Hello everyone ,
I'm currently testing packetfence for my company. I started with version 11.2 but I decided to upgrade to 12.2 because of an issue that I think prevented getting the captive portal to work in vlan enforcement mode (A guest computer placed in the registration VLAN was redirected to "packetfence.domain/captive-portal" that points to 66.70.255.147 but the page was loading indefinitely). The problem is that after the update I have the following error when trying to save ACLs for registration VLAN:
I'm currently testing packetfence for my company. I started with version 11.2 but I decided to upgrade to 12.2 because of an issue that I think prevented getting the captive portal to work in vlan enforcement mode (A guest computer placed in the registration VLAN was redirected to "packetfence.domain/captive-portal" that points to 66.70.255.147 but the page was loading indefinitely). The problem is that after the update I have the following error when trying to save ACLs for registration VLAN:
"AccessListMapping.0.accesslist: WARNING: Syntax error in ACL:packetfence, near: >in<.
config/switch/192.168.1.10"
I also had an AD authentication source for the domain computers that worked fine before the update, but stopped working now (Audit tab shows successfuls authentications, but the computers don't get internet access anymore).
Here is my switches.conf :
[default]
description=aruba sw
VlanMap=N
ExternalPortalEnforcement=Y
deauthOnPrevious=N
description=aruba sw
VlanMap=N
ExternalPortalEnforcement=Y
deauthOnPrevious=N
[192.168.1.10]
group=default
description=ARUBA 2930
wsPwd=xxxxxx
wsUser=xxxxxx
SNMPPrivProtocolWrite=md5
SNMPPrivProtocolRead=md5
SNMPAuthProtocolRead=md5
SNMPAuthProtocolWrite=md5
SNMPUserNameWrite=xxxxxx
SNMPVersion=3
SNMPUserNameRead=xxxxxx
SNMPAuthPasswordWrite=xxxxxx
SNMPAuthPasswordRead=xxxxxx
SNMPPrivPasswordRead=xxxxxx
SNMPPrivPasswordWrite=xxxxxx
SNMPEngineID=xxxxxx
SNMPPrivProtocolTrap=AES
SNMPUserNameTrap=xxxxxx
SNMPAuthProtocolTrap=md5
SNMPVersionTrap=3
SNMPAuthPasswordTrap=xxxxxx
SNMPPrivPasswordTrap=xxxxxx
guestVlan=10
defaultVlan=10
registrationVlan=20
type=Aruba::2930M
radiusSecret=xxxxxx
VlanMap=Y
coaPort=3799
isolationVlan=99
UserVlan=10
macDetectionVlan=20
ExternalPortalEnforcement=N
registrationUrl=http://192.168.1.4/Aruba::2930M
UrlMap=Y
AccessListMap=Y
group=default
description=ARUBA 2930
wsPwd=xxxxxx
wsUser=xxxxxx
SNMPPrivProtocolWrite=md5
SNMPPrivProtocolRead=md5
SNMPAuthProtocolRead=md5
SNMPAuthProtocolWrite=md5
SNMPUserNameWrite=xxxxxx
SNMPVersion=3
SNMPUserNameRead=xxxxxx
SNMPAuthPasswordWrite=xxxxxx
SNMPAuthPasswordRead=xxxxxx
SNMPPrivPasswordRead=xxxxxx
SNMPPrivPasswordWrite=xxxxxx
SNMPEngineID=xxxxxx
SNMPPrivProtocolTrap=AES
SNMPUserNameTrap=xxxxxx
SNMPAuthProtocolTrap=md5
SNMPVersionTrap=3
SNMPAuthPasswordTrap=xxxxxx
SNMPPrivPasswordTrap=xxxxxx
guestVlan=10
defaultVlan=10
registrationVlan=20
type=Aruba::2930M
radiusSecret=xxxxxx
VlanMap=Y
coaPort=3799
isolationVlan=99
UserVlan=10
macDetectionVlan=20
ExternalPortalEnforcement=N
registrationUrl=http://192.168.1.4/Aruba::2930M
UrlMap=Y
AccessListMap=Y
The ACLS that I try to save are the one from the Network Devices Configuration Guide for Aruba 2930 switch:
permit in tcp from any to 192.168.1.4 80
permit in tcp from any to 192.168.1.4 443
deny in tcp from any to any 80 cpy
deny in tcp from any to any 443 cpy
permit in udp from any to any 53
permit in udp from any to any 67
permit in tcp from any to 192.168.1.4 443
deny in tcp from any to any 80 cpy
deny in tcp from any to any 443 cpy
permit in udp from any to any 53
permit in udp from any to any 67
Any help would be really appreciated
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
