Hi Ronaldo, On 20.10.25 14:25, Ronaldo Miranda Figueiredo via PacketFence-users wrote:
Hi, I have this situation: after the client enters the credential, packetfence changes the switch ports to the correct VLAN, but after loading the page, the client has the same IP address.
This is how Packetfence, switch and Client communicate to make the VLAN change possible and possibly tell the client to renew its IP via DHCP:
Packetfence <--- snmp, radius ---> switch <--- link up/down, 802.1x ---> client
To signal your client to get a new IP via dhcp the most simple way would be to set the link on the switch port for a short period of time to down and then to up again. The client will interpret this the same as being connected to a new network by pulling the cable and plugging it into a different socket. It will request a new address via dhcp.
To make the switch briefly disconnect the client there are two methods I know of: * a radius attribute in the CoA request send by Packetfence to the switch to change the VLAN ("Port Bounce") * use snmp to briefly configure the port to set its link down and then up again
Which method is used probably depends on the features the switch offers. If the switch offers to "port bounce" via a radius attribute send with the radius CoA I'd think this is the preferred method. If the switch doesn't offer the CoA "port bounce" feature the port still can be set down via snmp and up again.
I'd look at the switch documentation which radius CoA features are offered. On the network I'd look with radsniff which attributes are send. Using wireshark it is possible to debug any snmp problems and read the snmp traffic to check the usage of OIDs to set the interface link down and/or up.
Chris -- Packetfence Matrix Room https://matrix.to/#/%23packetfence:matrix.org _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
