Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-17 Thread André Scrivener via PacketFence-users
Hello Timonthy, I will do that today and give you the answer. Regards, André 2018-01-11 17:47 GMT-03:00 Timothy Mullican : > André, > Try applying this patch. On the PacketFence box, do: > > # cd /usr/local/pf > # wget https://patch-diff.githubusercontent.com/raw/ >

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-11 Thread André Scrivener via PacketFence-users
Hi Timonthy, thx for feedback, but i noticed that if it is in radius modes the deauthentication does not work, if put HTTP for example it works. Regards, André 2018-01-10 22:12 GMT-03:00 Timothy Mullican : > André, > You can ignore that error. It is caused by a missing

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-05 Thread Timothy Mullican via PacketFence-users
Fabrice, I’m not sure, but is his error due to the following? The function deauth_source_ip (lib/pf/Switch.pm) is expecting the IP address to deauth, so it can determine the source interface to use in PacketFence. It is present in the default radiusDisconnect function, but

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-05 Thread André Scrivener via PacketFence-users
Hey Timonthy and Fabrice! Finally funcioning, the problem was on firmware, after update, is changing the vlans successfully. Thank you so much for help! Now I will move forward. One question, this log below, its because i dont implement a radius. Correct? I only join packetfence on Active

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-05 Thread André Scrivener via PacketFence-users
Hey Timonthy, Following my network.conf [root@packetfence ~]# cat /usr/local/pf/conf/networks.conf [192.168.3.0] dns=192.168.3.2 dhcp_start=192.168.3.10 gateway=192.168.3.2 domain-name=vlan-isolation.scrivener.com.br nat_enabled=disabled named=enabled dhcp_max_lease_time=30

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-04 Thread André Scrivener via PacketFence-users
Timonthy, After I changed to radius, I no longer look these error logs. Thank you! But... the problem assign ip address vlan register...to be continued! I'm thinking it's some problem between the switch and packetfence. :( I am very excited for this solution, but I stop at this problem. I

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-04 Thread Timothy Mullican via PacketFence-users
Can you post your entire switch config (scrubbed of sensitive info) and your /usr/local/pf/conf/switches.conf file? Thanks, Tim Sent from mobile phone > On Jan 4, 2018, at 07:19, André Scrivener wrote: > > Timonthy, > > After I changed to radius, I no longer look

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-03 Thread Timothy Mullican via PacketFence-users
André, The message “Until CoA is implemented we will bounce the port on VLAN re-assignment traps for MAC-Auth (pf::Switch::handleReAssignVlanTrapForWiredMacAuth)” is thrown because your deauthentication method for the Switch (in PacketFence) is set to SNMP (see

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-03 Thread André Scrivener via PacketFence-users
Fabrice, I used the configuration sent, still gave an error. I saw some new logs: Jan 3 18:41:44 packetfence pfqueue: pfqueue(25669) WARN: [mac:84:7b:eb:e3:84:42] Until CoA is implemented we will bounce the port on VLAN re-assignment traps for MAC-Auth

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-03 Thread Fabrice Durand via PacketFence-users
Hello André, yes i did that a long time ago: https://github.com/inverse-inc/packetfence/commit/9d47649dd8d133b233d313d2c80e94421c38caaa#diff-53248f7bb6c533be6a5b55ec361b3238 Also the note i took: 1 Enter global configuration mode and define the RADIUS server. console#configure

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-03 Thread André Scrivener via PacketFence-users
Hey, I configured interface 15 manually to use only vlan 2 (registry), and I was assigned registry address addressing (192.168.2.0/24) Following config switch: interface Gi1/0/15 switchport access vlan 2 dot1x port-control force-authorized exit Following logs packetfence: Jan 3 12:14:41

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-03 Thread André Scrivener via PacketFence-users
Opss, Fabrice! I forgot an information, the MAC addresses on the switch. By the logs, it is in VLAN 2, the correct vlan. Right now I do not understand, because it does not assign the correct address console#show mac address-table Aging time is 300 Sec Vlan Mac Address Type

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-03 Thread Fabrice Durand via PacketFence-users
Hum strange. What you can try is to define an interface in the vlan 2 (manually on an switch port) and plug your test machine in it. (you must receive an ip from PacketFence). If you receive an ip from the 172.16.0.0/24 then it mean that you have a switch configuration issue. (any layer 3

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2018-01-02 Thread André Scrivener via PacketFence-users
Hello Fabrice, I simplified the environment, I'm using only 1 interface! enp0s3: Management - DHCP FROM WINDOWS SERVER enp0s3 VLAN 2: Registration - DHCP ENABLE enp0s3 VLAN 3: Isolation - DHCP ENABLE enp0s3 VLAN 10: Normal - NO DHCP IP Address Switch Managed:

Re: [PacketFence-users] Need help solving a problem with vlan enforcement

2017-12-29 Thread Fabrice Durand via PacketFence-users
Hello André, First you need to check on the switch side if the mac address of the device is in the vlan 300. Next a registration vlan is a vlan managed by PacketFence, so you need to enable dhcp on the vlan 300 and 600. Another thing i can see is that the interface enp0s8.300 (vlan 300) use the