Hi, all,
Need help.
I was integrate PacketFence 13 with Cisco WLC 3504, configured SSID with
open+mac-filter (radius enabled), 2 ACL's.
Guest on first connection are redirected to captive-portal.
After registration PacketFence should return a new role, but this does not
happen automatically, PF does not sent CoA packets to WLC, on Switch "Use CoA"
enabled, CoA port is 1700(I've tried with port 3799 but nothing works - the
same result).
If manualy reŃonnect device to SSID (disconnect/connect) then everything works
(WLC will send a new RADIUS request and PacketFence should return a new role
and necessary ACL).
Help, please with Radius CoA for automatically change roles.
In PF use default template "WLC"
>From TCPDUMP on PacketFence on ports 1700 and 3799 - nothing
Also with radclient
"radsniff -x -p 1700" - empty
(Cisco Controller) >show radius summary
Vendor Id Backward Compatibility................. Disabled
Call Station Id Case............................. lower
Accounting Call Station Id Type.................. Mac Address
Auth Call Station Id Type........................ AP's Radio MAC Address:SSID
Extended Source Ports Support.................... Enabled
Aggressive Failover.............................. Disabled
Keywrap.......................................... Disabled
Fallback Test:
Test Mode.................................... Active
Probe User Name.............................. cisco-probe
Interval (in seconds)........................ 300
MAC Delimiter for Authentication Messages........ hyphen
MAC Delimiter for Accounting Messages............ hyphen
RADIUS Authentication Framed-MTU................. 1300 Bytes
AP Events Accounting............................. Disabled
Authentication Servers
Idx Type Server Address Port State Tout MgmtTout RFC3576 IPSec -
state/Profile Name/RadiusRegionString
--- ---- ---------------- ------ -------- ---- -------- -------
-------------------------------------------------------
6 * N **** 1812 Enabled 5 5 Enabled Disabled - /none
Accounting Servers
Idx Type Server Address Port State Tout MgmtTout RFC3576 IPSec -
state/Profile Name/RadiusRegionString
--- ---- ---------------- ------ -------- ---- -------- -------
-------------------------------------------------------
6 * N **** 1813 Enabled 5 5 N/A Disabled - /none
(Cisco Controller) >show radius rfc3576 statistics
RFC-3576 Servers:
Server Index..................................... 6
Server Address................................... ****
Disconnect-Requests.............................. 0
COA-Requests..................................... 0
Retransmitted Requests........................... 0
Malformed Requests............................... 0
Bad Authenticator Requests....................... 0
Other Drops...................................... 0
Sent Disconnect-Ack.............................. 0
Sent Disconnect-Nak.............................. 0
Sent CoA-Ack..................................... 0
Sent CoA-Nak..................................... 0
Best Regards,
Yevgen Lepekha
Network engineer
ERC Kyiv, Ukraine
tel office: +380 44 230 34 74 (1132)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
