Hi Ludovic, Apologies for delayed response. Due to covid restrictions I am working from home and my lab was still at the office. Today I went and got the equipment.
1. My radius audit log is empty. What does that mean? 2. Radius CoA. Is this on the switch configuration? From: Zammit, Ludovic <luza...@akamai.com> Sent: 06 July 2021 02:41 PM To: packetfence-users@lists.sourceforge.net Cc: Thapeli Matsabu <thap...@dataproof.co.za> Subject: Re: [PacketFence-users] VLAN Enforcement with MAC address authentication Hello there, Multiple things that you can verify. 1. Make sure in Auditing that the radius reply for that Mac address contain the Tunnel-Private-Group-Id = “1" 2. Re-check if the radius CoA is correctly configured to disconnect user (radius dynamic authorization) 3. Show us your configuration / logs related to that authentication. Thanks, Ludovic Zammit Product Support Engineer Principal Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> On Jul 6, 2021, at 3:51 AM, Thapeli Matsabu via PacketFence-users <packetfence-users@lists.sourceforge.net <mailto:packetfence-users@lists.sourceforge.net> > wrote: Hi all, I have been through this mailing trying to find if someone had this problem before, but I could not find anything similar. I am trying to configure VLAN Enforcement with MAC address authentication: * I am using Cisco 2950 with PF 10 on Centos 7 * I have configured 4 networks: see network.conf attached * Management and Normal– default VLAN (1) * Registration – VLAN 2 * Isolation – VLAN 3 * MAC detection – VLAN 4 (no configured on PF, only on the router) * I have configured my router and PF can see and manage the VLANs. See my router config attached * I have manually registered a device on PF * I want to manually register devices and all registered devices should go to VLAN 1 (Normal and management) and unregistered devices to just sit in registration VLAN, and in future registered devices that does not meet the requirements to go to ISOLATION VLAN. My problem is that when I connect a device to port 16, it get stuck in VLAN 2 and it never gets moved to VLAN 1, which is my default VLAN, even though on PF the device is already registered. If I connect to any other port, it get moved to VLA 1 even if it’s not registered. Regards, <image003.jpg> <pf.conf><networks.conf><switches.conf><cisco config.txt>_______________________________________________ PacketFence-users mailing list <mailto:PacketFence-users@lists.sourceforge.net> PacketFence-users@lists.sourceforge.net <https://urldefense.com/v3/__https:/lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!ACAuMID8HF8M7MWrECip8SKCJsDnEDPVqDheOMjtajjM5b2OVVoVmgtKHao_CfOi$> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!ACAuMID8HF8M7MWrECip8SKCJsDnEDPVqDheOMjtajjM5b2OVVoVmgtKHao_CfOi$
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users