Hello everyone, the DACL was not sent to the switch because this feature require the SNMP seems to require the SNMP access. I dont know if PF need to access in read-only to the switch or if is also required the write access. I'm in a testing environement and i will find out.
ML Il giorno gio 16 mar 2023 alle ore 15:29 sgiops sgiops <thesgi...@gmail.com> ha scritto: > Hello, > > I was using the Standard Cisco switch (template based). > > Mirko > > Il giorno gio 16 mar 2023 alle ore 15:20 sgiops sgiops < > thesgi...@gmail.com> ha scritto: > >> Hello Fabrice, >> >> with the Catalyst_2960 user does not authenticate anymore: >> From the auditing page i can grab this messages: >> >> Module-Failure-Message = "rest: Request failed: 28 - Timeout was reached" >> Module-Failure-Message = "rest: Server returned no data" >> >> >> >> Il giorno gio 16 mar 2023 alle ore 14:56 Fabrice Durand via >> PacketFence-users <packetfence-users@lists.sourceforge.net> ha scritto: >> >>> Hello Mirko, >>> >>> what switch module are you using in PacketFence for this switch ? >>> Can you try the Catalyst_2960 ? >>> >>> Regards >>> Fabrice >>> >>> >>> Le jeu. 16 mars 2023 à 09:02, sgiops sgiops via PacketFence-users < >>> packetfence-users@lists.sourceforge.net> a écrit : >>> >>>> Just upgraded to 12.2 (i was on 12.1) but when i try to save teh switch >>>> role configuration i obtain the following error messages: >>>> >>>> "Unable to validate" >>>> "AccessListMapping.0.accesslist: ACLs not supported for switch" >>>> >>>> Any hint? >>>> >>>> Mirko >>>> >>>> >>>> >>>> Il giorno gio 16 mar 2023 alle ore 09:27 sgiops sgiops < >>>> thesgi...@gmail.com> ha scritto: >>>> >>>>> Hi all, >>>>> >>>>> i'm experiencing problems with DACL in my testing environment. I >>>>> defined the access list in Configuration -> Switches -> "my switch" -> >>>>> Role >>>>> mapping by Access List. >>>>> The test access list mapped to the role is: >>>>> >>>>> deny tcp any 192.168.5.0 255.255.255.0 >>>>> permit ip any any >>>>> >>>>> The authentication and the role mapping work well, the switch port is >>>>> correctly moved to the right vlan but no access list is applied to that >>>>> port. >>>>> >>>>> the testing switch is a Cisco C1000-8T-2G-L witch the ios >>>>> version 15.2(7)E4. The device tracking is enabled by default and is is >>>>> working. >>>>> >>>>> The switch port is configured as following: >>>>> switchport mode access >>>>> authentication order dot1x mab >>>>> authentication priority dot1x mab >>>>> authentication port-control auto >>>>> authentication periodic >>>>> authentication timer reauthenticate 7200 >>>>> authentication timer restart 10800 >>>>> authentication violation replace >>>>> mab >>>>> no snmp trap link-status >>>>> dot1x pae authenticator >>>>> dot1x timeout quiet-period 2 >>>>> dot1x timeout tx-period 3 >>>>> >>>>> Could you please help me to trtoubleshoot and address this problem? >>>>> >>>>> Thanks >>>>> >>>>> Mirko >>>>> >>>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> PacketFence-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> PacketFence-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >>
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
