Hello Hassan,

SNMP-TRAPS = port security, don’t do that. The config that you showed does not 
do port-security but just radius.

Your switch config is working, your issue is most likely that you need to Strip 
the default realm.

Thanks,

Ludovic Zammit
Product Support Engineer Principal Lead

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:         <https://community.akamai.com/>  
<http://blogs.akamai.com/>  <https://twitter.com/akamai>  
<http://www.facebook.com/AkamaiTechnologies>  
<http://www.linkedin.com/company/akamai-technologies>  
<http://www.youtube.com/user/akamaitechnologies?feature=results_main>

> On Jun 15, 2024, at 10:29 PM, Hassan Kouchtafi via PacketFence-users 
> <packetfence-users@lists.sourceforge.net> wrote:
> 
> 
> Hassan Kouchtafi
> 10:28 PM (0 minutes ago)
> 
> to Ludovic
> 
> Thank you for the feedback,
> 
> I have not been successfully able to set up 802.1x authentication with packet 
> fence last time I tried it broke the server and I have to rebuild a new one.
> SNMP-TRAPS works perfectly.
> 
> The part that didn't work for me its when I tried authenticate with local 
> domain controller and adding specific ad group to authenticate.
> On the other hand, the part on the Switch global  configuration and switch 
> port interface its pretty straight forward.
> Here is the info's for the Cisco Switch
> 
> 802.1X with MAC Authentication bypass (Multi­Domain) 
> <https://www.packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_802_1x_with_mac_authentication_bypass_multidomain_2>
> 
> cisco Switch Version 
> ---------------------->
> 
> Switch Ports Model                     SW Version            SW Image         
>                  
> ------ ----- -----                     ----------            ----------       
>                  
> *    1 28    WS-C2960S-24PS-L          15.2(2)E9             
> C2960S-UNIVERSALK9-  
> 
> Cisco Switch Global Configuration / Switch Port Interface
> -------------------------------------------------------------------------->
> snmp-server community public R--
> 
> aaa server radius dynamic-author
>  client 192.168.1.5 server-key useStrongerSecret
>  port 3799
> radius-server vsa send authentication
> 
> radius server pfnac
>   address ipv4 192.168.1.5 auth-port 1812 acct-port 1813
>   automate-tester username dummy ignore-acct-port idle-time 3
>   key 0 useStrongerSecret
> dot1x system-auth-control
> aaa new-model
> aaa group server radius packetfence
>  server name pfnac
> aaa authentication login default local
> aaa authentication dot1x default group packetfence
> aaa authorization network default group packetfence
> 
> switchport mode access
> 
> switchport voice vlan 100
> authentication host-mode multi-domain
> authentication order dot1x mab
> authentication priority dot1x mab
> authentication port-control auto
> authentication periodic
> authentication timer restart 10800
> authentication timer reauthenticate 10800
> authentication violation replace
> mab
> no snmp trap link-status
> dot1x pae authenticator
> dot1x timeout quiet-period 2
> dot1x timeout tx-period 3
>  
> 
> Domain 
> Create a new domain with specific OU  to authenticate with user login and 
> password when a device its plug into a port
> I also would be like enable a web authentication as well, if there is a way I 
> can do with Azure SMAL as well I mean any way would be great
> The other question, is with SNMP Trap I can select the mac device to be 
> mapped to a VLAN from packet fence, how would packet fence with 802.1x can 
> filter with mac can automatically be assigned to a vlan without manually map 
> the mac address to a specific vlan and thank you.
> 
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!WhLYghxqE9PXI9zfG1gYRau2F_fuAP60O2DqjzFZ7eKDIHE2j2QFEy3imMM2YFt_ZudZNQetOfq9ES1B7gccccT7R9dYh9X0q6SK-w$

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to