I tried with an other switch (Cisco SMB) and this worked so I think that this is a switch problem. Maybe this is because it is a virtualized switch.
On Sun, Apr 24, 2022 at 7:15 PM José Ramos <joseramosdeoli...@gmail.com> wrote: > Here is the switch configuration (testing so almost empty :)) > *aaa new-model* > *!* > *!* > *aaa group server radius packetfence* > * server 192.168.1.100 auth-port 1812 acct-port 1813* > *!* > *aaa authentication login default local* > *aaa authentication dot1x default group packetfence* > *aaa authorization network default group packetfence* > *!* > *!* > *!* > *!* > *aaa server radius dynamic-author* > * client 192.168.1.100 server-key xxxxx* > * port 3799* > *!* > *aaa session-id common* > *no ip icmp rate-limit unreachable* > *!* > *ip cef* > *!* > *!* > *no ip domain-lookup* > *no ipv6 cef* > *ipv6 multicast rpf use-bgp* > *!* > *!* > *dot1x system-auth-control* > *!* > *!* > *!* > *!* > *!* > *spanning-tree mode pvst* > *spanning-tree extend system-id* > *!* > *!* > *!* > *!* > *vlan internal allocation policy ascending* > *!* > *ip tcp synwait-time 5* > *!* > *!* > *!* > *!* > *!* > *!* > *!* > *!* > *!* > *interface Ethernet0/0* > * switchport trunk encapsulation dot1q* > * switchport mode trunk* > * duplex auto* > *!* > *interface Ethernet0/1* > * duplex auto* > *!* > *interface Ethernet0/2* > * switchport mode access* > * duplex auto* > * authentication order mab dot1x* > * authentication priority mab dot1x* > * authentication port-control auto* > * authentication periodic* > * authentication timer restart 10800* > * authentication timer reauthenticate 10800* > * mab* > * no snmp trap link-status* > * dot1x pae authenticator* > * dot1x timeout quiet-period 10* > * dot1x timeout tx-period 10* > *!* > *interface Ethernet0/3* > * duplex auto* > *!* > *interface Ethernet1/0* > * duplex auto* > *!* > *interface Ethernet1/1* > * duplex auto* > *!* > *interface Ethernet1/2* > * duplex auto* > *!* > *interface Ethernet1/3* > * duplex auto* > *!* > *interface Ethernet2/0* > * duplex auto* > *!* > *interface Ethernet2/1* > * duplex auto* > *!* > *interface Ethernet2/2* > * duplex auto* > *!* > *interface Ethernet2/3* > * duplex auto* > *!* > *interface Ethernet3/0* > * duplex auto* > *!* > *interface Ethernet3/1* > * duplex auto* > *!* > *interface Ethernet3/2* > * duplex auto* > *!* > *interface Ethernet3/3* > * duplex auto* > *!* > *interface Vlan1* > * ip address 192.168.10.10 255.255.255.0* > *!* > *interface Vlan20* > * no ip address* > * ip helper-address 192.168.1.100* > * shutdown* > *!* > *!* > *no ip http server* > *!* > *ip route 0.0.0.0 0.0.0.0 192.168.10.254* > *!* > *!* > *!* > *snmp-server community public RO* > *snmp-server community private RW* > *!* > *radius-server host 192.168.1.100 auth-port 1812 acct-port 1813 timeout 2 > key xxxxx* > *radius-server vsa send authentication* > *!* > *!* > *control-plane* > *!* > *!* > *line con 0* > * exec-timeout 0 0* > * privilege level 15* > * logging synchronous* > *line aux 0* > * exec-timeout 0 0* > * privilege level 15* > * logging synchronous* > *line vty 0 4* > *!* > *end* > > > On Sun, Apr 24, 2022 at 2:11 PM rein--- via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > >> please paste your config on the switchport and the general settings on >> the switch. >> >> you can also use the log (sh log) to see what happens when you plug in >> something in the switch. >> >> April 21, 2022 8:30 AM, "José Ramos via PacketFence-users" < >> packetfence-users@lists.sourceforge.net >> <packetfence-users@lists.sourceforge.net?to=%22jos%c3%a9%20ramos%20via%20packetfence-users%22%20%3cpacketfence-us...@lists.sourceforge.net%3E>> >> wrote: >> >> Hello dear PacketFence users and developers ! >> I have successfully configured PacketFence with 802.1x (PF directly >> connected on the switch to manage). >> But I can't figure out how to to MAC authentication. I have enabled MAB >> on my Cisco switch and registered the MAC address in the node tab. But >> nothing happens when I connect the device. I'm not put in the >> registration/isolation vlan and have no access to corporate network (which >> is logical since I enabled MAB). >> Can someone help me pls ? >> Thank you in advance ! >> José Ramos. >> >> >> >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
