Hi All,
I have set up PF on a virtual machine whose OS is Centos and i have set
up a switch on GNS3 by using the image below :
i86bi-linux-l2-adventerprisek9-15.1a
This SW lets me do all the configurations mentioned on PacketFence
Out-of-Band Deployment Quick Guide. You can see the related
configurations on the SW below :
username ebrar privilege 0 password 0 eleb
aaa new-model
!
!
aaa group server radius packetfence
server name pfnac
!
aaa authentication login default local
aaa authentication dot1x default group packetfence
aaa authorization network default group packetfence
!
!
!
!
aaa server radius dynamic-author
client 192.168.56.101 server-key useStrongerSecret
port 3799
!
aaa session-id common
no ip icmp rate-limit unreachable
!
ip cef
!
!
no ip domain-lookup
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
dot1x system-auth-control
interface Ethernet0/0
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,3,10
switchport mode trunk
duplex auto
!
interface Ethernet0/1
switchport access vlan 10
switchport mode access
duplex auto
authentication order mab dot1x
authentication priority mab dot1x
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 10800
authentication violation replace
mab
no snmp trap link-status
dot1x pae authenticator
dot1x timeout quiet-period 2
dot1x timeout tx-period 3
!
interface Ethernet0/2
switchport access vlan 20
switchport mode access
duplex auto
snmp-server community public RO
snmp-server community private RW
snmp-server host 192.168.56.101 version 2c public
!
radius-server vsa send authentication
!
radius server pfnac
address ipv4 192.168.56.101 auth-port 1812 acct-port 1813
automate-tester username ebrar ignore-acct-port idle-time 3
key useStrongerSecret
When I connect a client to Ethernet 0/1 and try to connect to internet
(www.google.com) It responds "Page Not Found" and nothing is being
changed on the SW.
You can see the errors in the log files below :
packetfence.log :
[root@localhost logs]# tail -f packetfence.log
Mar 6 19:26:03 localhost packetfence_httpd.aaa: httpd.aaa(2123) ERROR:
[mac:[undef]] WARNING ! Unknown switch(es) 192.168.56.100
(pf::SwitchFactory::instantiate)
Mar 6 19:26:03 localhost packetfence_httpd.aaa: httpd.aaa(2123) WARN:
[mac:[undef]] Unknown switch (192.168.56.100). This request will be
failed. (pf::radius::switch_access)
Mar 6 19:29:02 localhost packetfence_httpd.aaa: httpd.aaa(2123) ERROR:
[mac:[undef]] WARNING ! Unknown switch(es) 192.168.56.100
(pf::SwitchFactory::instantiate)
Mar 6 19:29:02 localhost packetfence_httpd.aaa: httpd.aaa(2123) WARN:
[mac:[undef]] Unknown switch (192.168.56.100). This request will be
failed. (pf::radius::switch_access)
Mar 6 19:31:51 localhost packetfence_httpd.aaa: httpd.aaa(2123) ERROR:
[mac:[undef]] WARNING ! Unknown switch(es) 192.168.56.100
(pf::SwitchFactory::instantiate)
Mar 6 19:31:51 localhost packetfence_httpd.aaa: httpd.aaa(2123) WARN:
[mac:[undef]] Unknown switch (192.168.56.100). This request will be
failed. (pf::radius::switch_access)
Mar 6 19:34:49 localhost packetfence_httpd.aaa: httpd.aaa(2123) ERROR:
[mac:[undef]] WARNING ! Unknown switch(es) 192.168.56.100
(pf::SwitchFactory::instantiate)
Mar 6 19:34:49 localhost packetfence_httpd.aaa: httpd.aaa(2123) WARN:
[mac:[undef]] Unknown switch (192.168.56.100). This request will be
failed. (pf::radius::switch_access)
Mar 6 19:37:37 localhost packetfence_httpd.aaa: httpd.aaa(2123) ERROR:
[mac:[undef]] WARNING ! Unknown switch(es) 192.168.56.100
(pf::SwitchFactory::instantiate)
Mar 6 19:37:37 localhost packetfence_httpd.aaa: httpd.aaa(2123) WARN:
[mac:[undef]] Unknown switch (192.168.56.100). This request will be
failed. (pf::radius::switch_access)
radius.log :
Mar 6 19:37:37 localhost auth[2284]: (552) rest: ERROR:
{"control:PacketFence-Authorization-Status":"allow","Reply-Message":"Switch
is not managed by PacketFence"}
Mar 6 19:37:37 localhost auth[2284]: Need 2 more connections to reach
min connections (3)
Mar 6 19:37:37 localhost auth[2284]: rlm_rest (rest): Opening
additional connection (1099), 1 of 63 pending slots used
Mar 6 19:37:37 localhost auth[2284]: rlm_sql (sql): Closing connection
(1097): Hit idle_timeout, was idle for 168 seconds
Mar 6 19:37:37 localhost auth[2284]: rlm_sql (sql): Closing connection
(1098): Hit idle_timeout, was idle for 168 seconds
Mar 6 19:37:37 localhost auth[2284]: rlm_sql (sql): Opening additional
connection (1099), 1 of 64 pending slots used
Mar 6 19:37:37 localhost auth[2284]: Need 2 more connections to reach
min connections (3)
Mar 6 19:37:37 localhost auth[2284]: rlm_sql (sql): Opening additional
connection (1100), 1 of 63 pending slots used
Mar 6 19:37:37 localhost auth[2284]: [mac:] Rejected user: ebrar
Mar 6 19:37:37 localhost auth[2284]: (552) Rejected in post-auth:
[ebrar] (from client 192.168.56.100/32 port 0)
And