go to ISOLATION VLAN. My problem is that when I connect a device to port 16, it get stuck in VLAN 2 and it never gets moved to VLAN 1, which is my default VLAN, even though on PF the device is already registered. If I connect to any other port, it get moved to VLA 1 even if it's not registered. Regards,
pf.conf
Description: Binary data
networks.conf
Description: Binary data
switches.conf
Description: Binary data
Using 5300 out of 32768 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname S1 ! aaa new-model aaa group server radius packetfence server 172.16.251.1 auth-port 1812 acct-port 1813 ! aaa authentication login default local aaa authentication dot1x default group packetfence aaa authorization network default group packetfence aaa accounting dot1x default start-stop group packetfence enable secret 5 $1$mq9H$mLgrkBpmw/hdlot17LU/7/ enable password Passw0rd123 ! username admin privilege 15 password 0 P@ssw0rd123 ip subnet-zero ! ! spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! ! ! ! interface FastEthernet0/1 switchport trunk allowed vlan 1 switchport mode trunk dot1x port-control auto dot1x host-mode multi-host dot1x timeout quiet-period 2 dot1x timeout tx-period 3 dot1x reauthentication ! interface FastEthernet0/2 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/3 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/4 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/5 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/6 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/7 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/8 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/9 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/10 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/11 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/12 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/13 switchport access vlan 2 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/14 switchport access vlan 2 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/15 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/16 switchport access vlan 4 switchport mode access switchport port-security switchport port-security violation restrict switchport port-security mac-address 0200.0000.0016 snmp trap mac-notification added dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/17 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/18 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/19 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/20 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/21 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/22 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/23 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface FastEthernet0/24 switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address 172.16.251.2 255.255.255.0 no ip route-cache ! interface Vlan2 ip address 172.28.2.2 255.255.255.0 ip helper-address 172.28.2.1 no ip route-cache shutdown ! interface Vlan3 ip address 172.28.3.2 255.255.255.0 ip helper-address 172.28.3.1 no ip route-cache shutdown ! interface Vlan4 no ip address no ip route-cache shutdown ! ip default-gateway 192.168.1.1 ip http server snmp-server engineID local 123400000000000000000000 snmp-server community public RO snmp-server community private RW snmp-server enable traps snmp authentication linkdown linkup snmp-server enable traps port-security snmp-server enable traps port-security trap-rate 1 snmp-server enable traps MAC-Notification snmp-server host 172.16.251.1 public radius-server host 172.16.251.1 auth-port 1812 acct-port 1813 timeout 2 key useS trongerSecret radius-server retransmit 3 radius-server vsa send authentication ! line con 0 password P@ssw0rd123 line vty 0 4 password P@ssw0rd123 line vty 5 15 password P@ssw0rd123 !
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
