Re: [PacketFence-users] Issues with Packetfence 5.2 fresh install and Cisco WLC

Durand fabrice Sun, 05 Jul 2015 17:43:42 -0700

Hi Greg,

probably the WLC again because PacketFence return the vlan 25.

What you can do is on the WLC , first create an interface on the vlan 25and try to ping it from another device on the vlan 25.

If it's not working then debug what happen on the wlc:
debug aaa event enable
debug client <client_mac>

Regards
Fabrice


Le 2015-07-05 19:52, Greg M a écrit :


Hi Fabrice,

Progress!

Mon Jul 6 07:30:37 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27)

Mon Jul 6 07:30:37 2015 : Auth: rlm_perl: Returning vlan 21 torequest from c0:bd:d1:b3:dd:27 port 1

Mon Jul 6 07:31:40 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27)

Mon Jul 6 07:31:40 2015 : Auth: rlm_perl: Returning vlan 25 torequest from c0:bd:d1:b3:dd:27 port 1

Mon Jul 6 07:32:12 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27)

Mon Jul 6 07:32:12 2015 : Auth: rlm_perl: Returning vlan 25 torequest from c0:bd:d1:b3:dd:27 port 1

Mon Jul 6 07:32:59 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27)

Mon Jul 6 07:32:59 2015 : Auth: rlm_perl: Returning vlan 25 torequest from c0:bd:d1:b3:dd:27 port 1

Mon Jul 6 07:33:31 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27)

Mon Jul 6 07:33:31 2015 : Auth: rlm_perl: Returning vlan 25 torequest from c0:bd:d1:b3:dd:27 port 1

Mon Jul 6 07:39:46 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27)

Mon Jul 6 07:39:46 2015 : Auth: rlm_perl: Returning vlan 25 torequest from c0:bd:d1:b3:dd:27 port 1

Mon Jul 6 07:40:19 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27)

Mon Jul 6 07:40:19 2015 : Auth: rlm_perl: Returning vlan 25 torequest from c0:bd:d1:b3:dd:27 port 1

Mon Jul 6 07:41:48 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27)

Mon Jul 6 07:41:48 2015 : Auth: rlm_perl: Returning vlan 25 torequest from c0:bd:d1:b3:dd:27 port 1

Mon Jul 6 07:42:11 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27)

Mon Jul 6 07:42:11 2015 : Auth: rlm_perl: Returning vlan 25 torequest from c0:bd:d1:b3:dd:27 port 1

Mon Jul 6 07:42:21 2015 : Auth: Login OK: [c0bdd1b3dd27] (from client10.10.17.2 port 1 cli c0:bd:d1:b3:dd:27)

Mon Jul 6 07:42:21 2015 : Auth: rlm_perl: Returning vlan 25 torequest from c0:bd:d1:b3:dd:27 port 1

So I’m now able to connect to the Guest wifi with MAC auth turned on,login to the Captive portal, however the redirect to the “Internet”SSID which is bound to VLAN 25 is not working. I’ve confirmed AAAoverride option is ticked in the SSID’s.


Regards,

Greg

*From:*Durand fabrice [mailto:[email protected]]
*Sent:* Monday, 6 July 2015 2:30 AM
*To:* [email protected]

*Subject:* Re: [PacketFence-users] Issues with Packetfence 5.2 freshinstall and Cisco WLC


Hi Greg,

ok so it mean something is missing on the WLC.

Are you able to ping the management interface of the WLC frompacketfence (and the inverse)?

Did you follow this guidehttp://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Network_Devices_Configuration_Guide-5.2.0.pdfpage 77 ?


Regards
Fabrice

Le 2015-07-04 21:37, Greg M a écrit :

    Hi Fabice,

    Many thanks for your email.

    When I run the raddebug command and login, there is no
    entries/logs displayed during a login/connection to the captive
    portal.

    Thanks,

    Greg

    *From:*Durand fabrice [mailto:[email protected]]
    *Sent:* Sunday, 5 July 2015 2:30 AM
    *To:* [email protected]
    <mailto:[email protected]>
    *Subject:* Re: [PacketFence-users] Issues with Packetfence 5.2
    fresh install and Cisco WLC

    Hello Greg,

    did you configure the WLC (Configuration -> Switch) in packetfence ?
    What about "raddebug -d /usr/local/pf/raddb -t 3000" when you try
    to connect on the ssid ?

    Regards
    Fabrice


    Le 2015-07-04 13:35, Greg M a écrit :

        Hi,

        I am trying to get Packetfence setup with a Cisco WLC 2106
        controller and a number of various AP’s.

        The AP’s and WLC themselves are fine, and I can successfully
        connect to the unsecured Guest SSID, enter my username and
        password and sign in.

        From there, however I get either the ‘unable to detect network
        connectivity’ or ‘your network should be enabled within a
        minute or two’ – and PF doesn’t move me from my guest SSID to
        my secure, Internet-access SSID.

        In the packetfence logs I see:

        Jul 05 00:59:51 httpd.portal(2764) INFO: Authentication
        successful for greg in source local (SQL)
        (pf::authentication::authenticate)

        Jul 05 00:59:51 httpd.portal(2764) ERROR: attempt to add
        existing person greg (pf::person::person_add)

        Jul 05 00:59:51 httpd.portal(2764) INFO: Just finished seting
        the node up
        
(captiveportal::PacketFence::Controller::Authenticate::postAuthentication)

        Jul 05 00:59:51 httpd.portal(2764) INFO: Passed by the
        provisioning
        
(captiveportal::PacketFence::Controller::Authenticate::postAuthentication)

        Jul 05 00:59:51 httpd.portal(2764) INFO: [00:24:d6:02:71:e2]
        re-evaluating access (manage_register called)
        (pf::enforcement::reevaluate_access)

        Jul 05 00:59:51 httpd.portal(2764) WARN: [00:24:d6:02:71:e2]
        Can't re-evaluate access because no open locationlog entry was
        found (pf::enforcement::reevaluate_access)

        Jul 05 00:59:51 httpd.portal(3433) INFO: Matched IP
        '10.10.21.11' to MAC address '00:24:d6:02:71:e2' using SQL
        'iplog' table (pf::iplog::ip2mac)

        On the WLC I am seeing :

        17           Sun Jul 5 00:36:11 2015   RADIUS server
        10.10.17.250:1812 failed to respond to request (ID 10) for
        client 00:24:d6:02:71:e2 / user 'unknown'

        And further testing:

        root@pf:/usr/local/pf/logs# radtest execution query
        10.10.17.250 12 testing123

        Sending Access-Request of id 20 to 10.10.17.250 port 1812

                User-Name = "execution"

        User-Password = "query"

        NAS-IP-Address = 10.10.17.250

                NAS-Port = 12

        Message-Authenticator = 0x00000000000000000000000000000000

        Sending Access-Request of id 20 to 10.10.17.250 port 1812

                User-Name = "execution"

        User-Password = "query"

        NAS-IP-Address = 10.10.17.250

                NAS-Port = 12

        Message-Authenticator = 0x00000000000000000000000000000000

        Sending Access-Request of id 20 to 10.10.17.250 port 1812

                User-Name = "execution"

        User-Password = "query"

        NAS-IP-Address = 10.10.17.250

                NAS-Port = 12

        Message-Authenticator = 0x00000000000000000000000000000000

        radclient: no response from server for ID 20 socket 3

        So is the issue with the PF Radius install? Is there something
        simple that needs to be done to fix this ?

        Many thanks,

        Greg





        
------------------------------------------------------------------------------

        Don't Limit Your Business. Reach for the Cloud.

        GigeNET's Cloud Solutions provide you with the tools and support that

        you need to offload your IT needs and focus on growing your business.

        Configured For All Businesses. Start Your Cloud Today.

        https://www.gigenetcloud.com/





        _______________________________________________

        PacketFence-users mailing list

        [email protected]  
<mailto:[email protected]>

        https://lists.sourceforge.net/lists/listinfo/packetfence-users




    
------------------------------------------------------------------------------

    Don't Limit Your Business. Reach for the Cloud.

    GigeNET's Cloud Solutions provide you with the tools and support that

    you need to offload your IT needs and focus on growing your business.

    Configured For All Businesses. Start Your Cloud Today.

    https://www.gigenetcloud.com/




    _______________________________________________

    PacketFence-users mailing list

    [email protected]  
<mailto:[email protected]>

    https://lists.sourceforge.net/lists/listinfo/packetfence-users



------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/


_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Issues with Packetfence 5.2 fresh install and Cisco WLC

Reply via email to