Hassan Kouchtafi 10:28 PM (0 minutes ago) to Ludovic Thank you for the feedback,
I have not been successfully able to set up 802.1x authentication with packet fence last time I tried it broke the server and I have to rebuild a new one. SNMP-TRAPS works perfectly. The part that didn't work for me its when I tried authenticate with local domain controller and adding specific ad group to authenticate. On the other hand, the part on the Switch global configuration and switch port interface its pretty straight forward. Here is the info's for the Cisco Switch 802.1X with MAC Authentication bypass (MultiDomain) <https://www.packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_802_1x_with_mac_authentication_bypass_multidomain_2> cisco Switch Version ----------------------> Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 28 WS-C2960S-24PS-L 15.2(2)E9 C2960S-UNIVERSALK9- Cisco Switch Global Configuration / Switch Port Interface --------------------------------------------------------------------------> snmp-server community public R-- aaa server radius dynamic-author client 192.168.1.5 server-key useStrongerSecret port 3799 radius-server vsa send authentication radius server pfnac address ipv4 192.168.1.5 auth-port 1812 acct-port 1813 automate-tester username dummy ignore-acct-port idle-time 3 key 0 useStrongerSecret dot1x system-auth-control aaa new-model aaa group server radius packetfence server name pfnac aaa authentication login default local aaa authentication dot1x default group packetfence aaa authorization network default group packetfence switchport mode access switchport voice vlan 100 authentication host-mode multi-domain authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer restart 10800 authentication timer reauthenticate 10800 authentication violation replace mab no snmp trap link-status dot1x pae authenticator dot1x timeout quiet-period 2 dot1x timeout tx-period 3 Domain Create a new domain with specific OU to authenticate with user login and password when a device its plug into a port I also would be like enable a web authentication as well, if there is a way I can do with Azure SMAL as well I mean any way would be great The other question, is with SNMP Trap I can select the mac device to be mapped to a VLAN from packet fence, how would packet fence with 802.1x can filter with mac can automatically be assigned to a vlan without manually map the mac address to a specific vlan and thank you.
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
