Hello Nicolas, "Can't re-evaluate access because no open locationlog entry was found" mean that packetfence doesn't know where the device is.
Plug the device on a switch port where port sec has been configured and check in snmptrapd.log if you receive a snmp trap from the switch. If there is nothing then fix that (fw rules, switch config ...) Regards Fabrice Le 2015-04-13 07:01, Nicolas Gailly a écrit : > Hello > > I've been trying to install PacketFence in a lab to see its > functionalities (so no external authentifcation, only local for now). > I use a Catalyst3750G switch connected to the network ( & internet ) > on port 1 (GigabitEthernet1/0/1), and PacketFence is connected on port > 24 (configured as trunk). > The thing when a new user connect to the switch, it is automatically > redirected on the PacketFence registration page . That is good. > BUT once registered, there is absolutly no change of configuration > happening (the page say Sorry, your network should be anbled bla bla > bla). It stays on the same vlan (registration). > It seems that packetfence is unable to tell the switch to change the > vlan of the connected port. But the snmp configuration seems to work > since I can see the device on the management web interface & I > received the traps and everything (tcpdump told me). > One thing to note though is that the uplink network has no dhcp, > addresses must be set manually. Does that change anything ? > i tried setting the ip configuration on the client after it has been > registered, it was still unable to ping for example (and the vlan > configuration stayed the same on the switch). > > I dunno what is wrong ... > > Thank you in advance > > Ps: I have checked every other mails that had the same problems. Only > one said it has been resolved but the solution doesn't work for me. > Other problemes were in case of inline configuration (vs vlan enforcment). > > *Here is my p**f.conf: > > *[interface eth0] > ip=10.31.32.124 > type=management > mask=255.255.224.0 > > [interface eth0.20] > enforcement=vlan > ip=10.0.2.1 > type=internal > mask=255.255.255.0 > > [interface eth0.30] > enforcement=vlan > ip=10.0.3.1 > type=internal > mask=255.255.255.0 > * > **H**ere is my switches.conf : > * > [10.31.32.122] > RoleMap=N > SNMPCommunityRead=readme > SNMPCommunityWrite=writeme > AccessListMap=N > description=Test Switch Lab > SNMPVersionTrap=2c > type=Cisco::Catalyst_3750G > VoIPEnabled=N > isolationVlan=30 > SNMPVersion=2c > registrationVlan=20 > mode=production > cliUser=test > deauthMethod=SNMP > cliPwd=test > cliTransport=SSH > cliEnablePwd=test > uplink_dynamic=0 > uplink=1 > * > * > *Here is my packetfence.log (portion):* > > Apr 13 11:39:14 httpd.portal(13461) INFO: [00:24:e8:df:b5:84] > shouldn't reach here. Calling access re-evaluation. Make sure your > network device configuration is correct. > (captiveportal::PacketFence::Controller::CaptivePortal::unknownState) > Apr 13 11:39:14 httpd.portal(13461) INFO: [00:24:e8:df:b5:84] > re-evaluating access (redir.cgi called) > (pf::enforcement::reevaluate_access) > Apr 13 11:39:14 httpd.portal(13461) WARN: [00:24:e8:df:b5:84] Can't > re-evaluate access because no open locationlog entry was found > (pf::enforcement::reevaluate_access) > > > *Here is my running config* : > ! > vlan internal allocation policy ascending > ! > vlan 20 > name registration > ! > vlan 30 > name isolation > > ... > interface GigabitEthernet1/0/15 > switchport access vlan 20 > switchport mode access > switchport port-security maximum 2 > switchport port-security maximum 1 vlan access > switchport port-security > switchport port-security violation restrict > switchport port-security mac-address 0200.0001.0115 > ! > interface GigabitEthernet1/0/16 > switchport access vlan 20 > switchport mode access > switchport port-security maximum 2 > switchport port-security maximum 1 vlan access > switchport port-security > switchport port-security violation restrict > ! > interface GigabitEthernet1/0/17 > switchport access vlan 20 > switchport mode access > switchport port-security maximum 2 > switchport port-security maximum 1 vlan access > switchport port-security > switchport port-security violation restrict > ! > interface GigabitEthernet1/0/18 > switchport access vlan 20 > switchport mode access > switchport port-security maximum 2 > switchport port-security maximum 1 vlan access > switchport port-security > switchport port-security violation restrict > ! > interface GigabitEthernet1/0/19 > switchport access vlan 20 > switchport mode access > switchport port-security maximum 2 > switchport port-security maximum 1 vlan access > switchport port-security > switchport port-security violation restrict > ! > interface GigabitEthernet1/0/20 > switchport access vlan 20 > switchport mode access > switchport port-security maximum 2 > switchport port-security maximum 1 vlan access > switchport port-security > switchport port-security violation restrict > ! > interface GigabitEthernet1/0/21 > switchport access vlan 20 > switchport mode access > switchport port-security maximum 2 > switchport port-security maximum 1 vlan access > switchport port-security > switchport port-security violation restrict > ! > interface GigabitEthernet1/0/22 > switchport access vlan 20 > switchport mode access > switchport port-security maximum 2 > switchport port-security maximum 1 vlan access > switchport port-security > switchport port-security violation restrict > ! > interface GigabitEthernet1/0/23 > switchport access vlan 20 > switchport mode access > switchport port-security maximum 2 > switchport port-security maximum 1 vlan access > switchport port-security > switchport port-security violation restrict > ! > interface GigabitEthernet1/0/24 > switchport trunk encapsulation dot1q > switchport mode trunk > ! > interface GigabitEthernet1/0/25 > ! > interface GigabitEthernet1/0/26 > ! > interface GigabitEthernet1/0/27 > ! > interface GigabitEthernet1/0/28 > ! > interface Vlan1 > ip address 10.31.32.122 255.255.224.0 > ! > interface Vlan10 > no ip address > ! > interface Vlan20 > ip address 10.0.2.1 255.255.255.0 > ! > interface Vlan30 > ip address 10.0.3.1 255.255.255.0 > ! > ip default-gateway 10.31.32.1 > ip http server > ip http secure-server > ! > ! > snmp-server community readme RO > snmp-server community writeme RW > snmp-server community test RW > snmp-server location testlab > snmp-server enable traps snmp authentication linkdown linkup coldstart > warmstart > ... > snmp-server enable traps port-security > ... > ... > snmp-server enable traps mac-notification change move threshold > snmp-server enable traps vlan-membership > snmp-server enable traps errdisable > snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up > vnet-trunk-down > snmp-server host 10.31.32.124 version 2c public port-security > > > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
0xF78F957E.asc
Description: application/pgp-keys
------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
