I also got this same issue. Interesting.
On Tue, May 26, 2020, 7:20 PM Chad Jemison via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:
> I have dyn-authorization enabled on the switches for the PacketFence
> server IP. I’ve enabled Radius Accounting service on PacketFence as
This may have been the missing part in the switch config. Looking through the
HP section of FreeRadius site,
https://wiki.freeradius.org/vendor/HP#rfc-3576-change-of-authorisation-disconnect-message_switch-configuration_disable-event-timestamp-check-if-required,
I added the following to my
I have dyn-authorization enabled on the switches for the PacketFence server IP.
I've enabled Radius Accounting service on PacketFence as it is now disabled by
default. I've turned on debugging on my test switch and get the following when
issuing a Reevaluate Accesss:
DROPPED, Event-Timestamp
On 22/05/2020 16:59, Chad Jemison wrote:
I get the following when using the Aruba templates
May 22 10:58:08 nac pfqueue: pfqueue(13316) WARN:
[mac:64:16:7f:57:cb:b8] Unable to perform RADIUS Disconnect/CoA Request:
Timeout waiting for a reply from 192.168.101.30 on port 3799 at
I get the following when using the Aruba templates
May 22 10:58:08 nac pfqueue: pfqueue(13316) WARN: [mac:64:16:7f:57:cb:b8]
Unable to perform RADIUS Disconnect/CoA Request: Timeout waiting for a reply
from 192.168.101.30 on port 3799 at /usr/local/pf/lib/pf/util/radius.pm line
185.
Hello Chad,
On 19/05/2020 17:02, Chad Jemison via PacketFence-users wrote:
From troubleshooting, I am able to
get the proper VOICE VLAN assignment if I use the Packetfence::Standard
switch template, but some other features are not functioning on the
Aruba 2930 switches I have.
Which other
Hello Chad,
If you check the code at the line mentioned:
sub getVoipVsa {
my ($self) = @_;
my $logger = $self->logger;
my $vlanid = sprintf( "%03x\n", $self->getVlanByName($VOICE_ROLE) );
my $hexvlan = hex( "31000" . $vlanid );
return ( 'Egress-VLANID' => $hexvlan, );
}
What
For simplicity sake, the VOICE VLAN is 202, the DATA VLAN is 1.
Could you check:
- in packetfence.log
VLAN 202 is not being assigned. I'm not sure why the time clocks Authentication
Source is being called by the phone. Nothing in that rule would seem to
associate the phone with the MAC
Hello Chad,
If you check the code at the line mentioned:
sub getVoipVsa {
my ($self) = @_;
my $logger = $self->logger;
my $vlanid = sprintf( "%03x\n", $self->getVlanByName($VOICE_ROLE) );
my $hexvlan = hex( "31000" . $vlanid );
return ( 'Egress-VLANID' => $hexvlan, );
}
What
On 19/05/2020 13:50, Chad Jemison wrote:
1. What do you see in RADIUS Audit Log (RADIUS reply) when you
connect a VoIP device on your switch that use Procurve_2920.pm switch
template ? May 19 07:46:26 nac auth[136359]: [mac:64:16:7f:57:c6:f5]
Accepted user: and returned VLAN May 19 07:46:26
5:34 AM
To: packetfence-users@lists.sourceforge.net
Cc: Nicolas Quiniou-Briand
Subject: Re: [PacketFence-users] Reeavulate Access Log Warning
Hello,
On 18/05/2020 17:22, Chad Jemison via PacketFence-users wrote:
> May 18 11:18:09 nac packetfence_httpd.aaa: httpd.aaa(2311) WARN:
> [mac:64:16
Hello,
On 18/05/2020 17:22, Chad Jemison via PacketFence-users wrote:
May 18 11:18:09 nac packetfence_httpd.aaa: httpd.aaa(2311) WARN:
[mac:64:16:7f:57:c7:a3] Illegal hexadecimal digit '
' ignored at /usr/local/pf/lib/pf/Switch/HP/Procurve_2920.pm line 57.
12 matches
Mail list logo
