Hi Ludovic,
Apologies for delayed response. Due to covid restrictions I am working from
home and my lab was still at the office. Today I went and got the equipment.
1. My radius audit log is empty. What does that mean?
2. Radius CoA. Is this on the switch configuration?
From: Zammit, Ludovic <luza...@akamai.com>
Sent: 06 July 2021 02:41 PM
To: packetfence-users@lists.sourceforge.net
Cc: Thapeli Matsabu <thap...@dataproof.co.za>
Subject: Re: [PacketFence-users] VLAN Enforcement with MAC address
authentication
Hello there,
Multiple things that you can verify.
1. Make sure in Auditing that the radius reply for that Mac address contain the
Tunnel-Private-Group-Id = “1"
2. Re-check if the radius CoA is correctly configured to disconnect user
(radius dynamic authorization)
3. Show us your configuration / logs related to that authentication.
Thanks,
Ludovic Zammit
Product Support Engineer Principal
Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:
<https://community.akamai.com/> <http://blogs.akamai.com/>
<https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies>
<http://www.linkedin.com/company/akamai-technologies>
<http://www.youtube.com/user/akamaitechnologies?feature=results_main>
On Jul 6, 2021, at 3:51 AM, Thapeli Matsabu via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net> > wrote:
Hi all,
I have been through this mailing trying to find if someone had this problem
before, but I could not find anything similar.
I am trying to configure VLAN Enforcement with MAC address authentication:
* I am using Cisco 2950 with PF 10 on Centos 7
* I have configured 4 networks: see network.conf attached
* Management and Normal– default VLAN (1)
* Registration – VLAN 2
* Isolation – VLAN 3
* MAC detection – VLAN 4 (no configured on PF, only on the router)
* I have configured my router and PF can see and manage the VLANs. See
my router config attached
* I have manually registered a device on PF
* I want to manually register devices and all registered devices should
go to VLAN 1 (Normal and management) and unregistered devices to just sit in
registration VLAN, and in future registered devices that does not meet the
requirements to go to ISOLATION VLAN.
My problem is that when I connect a device to port 16, it get stuck in VLAN 2
and it never gets moved to VLAN 1, which is my default VLAN, even though on PF
the device is already registered. If I connect to any other port, it get moved
to VLA 1 even if it’s not registered.
Regards,
<image003.jpg>
<pf.conf><networks.conf><switches.conf><cisco
config.txt>_______________________________________________
PacketFence-users mailing list
<mailto:PacketFence-users@lists.sourceforge.net>
PacketFence-users@lists.sourceforge.net
<https://urldefense.com/v3/__https:/lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!ACAuMID8HF8M7MWrECip8SKCJsDnEDPVqDheOMjtajjM5b2OVVoVmgtKHao_CfOi$>
https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!ACAuMID8HF8M7MWrECip8SKCJsDnEDPVqDheOMjtajjM5b2OVVoVmgtKHao_CfOi$
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
