Here is the switch configuration (testing so almost empty :)) *aaa new-model* *!* *!* *aaa group server radius packetfence* * server 192.168.1.100 auth-port 1812 acct-port 1813* *!* *aaa authentication login default local* *aaa authentication dot1x default group packetfence* *aaa authorization network default group packetfence* *!* *!* *!* *!* *aaa server radius dynamic-author* * client 192.168.1.100 server-key xxxxx* * port 3799* *!* *aaa session-id common* *no ip icmp rate-limit unreachable* *!* *ip cef* *!* *!* *no ip domain-lookup* *no ipv6 cef* *ipv6 multicast rpf use-bgp* *!* *!* *dot1x system-auth-control* *!* *!* *!* *!* *!* *spanning-tree mode pvst* *spanning-tree extend system-id* *!* *!* *!* *!* *vlan internal allocation policy ascending* *!* *ip tcp synwait-time 5* *!* *!* *!* *!* *!* *!* *!* *!* *!* *interface Ethernet0/0* * switchport trunk encapsulation dot1q* * switchport mode trunk* * duplex auto* *!* *interface Ethernet0/1* * duplex auto* *!* *interface Ethernet0/2* * switchport mode access* * duplex auto* * authentication order mab dot1x* * authentication priority mab dot1x* * authentication port-control auto* * authentication periodic* * authentication timer restart 10800* * authentication timer reauthenticate 10800* * mab* * no snmp trap link-status* * dot1x pae authenticator* * dot1x timeout quiet-period 10* * dot1x timeout tx-period 10* *!* *interface Ethernet0/3* * duplex auto* *!* *interface Ethernet1/0* * duplex auto* *!* *interface Ethernet1/1* * duplex auto* *!* *interface Ethernet1/2* * duplex auto* *!* *interface Ethernet1/3* * duplex auto* *!* *interface Ethernet2/0* * duplex auto* *!* *interface Ethernet2/1* * duplex auto* *!* *interface Ethernet2/2* * duplex auto* *!* *interface Ethernet2/3* * duplex auto* *!* *interface Ethernet3/0* * duplex auto* *!* *interface Ethernet3/1* * duplex auto* *!* *interface Ethernet3/2* * duplex auto* *!* *interface Ethernet3/3* * duplex auto* *!* *interface Vlan1* * ip address 192.168.10.10 255.255.255.0* *!* *interface Vlan20* * no ip address* * ip helper-address 192.168.1.100* * shutdown* *!* *!* *no ip http server* *!* *ip route 0.0.0.0 0.0.0.0 192.168.10.254* *!* *!* *!* *snmp-server community public RO* *snmp-server community private RW* *!* *radius-server host 192.168.1.100 auth-port 1812 acct-port 1813 timeout 2 key xxxxx* *radius-server vsa send authentication* *!* *!* *control-plane* *!* *!* *line con 0* * exec-timeout 0 0* * privilege level 15* * logging synchronous* *line aux 0* * exec-timeout 0 0* * privilege level 15* * logging synchronous* *line vty 0 4* *!* *end*
On Sun, Apr 24, 2022 at 2:11 PM rein--- via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > please paste your config on the switchport and the general settings on the > switch. > > you can also use the log (sh log) to see what happens when you plug in > something in the switch. > > April 21, 2022 8:30 AM, "José Ramos via PacketFence-users" < > packetfence-users@lists.sourceforge.net > <packetfence-users@lists.sourceforge.net?to=%22jos%c3%a9%20ramos%20via%20packetfence-users%22%20%3cpacketfence-us...@lists.sourceforge.net%3E>> > wrote: > > Hello dear PacketFence users and developers ! > I have successfully configured PacketFence with 802.1x (PF directly > connected on the switch to manage). > But I can't figure out how to to MAC authentication. I have enabled MAB on > my Cisco switch and registered the MAC address in the node tab. But nothing > happens when I connect the device. I'm not put in the > registration/isolation vlan and have no access to corporate network (which > is logical since I enabled MAB). > Can someone help me pls ? > Thank you in advance ! > José Ramos. > > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
