Which firmware version do you use on Cisco wlc 2504?
From: KUHN, BENJAMIN [mailto:bek...@rochester.k12.mn.us] Sent: Wednesday, March 15, 2017 7:20 PM To: packetfence-users@lists.sourceforge.net Subject: [PacketFence-users] Cisco WLC and Meraki WebAuth I am attempting to set up PacketFence to do WebAuth for a Cisco WLC and also for some Meraki APs. I am following the relevant portions of the Network Device Configuration Guide. Things appear to be working, with the exception of the RFC5176 portion where PacketFence sends the url-redirect Cisco AV Pair to the controller or APs. Here is my switches.conf: [default] VlanMap=N RoleMap=Y UrlMap=Y registrationUrl=https://packetfence.rochester.k12.mn.us/$session_id [10.2.0.134] coaPort=1700 deauthMethod=RADIUS registrationRole=Pre-Auth-For-WebRedirect Staff-BYODRole=RPS-BYOD description=WLC2504-TSSC controllerIp=10.2.0.134 mode=production VoIPDHCPDetect=N type=Cisco::WiSM2 REJECTRole=Pre-Auth-For-WebRedirect VoIPCDPDetect=N VoIPLLDPDetect=N Student-BYODRole=RPS-BYOD IT-BYODRole=RPS SNMPCommunityRead=SuperSecretCommunityString radiusSecret=SuperSecretPassword SNMPVersion=2c RoleMap=N [10.102.239.0/24] description=Test Lab APs group=Meraki-APs [group Meraki-APs] VoIPCDPDetect=N VoIPLLDPDetect=N deauthMethod=RADIUS coaPort=1700 mode=production description=Meraki AP Default Values type=Meraki::MR_v2 VoIPDHCPDetect=N radiusSecret=SuperSecretPassword UrlMap=Y registrationUrl=http://packetfence.rochester.k12.mn.us/$session_id RoleMap=Y IT-BYODRole=IT-BYOD Student-BYODRole=Student-BYOD VlanMap=N Staff-BYODRole=Staff-BYOD And the relevant snippet from the RADIUS debug: (74) Wed Mar 15 13:09:00 2017: Debug: linelog: EXPAND /usr/local/pf/logs/radius.log (74) Wed Mar 15 13:09:00 2017: Debug: linelog: --> /usr/local/pf/logs/radius.log (74) Wed Mar 15 13:09:00 2017: Debug: [linelog] = ok (74) Wed Mar 15 13:09:00 2017: Debug: } # post-auth = updated (74) Wed Mar 15 13:09:00 2017: Debug: Sent Access-Accept Id 10 from 10.1.4.76:1812 to 10.102.239.101:42797 length 0 (74) Wed Mar 15 13:09:00 2017: Debug: PacketFence-Authorization-Status = "allow" (74) Wed Mar 15 13:09:00 2017: Debug: Airespace-ACL-Name = "registration" (74) Wed Mar 15 13:09:00 2017: Debug: Finished request I am only getting the "Airespace-ACL-Name" AV Pair sent to both the Cisco WLC and the Meraki APs. What do I need to change to get the url-redirect AV pair sent to the devices? I can see the ACLs (or group policies in the case of Meraki) are correctly assigned. I can also access the login page manually so I know the ACLs are permitting access. Thanks, Ben Notice This E-mail transmission may contain confidential or legally privileged information that is intended for the individual or entity named in the E-mail address. Use of such information by any intended recipient shall be limited to the purpose for which such information was sent. Unauthorized use, disclosure, or copying is strictly prohibited. If you received this E-mail transmission in error, please reply to the sender and delete the message. Thank you.
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
