Hello Timonthy,
I will do that today and give you the answer.
Regards,
André
2018-01-11 17:47 GMT-03:00 Timothy Mullican :
> André,
> Try applying this patch. On the PacketFence box, do:
>
> # cd /usr/local/pf
> # wget https://patch-diff.githubusercontent.com/raw/
>
Hi Timonthy,
thx for feedback, but i noticed that if it is in radius modes the
deauthentication does not work, if put HTTP for example it works.
Regards,
André
2018-01-10 22:12 GMT-03:00 Timothy Mullican :
> André,
> You can ignore that error. It is caused by a missing
Fabrice,
I’m not sure, but is his error due to the following?
The function deauth_source_ip (lib/pf/Switch.pm) is expecting the IP address to
deauth, so it can determine the source interface to use in PacketFence. It is
present in the default radiusDisconnect function, but
Hey Timonthy and Fabrice!
Finally funcioning, the problem was on firmware, after update, is changing
the vlans successfully.
Thank you so much for help!
Now I will move forward.
One question, this log below, its because i dont implement a radius.
Correct? I only join packetfence on Active
Hey Timonthy,
Following my network.conf
[root@packetfence ~]# cat /usr/local/pf/conf/networks.conf
[192.168.3.0]
dns=192.168.3.2
dhcp_start=192.168.3.10
gateway=192.168.3.2
domain-name=vlan-isolation.scrivener.com.br
nat_enabled=disabled
named=enabled
dhcp_max_lease_time=30
Timonthy,
After I changed to radius, I no longer look these error logs. Thank you!
But... the problem assign ip address vlan register...to be continued!
I'm thinking it's some problem between the switch and packetfence. :(
I am very excited for this solution, but I stop at this problem.
I
Can you post your entire switch config (scrubbed of sensitive info) and your
/usr/local/pf/conf/switches.conf file?
Thanks,
Tim
Sent from mobile phone
> On Jan 4, 2018, at 07:19, André Scrivener wrote:
>
> Timonthy,
>
> After I changed to radius, I no longer look
André,
The message “Until CoA is implemented we will bounce the port on VLAN
re-assignment traps for MAC-Auth
(pf::Switch::handleReAssignVlanTrapForWiredMacAuth)” is thrown because your
deauthentication method for the Switch (in PacketFence) is set to SNMP (see
Fabrice,
I used the configuration sent, still gave an error.
I saw some new logs:
Jan 3 18:41:44 packetfence pfqueue: pfqueue(25669) WARN:
[mac:84:7b:eb:e3:84:42] Until CoA is implemented we will bounce the port on
VLAN re-assignment traps for MAC-Auth
Hello André,
yes i did that a long time ago:
https://github.com/inverse-inc/packetfence/commit/9d47649dd8d133b233d313d2c80e94421c38caaa#diff-53248f7bb6c533be6a5b55ec361b3238
Also the note i took:
1 Enter global configuration mode and define the RADIUS server.
console#configure
Hey,
I configured interface 15 manually to use only vlan 2 (registry), and I was
assigned registry address addressing (192.168.2.0/24)
Following config switch:
interface Gi1/0/15
switchport access vlan 2
dot1x port-control force-authorized
exit
Following logs packetfence:
Jan 3 12:14:41
Opss, Fabrice!
I forgot an information, the MAC addresses on the switch.
By the logs, it is in VLAN 2, the correct vlan.
Right now I do not understand, because it does not assign the correct
address
console#show mac address-table
Aging time is 300 Sec
Vlan Mac Address Type
Hum strange.
What you can try is to define an interface in the vlan 2 (manually on an
switch port) and plug your test machine in it. (you must receive an ip
from PacketFence).
If you receive an ip from the 172.16.0.0/24 then it mean that you have a
switch configuration issue. (any layer 3
Hello Fabrice,
I simplified the environment, I'm using only 1 interface!
enp0s3: Management - DHCP FROM WINDOWS SERVER
enp0s3 VLAN 2: Registration - DHCP ENABLE
enp0s3 VLAN 3: Isolation - DHCP ENABLE
enp0s3 VLAN 10: Normal - NO DHCP
IP Address Switch Managed:
Hello André,
First you need to check on the switch side if the mac address of the
device is in the vlan 300.
Next a registration vlan is a vlan managed by PacketFence, so you need
to enable dhcp on the vlan 300 and 600.
Another thing i can see is that the interface enp0s8.300 (vlan 300) use
the
15 matches
Mail list logo