Hello there, If your Radius audit log is empty it probably means that the radius authentication did not work properly or you are still cached from a previous authentication.
Can you provide the /usr/local/pf/logs/packetfence.log and the /usr/local/pf/logs/radius.log of the server that does the authentication ? Thanks, Ludovic Zammit Product Support Engineer Principal Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Jul 8, 2021, at 3:25 PM, Thapeli Matsabu <thap...@dataproof.co.za> wrote: > > Hi Ludovic, > Apologies for delayed response. Due to covid restrictions I am working from > home and my lab was still at the office. Today I went and got the equipment. > > My radius audit log is empty. What does that mean? > Radius CoA. Is this on the switch configuration? > > > > From: Zammit, Ludovic <luza...@akamai.com <mailto:luza...@akamai.com>> > Sent: 06 July 2021 02:41 PM > To: packetfence-users@lists.sourceforge.net > <mailto:packetfence-users@lists.sourceforge.net> > Cc: Thapeli Matsabu <thap...@dataproof.co.za <mailto:thap...@dataproof.co.za>> > Subject: Re: [PacketFence-users] VLAN Enforcement with MAC address > authentication > > Hello there, > > Multiple things that you can verify. > > 1. Make sure in Auditing that the radius reply for that Mac address contain > the Tunnel-Private-Group-Id = “1" > > 2. Re-check if the radius CoA is correctly configured to disconnect user > (radius dynamic authorization) > > 3. Show us your configuration / logs related to that authentication. > > Thanks, > > Ludovic Zammit > Product Support Engineer Principal > <~WRD0001.jpg> > Cell: +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: > <~WRD0001.jpg> <https://community.akamai.com/><~WRD0001.jpg> > <http://blogs.akamai.com/><~WRD0001.jpg> > <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!CzKvF6LHZ-ULrWu1EQAj8A4e-zOmElpAaiRlNcH4TpiafvtKJeTPrGgFsa0B5A$><~WRD0001.jpg> > > <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!CzKvF6LHZ-ULrWu1EQAj8A4e-zOmElpAaiRlNcH4TpiafvtKJeTPrGi_VB6f5w$><~WRD0001.jpg> > > <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!CzKvF6LHZ-ULrWu1EQAj8A4e-zOmElpAaiRlNcH4TpiafvtKJeTPrGhG6wwm0w$><~WRD0001.jpg> > > <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!CzKvF6LHZ-ULrWu1EQAj8A4e-zOmElpAaiRlNcH4TpiafvtKJeTPrGhWd5JvhA$> > > > >> On Jul 6, 2021, at 3:51 AM, Thapeli Matsabu via PacketFence-users >> <packetfence-users@lists.sourceforge.net >> <mailto:packetfence-users@lists.sourceforge.net>> wrote: >> >> Hi all, >> I have been through this mailing trying to find if someone had this problem >> before, but I could not find anything similar. >> >> I am trying to configure VLAN Enforcement with MAC address authentication: >> I am using Cisco 2950 with PF 10 on Centos 7 >> I have configured 4 networks: see network.conf attached >> Management and Normal– default VLAN (1) >> Registration – VLAN 2 >> Isolation – VLAN 3 >> MAC detection – VLAN 4 (no configured on PF, only on the router) >> I have configured my router and PF can see and manage the VLANs. See my >> router config attached >> I have manually registered a device on PF >> I want to manually register devices and all registered devices should go to >> VLAN 1 (Normal and management) and unregistered devices to just sit in >> registration VLAN, and in future registered devices that does not meet the >> requirements to go to ISOLATION VLAN. >> >> My problem is that when I connect a device to port 16, it get stuck in VLAN >> 2 and it never gets moved to VLAN 1, which is my default VLAN, even though >> on PF the device is already registered. If I connect to any other port, it >> get moved to VLA 1 even if it’s not registered. >> >> >> >> Regards, >> >> <image003.jpg> >> >> >> >> >> <pf.conf><networks.conf><switches.conf><cisco >> config.txt>_______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> <mailto:PacketFence-users@lists.sourceforge.net> >> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!ACAuMID8HF8M7MWrECip8SKCJsDnEDPVqDheOMjtajjM5b2OVVoVmgtKHao_CfOi$ >> >> <https://urldefense.com/v3/__https:/lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!ACAuMID8HF8M7MWrECip8SKCJsDnEDPVqDheOMjtajjM5b2OVVoVmgtKHao_CfOi$>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
