Hello Levgen, can you provide the packetfence.log snippet when you register on the portal ?
Regards Fabrice Le ven. 5 janv. 2024 à 08:18, Ievgen Lepekha via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hi, all, > > Need help. > > > > I was integrate PacketFence 13 with Cisco WLC 3504, configured SSID with > open+mac-filter (radius enabled), 2 ACL's. > > Guest on first connection are redirected to captive-portal. > > After registration PacketFence should return a new role, but this does not > happen automatically, PF does not sent CoA packets to WLC, on Switch "Use > CoA" enabled, CoA port is 1700(I've tried with port 3799 but nothing works > - the same result). > > > > If manualy reсonnect device to SSID (disconnect/connect) then everything > works (WLC will send a new RADIUS request and PacketFence should return a > new role and necessary ACL). > > > > Help, please with Radius CoA for automatically change roles. > > > > In PF use default template "WLC" > > From TCPDUMP on PacketFence on ports 1700 and 3799 - nothing > > Also with radclient > > "radsniff -x -p 1700" - empty > > > > (Cisco Controller) >show radius summary > > > > Vendor Id Backward Compatibility................. Disabled > > Call Station Id Case............................. lower > > Accounting Call Station Id Type.................. Mac Address > > Auth Call Station Id Type........................ AP's Radio MAC > Address:SSID > > Extended Source Ports Support.................... Enabled > > Aggressive Failover.............................. Disabled > > Keywrap.......................................... Disabled > > Fallback Test: > > Test Mode.................................... Active > > Probe User Name.............................. cisco-probe > > Interval (in seconds)........................ 300 > > MAC Delimiter for Authentication Messages........ hyphen > > MAC Delimiter for Accounting Messages............ hyphen > > RADIUS Authentication Framed-MTU................. 1300 Bytes > > AP Events Accounting............................. Disabled > > > > Authentication Servers > > > > Idx Type Server Address Port State Tout MgmtTout RFC3576 > IPSec - state/Profile Name/RadiusRegionString > > --- ---- ---------------- ------ -------- ---- -------- ------- > ------------------------------------------------------- > > 6 * N **** 1812 Enabled 5 5 Enabled Disabled - > /none > > > > Accounting Servers > > > > Idx Type Server Address Port State Tout MgmtTout RFC3576 > IPSec - state/Profile Name/RadiusRegionString > > --- ---- ---------------- ------ -------- ---- -------- ------- > ------------------------------------------------------- > > 6 * N **** 1813 Enabled 5 5 N/A Disabled - > /none > > > > > > (Cisco Controller) >show radius rfc3576 statistics > > RFC-3576 Servers: > > Server Index..................................... 6 > > Server Address................................... **** > > Disconnect-Requests.............................. 0 > > COA-Requests..................................... 0 > > Retransmitted Requests........................... 0 > > Malformed Requests............................... 0 > > Bad Authenticator Requests....................... 0 > > Other Drops...................................... 0 > > Sent Disconnect-Ack.............................. 0 > > Sent Disconnect-Nak.............................. 0 > > Sent CoA-Ack..................................... 0 > > Sent CoA-Nak..................................... 0 > > Best Regards, > > Yevgen Lepekha > > Network engineer > > ERC Kyiv, Ukraine > > tel office: +380 44 230 34 74 (1132) > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
