Hi Jason,
show us the full FreeRADIUS debug output.
To do so, stop the radius service on the PacketFence server and restart it with
this command:
radiusd -d /usr/local/pf/raddb -X
That will spew out a lot of details about the connection.
Try authenticating again and send us the result.
Regards,
--
Louis Munro
[email protected] :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On Jul 15, 2015, at 14:06 , Guntharp, Jason W. <[email protected]> wrote:
> Hello,
>
> I’m working to fit Packetfence into a community college network as a NAC to
> manage wired devices. The install and basic configuration has been easy, but
> I have been unsuccessful at getting a working system with Brocade switches.
> Could anyone shed some light on this “Error in parsing of RADIUS VLAN entry”?
>
> Platform VMware 6.x / CENTOS 6.6 x64 / Packetfence 5.2
> Brocade 6450-48-POE on 8.30a (latest code –though I’ve tried the 7.x with no
> success)
>
> Brocade Switch and Packetfence Roles
> registration VLAN 101
> isolation VLAN 102
> macDetection VLAN 103
> inline VLAN 104
> voice VLAN 105
> default VLAN 106
>
> Brocade 6450 switch is configured 802.1x/MAC bypass via the network devices
> guide. Switch fails VLAN steer:
>
> Debug dot1x output:
> ICX6450-48P Router#[T:157274] [VLAN] [MGMT-POR] : 802.1X: vlan_name (String):
> 101 is now converted to vlan id (Decimal): 101
>
> Show log output:
> Jan 1 04:22:18:A:MAC Authentication failed for [f0de.f170.1dc5 ] on port
> 1/1/37 (Error in parsing of RADIUS VLAN entry)
> Jan 1 04:22:18:I:System: Interface ethernet 1/1/37, state up
> Jan 1 04:22:15:I:System: Interface ethernet 1/1/37, state down
>
> Packetfence.log output:
> ul 15 12:43:42 httpd.aaa(1968) INFO: [f0:de:f1:70:1d:c5] handling radius autz
> request: from switch_ip => (172.21.255.2), connection_type =>
> WIRED_MAC_AUTH,switch_mac => (Unknown), mac => [f0:de:f1:70:1d:c5], port =>
> 37, username => "f0def1701dc5" (pf::radius::authorize)
> Jul 15 12:43:42 httpd.aaa(1968) INFO: [f0:de:f1:70:1d:c5] is of status unreg;
> belongs into registration VLAN (pf::vlan::getRegistrationVlan)
> Jul 15 12:43:42 httpd.aaa(1968) INFO: [f0:de:f1:70:1d:c5] Returning ACCEPT
> with VLAN: 101 (pf::Switch::Brocade::returnRadiusAccessAccept)
>
> I have even tried a new packetfence install with the same results. It appears
> that Packetfence is returning the radius ACCEPT with vlan 101, but the switch
> will not correctly parse the reply. Any help?
>
> Thanks,
>
> Jason Guntharp
>
> ------------------------------------------------------------------------------
> Don't Limit Your Business. Reach for the Cloud.
> GigeNET's Cloud Solutions provide you with the tools and support that
> you need to offload your IT needs and focus on growing your business.
> Configured For All Businesses. Start Your Cloud Today.
> https://www.gigenetcloud.com/_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
