Re: [PacketFence-users] Latest PacketFence and Cisco 3560 switch - ran into issue connecting to network after Authentication

Tue, 13 Sep 2022 11:35:16 -0700 

Thank you for responding.

>From switches.conf file

[192.168.125.60]
SNMPCommunityRead=public100
description=SW-3560
SNMPVersionTrap=2c
cliPwd=USA2022!@
group=default
SNMPCommunityTrap=public100
registrationVlan=120
SNMPCommunityWrite=public100
defaultVlan=1
deauthMethod=RADIUS
type=Cisco::Catalyst_3560
isolationVlan=121
radiusSecret=pf1234
SNMPVersion=2c
cliEnablePwd=USA2022!@
uplink=7,10
cliUser=admin
cliTransport=SSH
cliAccess=Y
mode=registration


Show Run on my Cisco 3560-C Switch


SW-3560#show run
Building configuration...

Current configuration : 4902 bytes
!
! Last configuration change at 21:21:01 UTC Sat Jan 14 2006 by admin
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW-3560
!
boot-start-marker
boot-end-marker
!
enable password USA2022!@
!
username admin privilege 15 secret 5 $1$ZynS$4msELl0UFKCVIIlXSyIQx1
username test privilege 15 password 0 test123
aaa new-model
!
!
aaa group server radius packetfence
server 192.168.125.91
!
aaa authentication login default local
aaa authentication dot1x default group packetfence
aaa authorization console
aaa authorization exec default group packetfence local
aaa authorization network default group packetfence
!
!
!
!
!
aaa server radius dynamic-author
client 192.168.125.91 server-key PF@1234
port 3799
!
aaa session-id common
system mtu routing 1500
!
!
!
!
!
!
!
authentication mac-move permit
!
!
crypto pki trustpoint TP-self-signed-3031636736
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3031636736
revocation-check none
rsakeypair TP-self-signed-3031636736
!
!
crypto pki certificate chain TP-self-signed-3031636736
certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33303331 36333637 3336301E 170D3036 30313032 30303031
  31325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30333136
  33363733 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BD94 500CE969 FA7F1CF1 A7CE0FCD 7A57BB27 44C5E61A A237DC1F 9094F156
  245F72AB 04C4F022 19429AB2 BD89E2A8 0B6DE2FB BFD4A836 08DDC2EA 33B77221
  8F8D04C4 C1269726 806A88F6 05AF825C 73FBB19C B037F598 F884F726 A4F673D9
  77975FF1 08FDB6F0 2D50B628 7E098B6E 96B00AA0 7D2FF4F5 2F6AC4FF 3DD7E415
  58CD0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 145C6D51 B641B343 56D3DB10 F123E2E4 2A1B3B15 E1301D06
  03551D0E 04160414 5C6D51B6 41B34356 D3DB10F1 23E2E42A 1B3B15E1 300D0609
  2A864886 F70D0101 05050003 818100AC CD1A39BE 224D16FB 4D111C70 A3C9815A
  DB72CE58 2DEAA8E2 D7758F24 2EA816A9 57E41C47 6CEB4F81 C7682E2D B70EC7AB
  C9A1B4C9 5129A3AA 6BC283BE A3D858C9 47FFB0EE D55A478F EE478A5E D1222F25
  F7DC2FC4 C80670F3 C875E4F9 2C0298EA D03ED1BF 2ED0E4E9 78E566A9 418FA09C
  EFEDE770 A65B9E3E 62329828 CFB9B2
        quit
dot1x system-auth-control
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
switchport mode access
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate 7200
authentication timer restart 10800
authentication violation replace
mab
no snmp trap link-status
dot1x pae authenticator
dot1x timeout quiet-period 2
dot1x timeout tx-period 3
!
interface FastEthernet0/3
switchport mode access
switchport port-security maximum 1 vlan access
switchport port-security violation  restrict
switchport port-security mac-address 0200.0001.0003
switchport port-security
authentication port-control auto
authentication periodic
authentication timer reauthenticate 7200
authentication timer restart 10800
authentication violation replace
mab
no snmp trap link-status
dot1x pae authenticator
dot1x timeout tx-period 5
!
interface FastEthernet0/4
!
interface FastEthernet0/5
switchport access vlan 120
switchport mode access
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.125.60 255.255.255.0
!
interface Vlan120
ip address 192.168.120.1 255.255.255.0
ip helper-address 192.168.120.2
!
interface Vlan121
ip address 192.168.121.1 255.255.255.0
ip helper-address 192.168.121.2
!
interface Vlan122
ip address 192.168.122.1 255.255.255.0
!
interface Vlan123
ip address 192.168.123.1 255.255.255.0
!
ip default-gateway 192.168.125.1
ip forward-protocol nd
ip http server
ip http secure-server
!
!
!
ip sla enable reaction-alerts
snmp-server community public RO
snmp-server community public100 RW
snmp-server enable traps port-security
snmp-server enable traps port-security trap-rate 1
snmp-server host 192.168.125.91 version 2c public100  port-security
!
!
radius server 192.168.125.91
address ipv4 192.168.125.91 auth-port 1812 acct-port 1813
automate-tester username admin ignore-acct-port
key pf1234
!
!
line con 0
line vty 5 15
!
!
end

SW-3560#


Thank you!


Damian

From: Fabrice Durand <oeufd...@gmail.com>
Sent: Tuesday, September 13, 2022 10:38 AM
To: packetfence-users@lists.sourceforge.net
Cc: Damian Mendoza <dam...@xvrsoftware.com>
Subject: Re: [PacketFence-users] Latest PacketFence and Cisco 3560 switch - ran 
into issue connecting to network after Authentication

Hello Damien,

it looks to be a deauth issue.
Can you paste the switches.conf (just the switch section you are testing with) 
and the show run on the switch itself ?

Regards
Fabrice


Le mar. 13 sept. 2022 à 13:35, Damian Mendoza via PacketFence-users 
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
 a écrit :

I added a Cisco switch 3560-C to new installation of Packetfence latest 
version, but it still shows unregistered node although packetfence authenticate 
it by radius server as shown in logs.


On the Windows 10 PC browser I login and username and password accepted"  -  
Browser shows attempting to connect to the network:

Error displayed:

"Unable to detect network connectivity -  IP address shows stuck in 
registration vlan.   -   Try restarting your web browser or opening a new tab 
to see if your access has been successfully enabled"


Any hints or ideas I can try?


Thanks,

Damian




_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fpacketfence-users&data=05%7C01%7Cdamian%40xvrsoftware.com%7C2c86c946cf394db7a32108da95aebf61%7Ce1263642e975473f9396009ee306171b%7C0%7C0%7C637986875020917468%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=r6tNJe365Ili0TKxVOrgezED0katVTcH6DT6uW83cQs%3D&reserved=0>

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to