Hello Mikhail,
follow the guide section 4.8.6
(https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html)
and be sure that you configured dynamic-author.
Then on the PacketFence side in your switch config select Radius as
deauth method.
Also have a look at pfqueue.log to see error messages related to the deauth.
Regards
Fabrice
Le 2017-04-28 à 07:12, Mikhail Pissarenko a écrit :
> Hi there again,
>
> Thanks for the previous advice. We've given it to our dev department.
>
> One thing that's bothering us upon deployment is the fact that changes
> on packetfence (a registration, change of VLAN) are not applied until
> the switch asks radius to authenticate the mac address again, so
> usually user support would advice the user to reconnect their device
> or restart their computer to gain access and etc. We can counter this
> by lowering the authentication timers on our ports but we fear we'll
> create too much junk traffic thus saturating our network.
>
> I'm not sure if I've got my config right, but isnt't packetfence
> supposed to report changes to the switch using SNMP?
>
> Thanks in advice again.
>
> 2017-03-30 2:09 GMT+02:00 Durand fabrice <[email protected]
> <mailto:[email protected]>>:
>
> Hello Mikhail,
>
> it can probably done with radius accounting, when PacketFence
> receive an accounting stop then unreg the device.
>
> Btw it need a little bit of code. (lib/pf/radius.pm
> <http://radius.pm>)
>
> Regards
>
> Fabrice
>
>
> Le 2017-03-29 à 11:02, Mikhail Pissarenko a écrit :
>> Hi, good afternoon.
>>
>> My name is Mikhail and I'm an intern of the STIT department
>> servicing our local town hall, located in Reus, Spain.
>>
>> We're currently testing PacketFence with Cisco 2960 mainly as a
>> way to assign the right VLAN to the right device on our
>> production networks, along with other projects.
>>
>> I'm a bit on a tight deadline at this point, and while I got most
>> of the functionality working (traps, VLAN assignment, captive
>> portal behaviour, etc.) I've had a request I can't seem to figure
>> out.
>>
>> We want all endpoints (mostly desktop and laptop PCs) to
>> deauthenticate/return to the registration VLAN (in our case it's
>> the default 2) as soon as the device gets unplugged from the
>> switch or gets disconnected.
>>
>> I'm not asking for a "cookbook" style guide, I'd just like to
>> know where should I be poking at. I'll figure the rest out. I hope.
>>
>> Thanks in advice.
>>
>> PS: I might be mailing more stuff here as more requests come up
>> from my staff.
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>
>> _______________________________________________
>> PacketFence-users mailing list
>> [email protected]
>> <mailto:[email protected]>
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________ PacketFence-users
> mailing list [email protected]
> <mailto:[email protected]>
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
