you can check the radius response from packetfence with radsniff to see if
it is malformed in any way
regards
Dennis
2015-07-15 20:06 GMT+02:00 Guntharp, Jason W. <[email protected]>:
> Hello,
>
>
>
> I’m working to fit Packetfence into a community college network as a NAC
> to manage wired devices. The install and basic configuration has been easy,
> but I have been unsuccessful at getting a working system with Brocade
> switches. Could anyone shed some light on this “Error in parsing of RADIUS
> VLAN entry”?
>
>
>
> Platform VMware 6.x / CENTOS 6.6 x64 / Packetfence 5.2
>
> Brocade 6450-48-POE on 8.30a (latest code –though I’ve tried the 7.x with
> no success)
>
>
>
> Brocade Switch and Packetfence Roles
>
> registration VLAN 101
>
> isolation VLAN 102
>
> macDetection VLAN 103
>
> inline VLAN 104
>
> voice VLAN 105
>
> default VLAN 106
>
>
>
> Brocade 6450 switch is configured 802.1x/MAC bypass via the network
> devices guide. Switch fails VLAN steer:
>
>
>
> Debug dot1x output:
>
> ICX6450-48P Router#[T:157274] [VLAN] [MGMT-POR] : 802.1X: vlan_name
> (String): 101 is now converted to vlan id (Decimal): 101
>
>
>
> Show log output:
>
> Jan 1 04:22:18:A:MAC Authentication failed for [f0de.f170.1dc5 ] on port
> 1/1/37 (Error in parsing of RADIUS VLAN entry)
>
> Jan 1 04:22:18:I:System: Interface ethernet 1/1/37, state up
>
> Jan 1 04:22:15:I:System: Interface ethernet 1/1/37, state down
>
>
>
> Packetfence.log output:
>
> ul 15 12:43:42 httpd.aaa(1968) INFO: [f0:de:f1:70:1d:c5] handling radius
> autz request: from switch_ip => (172.21.255.2), connection_type =>
> WIRED_MAC_AUTH,switch_mac => (Unknown), mac => [f0:de:f1:70:1d:c5], port =>
> 37, username => "f0def1701dc5" (pf::radius::authorize)
>
> Jul 15 12:43:42 httpd.aaa(1968) INFO: [f0:de:f1:70:1d:c5] is of status
> unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
>
> Jul 15 12:43:42 httpd.aaa(1968) INFO: [f0:de:f1:70:1d:c5] Returning ACCEPT
> with VLAN: 101 (pf::Switch::Brocade::returnRadiusAccessAccept)
>
>
>
> I have even tried a new packetfence install with the same results. It
> appears that Packetfence is returning the radius ACCEPT with vlan 101, but
> the switch will not correctly parse the reply. Any help?
>
>
>
> Thanks,
>
>
>
> Jason Guntharp
>
>
>
>
> ------------------------------------------------------------------------------
> Don't Limit Your Business. Reach for the Cloud.
> GigeNET's Cloud Solutions provide you with the tools and support that
> you need to offload your IT needs and focus on growing your business.
> Configured For All Businesses. Start Your Cloud Today.
> https://www.gigenetcloud.com/
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
-------------------------------
oben Balken, unten Balken !
-------------------------------
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
