Check what it’s been authorized for on the switch. I had a similar issue with my Extreme switches, where it would authorize them, but wouldn’t return a VLAN. I had to get clever with my interface tagging.
Good luck. Try this command: Show dot1x <brief | detailed> <interface interfaceName> I got this from here: https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/ref/command/show-dot1x-802-1x-ex-series.html Cheers, CHRIS CRAWFORD Network Analyst • Information Technology Services T 506 453-4695 C 506 260-8795 [University of New Brunswick] [Facebook]/uofnb<https://www.facebook.com/uofnb> [Twitter] @unb<https://twitter.com/UNB> [Instagram] @discoverunb<https://instagram.com/discoverunb/> UNB.ca<http://www.unb.ca/> Confidentiality Note: This email and the information contained in it is confidential, may be privileged and is intended for the exclusive use of the addressee(s). Any other person is strictly prohibited from using, disclosing, distributing or reproducing it. If you have received this communication in error, please reply by email to the sender and delete or destroy all copies of this message. From: Gianandrea Gobbo via PacketFence-users <packetfence-users@lists.sourceforge.net> Sent: Monday, November 29, 2021 12:32 PM To: packetfence-users@lists.sourceforge.net Cc: Gianandrea Gobbo <go...@solari.it> Subject: [PacketFence-users] Voip AND 802.1x on Juniper switches ❗External message: Use caution. We have set up packetfence but we still struggle with voip. That is we nicely get our phones to get LLDP parameters but it stucks when trying to connect to provided the voip server. The logs say: Nov 29 17:25:45 packetfence packetfence_httpd.aaa[274434]: httpd.aaa(1009) INFO: [mac:08:00:0f:e4:16:04] Found authentication source(s) : 'local,file1,solariAuthSource,solariAuthSource-Machine' for realm 'null' (pf::config::util::filter_authentication_sources) Nov 29 17:25:45 packetfence packetfence_httpd.aaa[274434]: httpd.aaa(1009) INFO: [mac:08:00:0f:e4:16:04] Connection type is MAC-AUTH. Getting role from node_info (pf::role::getRegisteredRole) Nov 29 17:25:45 packetfence packetfence_httpd.aaa[274434]: httpd.aaa(1009) INFO: [mac:08:00:0f:e4:16:04] Username was defined "08000fe41604" - returning role 'voice' (pf::role::getRegisteredRole) Nov 29 17:25:45 packetfence packetfence_httpd.aaa[274434]: httpd.aaa(1009) INFO: [mac:08:00:0f:e4:16:04] PID: "default", Status: reg Returned VLAN: (undefined), Role: voice (pf::role::fetchRoleForNode) Nov 29 17:25:45 packetfence packetfence_httpd.aaa[274434]: httpd.aaa(1009) INFO: [mac:08:00:0f:e4:16:04] (172.26.254.100) Added VLAN 8 to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) Nov 29 17:25:45 packetfence packetfence_httpd.aaa[274434]: httpd.aaa(1009) INFO: [mac:08:00:0f:e4:16:04] security_event 1300003 force-closed for 08:00:0f:e4:16:04 (pf::security_event::security_event_force_close) Nov 29 17:25:45 packetfence packetfence_httpd.aaa[274434]: httpd.aaa(1009) INFO: [mac:08:00:0f:e4:16:04] Instantiate profile default (pf::Connection::ProfileFactory::_from_profile) On the switch (Juniper EX2300) I can still see Interface Role State MAC address User ge-0/0/2.0 Authenticator Connecting 08:00:0F:E4:16:04 No User It looks like that no voip tagged packet get across the switch, that continues to try to authenticate via 802.1x. Any hint? Tanks a lot in advance, G
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
