Hello André,
First you need to check on the switch side if the mac address of the
device is in the vlan 300.
Next a registration vlan is a vlan managed by PacketFence, so you need
to enable dhcp on the vlan 300 and 600.
Another thing i can see is that the interface enp0s8.300 (vlan 300) use
the network 172.17.0.0/24 and it should be 172.16.0.0/24 ?! (but enp0s8
use this network).
So i my opinion, you probably mess up the vlan/interface config.
If enp0s8 interface is really on the vlan 300 then enp0s8.300 is useless
and you probably have to use the vlan 301 as the registration network.
Last things, be sure that enp0s8 is plugged on a trunk port and be sure
that you define all the vlans in your switch configuration.
Regards
Fabrice
Le 2017-12-29 à 08:50, André Scrivener via PacketFence-users a écrit :
> I'm configuring pf as vlan enforcement, but I'm having a problem,
> where vlans with their respective IPs are not being assigned. In the
> logs it returns the correct vlans, but does not apply to the station.
>
> /
> /
> /Dec 29 11:36:54 packtfence packetfence_httpd.aaa: httpd.aaa(5185)
> INFO: [mac:64:1c:67:82:7d:f2] handling radius autz request: from
> switch_ip => (172.16.0.50), connection_type =>
> WIRED_MAC_AUTH,switch_mac => (14:18:77:ea:f0:a2), mac =>
> [64:1c:67:82:7d:f2], port => 41, username => "641C67827DF2"
> (pf::radius::authorize)/
> /Dec 29 11:36:54 packtfence packetfence_httpd.aaa: httpd.aaa(5185)
> INFO: [mac:64:1c:67:82:7d:f2] Instantiate profile default
> (pf::Connection::ProfileFactory::_from_profile)/
> /Dec 29 11:36:54 packtfence packetfence_httpd.aaa: httpd.aaa(5185)
> INFO: [mac:64:1c:67:82:7d:f2] is of status unreg; belongs into
> registration VLAN (pf::role::getRegistrationRole)/
> /Dec 29 11:36:54 packtfence packetfence_httpd.aaa: httpd.aaa(5185)
> INFO: [mac:64:1c:67:82:7d:f2] (172.16.0.50) Added VLAN 300 to the
> returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)/
>
>
> /Dec 29 11:36:54 packtfence auth[7662]: Need 1 more connections to
> reach min connections (3)/
> /Dec 29 11:36:54 packtfence auth[7662]: rlm_rest (rest): Opening
> additional connection (23), 1 of 62 pending slots used/
> /Dec 29 11:36:54 packtfence auth[7662]: Need 1 more connections to
> reach min connections (3)/
> /Dec 29 11:36:54 packtfence auth[7662]: rlm_sql (sql): Opening
> additional connection (25), 1 of 62 pending slots used/
> /Dec 29 11:36:54 packtfence auth[7662]: [mac:64:1c:67:82:7d:f2]
> Accepted user: and returned VLAN 300/
> /Dec 29 11:36:54 packtfence auth[7662]: (44) Login OK: [641C67827DF2]
> (from client 172.16.0.50 port 41 cli 64:1c:67:82:7d:f2)/
>
>
> In the logs it returns to vlan correct, but does not assign to the
> computer, it stubborn in assigning the network 172.16.0.0/24
> <http://172.16.0.0/24>.
>
> I did not configure DHCP in packetfence, when packetfence returns a
> vlan it is for it to get dhcp from my infrastructure. (So I imagine.)
>
> Follows some of my settings, it's okay to expose information since
> it's a lab.
>
>
> [root@packtfence ~]# ifconfig
> SCRIVENER-b: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> inet 169.254.0.2 netmask 255.255.255.252 broadcast 169.254.0.3
> inet6 fe80::c8b5:5bff:febe:b1cc prefixlen 64 scopeid 0x20<link>
> ether ca:b5:5b:be:b1:cc txqueuelen 1000 (Ethernet)
> RX packets 8 bytes 648 (648.0 B)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 8 bytes 648 (648.0 B)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> enp0s3: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
> ether 08:00:27:a3:36:2a txqueuelen 1000 (Ethernet)
> RX packets 5668 bytes 8119227 (7.7 MiB)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 1260 bytes 80253 (78.3 KiB)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> inet 172.16.0.2 netmask 255.255.255.0 broadcast 172.16.0.255
> inet6 fe80::a00:27ff:fef4:37f8 prefixlen 64 scopeid 0x20<link>
> ether 08:00:27:f4:37:f8 txqueuelen 1000 (Ethernet)
> RX packets 20960 bytes 4119093 (3.9 MiB)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 12227 bytes 21064744 (20.0 MiB)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> enp0s8.300: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> inet 172.17.0.2 netmask 255.255.255.0 broadcast 172.17.0.255
> inet6 fe80::a00:27ff:fef4:37f8 prefixlen 64 scopeid 0x20<link>
> ether 08:00:27:f4:37:f8 txqueuelen 1000 (Ethernet)
> RX packets 10 bytes 628 (628.0 B)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 14 bytes 900 (900.0 B)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> enp0s8.301: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> inet 172.19.0.2 netmask 255.255.255.0 broadcast 172.19.0.255
> inet6 fe80::a00:27ff:fef4:37f8 prefixlen 64 scopeid 0x20<link>
> ether 08:00:27:f4:37:f8 txqueuelen 1000 (Ethernet)
> RX packets 10 bytes 628 (628.0 B)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 14 bytes 900 (900.0 B)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> enp0s8.600: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> inet 172.18.0.2 netmask 255.255.255.0 broadcast 172.18.0.255
> inet6 fe80::a00:27ff:fef4:37f8 prefixlen 64 scopeid 0x20<link>
> ether 08:00:27:f4:37:f8 txqueuelen 1000 (Ethernet)
> RX packets 10 bytes 628 (628.0 B)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 14 bytes 900 (900.0 B)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
> inet 127.0.0.1 netmask 255.0.0.0
> inet6 ::1 prefixlen 128 scopeid 0x10<host>
> loop txqueuelen 1 (Loopback Local)
> RX packets 1567747 bytes 224694729 (214.2 MiB)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 1567747 bytes 224694729 (214.2 MiB)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
>
>
>
> [root@packtfence ~]# cat /usr/local/pf/conf/networks.conf
> [172.17.0.0]
> dns=172.17.0.2
> dhcp_start=172.17.0.10
> gateway=172.17.0.2
> domain-name=vlan-registration.scrivener.com.br
> <http://vlan-registration.scrivener.com.br>
> nat_enabled=disabled
> named=enabled
> dhcp_max_lease_time=30
> fake_mac_enabled=disabled
> dhcpd=disabled
> dhcp_end=172.17.0.246
> type=vlan-registration
> netmask=255.255.255.0
> dhcp_default_lease_time=30
>
> [172.18.0.0]
> dns=172.18.0.2
> dhcp_start=172.18.0.10
> gateway=172.18.0.2
> domain-name=vlan-isolation.scrivener.com.br
> <http://vlan-isolation.scrivener.com.br>
> nat_enabled=disabled
> named=enabled
> dhcp_max_lease_time=30
> fake_mac_enabled=disabled
> dhcpd=disabled
> dhcp_end=172.18.0.246
> type=vlan-isolation
> netmask=255.255.255.0
> dhcp_default_lease_time=30
>
>
>
>
>
> [root@packtfence ~]# cat /usr/local/pf/conf/switches.conf
> #
> # Copyright (C) 2005-2017 Inverse inc.
> #
> # See the enclosed file COPYING for license information (GPL).
> # If you did not receive this file, see
> # http://www.fsf.org/licensing/licenses/gpl.html
> [default]
> type=Dell::N1500
> registrationVlan=300
> isolationVlan=600
> uplink=5
> cliUser=[secret]
> cliPwd=[secret]
> cliEnablePwd=[secret]
> #
> # SNMP section
> #
> # PacketFence -> Switch
> SNMPVersion=2c
> #
> # RADIUS NAS Client config
> #
> # RADIUS shared secret with switch
> radiusSecret=teste123
> CORPORATIVOVlan=301
> uplink_dynamic=0
>
> [172.16.0.50]
> mode=production
> description=172.16.0.50
> ExternalPortalEnforcement=Y
> deauthMethod=Telnet
> cliAccess=Y
> defaultVlan=301
>
>
>
> Any can help? Please! My Christmas present and New Year's Eve.
>
>
>
>
> Att,
> Andre Scrivener
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
