André,
The message “Until CoA is implemented we will bounce the port on VLAN
re-assignment traps for MAC-Auth
(pf::Switch::handleReAssignVlanTrapForWiredMacAuth)” is thrown because your
deauthentication method for the Switch (in PacketFence) is set to SNMP (see
handleReAssignVlanTrapForWiredMacAuth in /usr/local/pf/lib/pf/Switch.pm and
/usr/local/pf/lib/pf/Switch/Dell/N1500.pm).
Try changing your de-authentication method on the switch (under Configuration)
in PacketFence to RADIUS and specify the secret key. Please let me know if this
doesn’t work.
Thanks,
Tim
Sent from mobile phone
> On Jan 3, 2018, at 14:59, André Scrivener via PacketFence-users
> <packetfence-users@lists.sourceforge.net> wrote:
>
> Fabrice,
>
> I used the configuration sent, still gave an error.
>
> I saw some new logs:
>
> Jan 3 18:41:44 packetfence pfqueue: pfqueue(25669) WARN:
> [mac:84:7b:eb:e3:84:42] Until CoA is implemented we will bounce the port on
> VLAN re-assignment traps for MAC-Auth
> (pf::Switch::handleReAssignVlanTrapForWiredMacAuth)
>
> You know, do you explain what it would be?
>
> Soon I will update the firmware of the switch, to see if it resolves.
>
> Is it also not a bug in the packetfence version? Did you hear from anyone
> else with this problem?
>
> Greetings!
>
>
>
> 2018-01-03 17:24 GMT-03:00 Fabrice Durand <fdur...@inverse.ca>:
>> Hello André,
>>
>> yes i did that a long time ago:
>>
>> https://github.com/inverse-inc/packetfence/commit/9d47649dd8d133b233d313d2c80e94421c38caaa#diff-53248f7bb6c533be6a5b55ec361b3238
>>
>> Also the note i took:
>>
>> 1 Enter global configuration mode and define the RADIUS server.
>>
>> console#configure
>> console(config)#radius-server host auth 10.34.200.30
>> console(Config-auth-radius)#name PacketFence
>> console(Config-auth-radius)#usage 802.1x
>> console(Config-auth-radius)#key s3cr3t
>> console(Config-auth-radius)#exit
>> console(Config)#aaa server radius dynamic-author
>> console(config-radius-da)#client 10.34.200.30 server-key s3cr3t
>> console(config-radius-da)#auth-type all
>> console(config-radius-da)#exit
>>
>>
>>
>>
>> 2 Enable authentication and globally enable 802.1x client authentication via
>> RADIUS:
>>
>> console(config)#authentication enable
>> console(config)#aaa authentication dot1x default radius
>> console(config)#aaa authorization network default radius
>> console(config)#dot1x system-auth-control
>>
>> (Optional)
>> console(Config)#dot1x dynamic-vlan enable
>>
>> 3 On the interface, enable MAC based authentication mode, enable MAB, and
>> set the order of authentication to 802.1X followed by MAC authentication.
>> Also enable periodic re-authentication.
>>
>> console(config)#interface te1/0/4
>> console(config-if-Te1/0/4)#dot1x port-control mac-based
>> console(config-if-Te1/0/4)#dot1x mac-auth-bypass
>> console(config-if-Te1/0/4)#authentication order dot1x mab
>> console(config-if-Te1/0/4)#dot1x reauthentication
>> console(config-if-Te1/0/4)#exit
>>
>> authentication order mab
>> authentication priority mab
>>
>>
>>
>>> Le 2018-01-03 à 09:18, André Scrivener a écrit :
>>> Hey,
>>>
>>> I configured interface 15 manually to use only vlan 2 (registry), and I was
>>> assigned registry address addressing (192.168.2.0/24)
>>>
>>> Following config switch:
>>>
>>> interface Gi1/0/15
>>> switchport access vlan 2
>>> dot1x port-control force-authorized
>>> exit
>>>
>>>
>>> Following logs packetfence:
>>>
>>> Jan 3 12:14:41 packetfence pfqueue: pfqueue(24777) INFO:
>>> [mac:84:7b:eb:e3:84:42] oldip (172.16.0.10) and newip (192.168.2.10) are
>>> different for 84:7b:eb:e3:84:42 - closing ip4log entry
>>> (pf::api::update_ip4log)
>>>
>>>
>>>
>>> console#show mac address-table vlan 2
>>>
>>> Aging time is 300 Sec
>>>
>>> Vlan Mac Address Type Port
>>> -------- --------------------- ----------- ---------------------
>>> 2 0800.2735.FCC4 Dynamic Gi1/0/11 - Packetfence
>>> 2 847B.EBE3.8442 Dynamic Gi1/0/15 - Test machine
>>>
>>>
>>> You may notice that now the mac address of packetfence is in vlan 2.
>>>
>>> Have you already configured dell switch switches?
>>>
>>> Any idea??
>>>
>>>
>>> 2018-01-03 10:59 GMT-03:00 Fabrice Durand <fdur...@inverse.ca>:
>>>> Hum strange.
>>>>
>>>> What you can try is to define an interface in the vlan 2 (manually on an
>>>> switch port) and plug your test machine in it. (you must receive an ip
>>>> from PacketFence).
>>>> If you receive an ip from the 172.16.0.0/24 then it mean that you have a
>>>> switch configuration issue. (any layer 3 interfaces defined in the vlan 2
>>>> ?).
>>>>
>>>> Also what i can see is that there is no mac in the vlan 2 and the vlan 3
>>>> for the interface 11.
>>>>
>>>> You should have something like that too:
>>>>
>>>> 2 08:00:27:35:fc:c4 Dynamic Gi1/0/11 - PacketFence Reg
>>>>
>>>> 3 08:00:27:35:fc:c4 Dynamic Gi1/0/11 - PacketFence Isol
>>>>
>>>> Regards
>>>> Fabrice
>>>>
>>>>
>>>>> Le 2018-01-02 à 13:55, André Scrivener a écrit :
>>>>> Opss, Fabrice!
>>>>>
>>>>> I forgot an information, the MAC addresses on the switch.
>>>>>
>>>>> By the logs, it is in VLAN 2, the correct vlan.
>>>>>
>>>>> Right now I do not understand, because it does not assign the correct
>>>>> address
>>>>>
>>>>>
>>>>> console#show mac address-table
>>>>>
>>>>> Aging time is 300 Sec
>>>>>
>>>>> Vlan Mac Address Type Port
>>>>> -------- --------------------- ----------- ---------------------
>>>>> 1 0800.2700.58E2 Dynamic Gi1/0/11 - Windows Server 2008
>>>>> 1 0800.2735.FCC4 Dynamic Gi1/0/11 - PacketFence
>>>>> 1 1418.77EA.F0A3 Management Vl1 - Switch Dell
>>>>> 1 641C.XXXXXXXXX Dynamic Gi1/0/11 - My physical pc
>>>>> 2 847B.EBE3.8442 Dynamic Gi1/0/13 - My test machine
>>>>>
>>>>> Total MAC Addresses in use: 5
>>>>>
>>>>> console#show mac address-table interface Gi1/0/13
>>>>>
>>>>> Aging time is 300 Sec
>>>>>
>>>>> Vlan Mac Address Type Port
>>>>> -------- --------------------- ----------- ---------------------
>>>>> 2 847B.EBE3.8442 Dynamic Gi1/0/13 - My test machine
>>>>>
>>>>>
>>>>> console#
>>>>>
>>>>>
>>>>> 2018-01-02 15:22 GMT-03:00 André Scrivener <andr3.scrive...@gmail.com>:
>>>>>> Hello Fabrice,
>>>>>>
>>>>>> I simplified the environment, I'm using only 1 interface!
>>>>>>
>>>>>>
>>>>>> enp0s3: Management - DHCP FROM WINDOWS SERVER
>>>>>> enp0s3 VLAN 2: Registration - DHCP ENABLE
>>>>>> enp0s3 VLAN 3: Isolation - DHCP ENABLE
>>>>>> enp0s3 VLAN 10: Normal - NO DHCP
>>>>>>
>>>>>> IP Address Switch Managed: 172.16.0.50
>>>>>> Interface 11: My physical machine, and virtual machine (virtualbox)
>>>>>> where is the PacketFence (interface mode bridge)
>>>>>> Interface 23: My client test Windows 8 (interface mode bridge)
>>>>>>
>>>>>>
>>>>>> Problem continue, in the logs it returns to vlan correct, but does not
>>>>>> assign to the computer, it stubborn in assigning the network
>>>>>> 172.16.0.0/24 (Management Network).
>>>>>>
>>>>>>
>>>>>> root@packetfence ~]# tailf /usr/local/pf/logs/packetfence.log
>>>>>> Jan 2 14:03:10 packetfence packetfence_httpd.aaa: httpd.aaa(30935)
>>>>>> INFO: [mac:84:7b:eb:e3:84:42] handling radius autz request: from
>>>>>> switch_ip => (172.16.0.50), connection_type => WIRED_MAC_AUTH,switch_mac
>>>>>> => (14:18:77:ea:f0:a2), mac => [84:7b:eb:e3:84:42], port => 13, username
>>>>>> => "847BEBE38442" (pf::radius::authorize)
>>>>>> Jan 2 14:03:10 packetfence packetfence_httpd.aaa: httpd.aaa(30935)
>>>>>> INFO: [mac:84:7b:eb:e3:84:42] Instantiate profile default
>>>>>> (pf::Connection::ProfileFactory::_from_profile)
>>>>>> Jan 2 14:03:10 packetfence packetfence_httpd.aaa: httpd.aaa(30935)
>>>>>> INFO: [mac:84:7b:eb:e3:84:42] is of status unreg; belongs into
>>>>>> registration VLAN (pf::role::getRegistrationRole)
>>>>>> Jan 2 14:03:10 packetfence packetfence_httpd.aaa: httpd.aaa(30935)
>>>>>> INFO: [mac:84:7b:eb:e3:84:42] (172.16.0.50) Added VLAN 2 to the returned
>>>>>> RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)
>>>>>>
>>>>>>
>>>>>>
>>>>>> [root@packetfence ~]# tailf /usr/local/pf/logs/radius.log
>>>>>> Jan 2 14:03:10 packetfence auth[31813]: Need 1 more connections to
>>>>>> reach min connections (3)
>>>>>> Jan 2 14:03:10 packetfence auth[31813]: rlm_rest (rest): Opening
>>>>>> additional connection (15), 1 of 62 pending slots used
>>>>>> Jan 2 14:03:10 packetfence auth[31813]: Need 7 more connections to
>>>>>> reach 10 spares
>>>>>> Jan 2 14:03:10 packetfence auth[31813]: rlm_sql (sql): Opening
>>>>>> additional connection (18), 1 of 61 pending slots used
>>>>>> Jan 2 14:03:10 packetfence auth[31813]: [mac:84:7b:eb:e3:84:42]
>>>>>> Accepted user: and returned VLAN 2
>>>>>> Jan 2 14:03:10 packetfence auth[31813]: (32) Login OK: [847BEBE38442]
>>>>>> (from client 172.16.0.50 port 13 cli 84:7b:eb:e3:84:42)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Follow network settings:
>>>>>>
>>>>>> [root@packetfence ~]# ifconfig
>>>>>> enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>>>> inet 172.16.0.2 netmask 255.255.255.0 broadcast 172.16.0.255
>>>>>> inet6 fe80::a00:27ff:fe35:fcc4 prefixlen 64 scopeid 0x20<link>
>>>>>> ether 08:00:27:35:fc:c4 txqueuelen 1000 (Ethernet)
>>>>>> RX packets 560936 bytes 711890423 (678.9 MiB)
>>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>>> TX packets 153523 bytes 23163746 (22.0 MiB)
>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>
>>>>>> enp0s3.2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>>>> inet 192.168.2.2 netmask 255.255.255.0 broadcast 192.168.2.255
>>>>>> inet6 fe80::a00:27ff:fe35:fcc4 prefixlen 64 scopeid 0x20<link>
>>>>>> ether 08:00:27:35:fc:c4 txqueuelen 1000 (Ethernet)
>>>>>> RX packets 0 bytes 0 (0.0 B)
>>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>>> TX packets 10 bytes 732 (732.0 B)
>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>
>>>>>> enp0s3.3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>>>> inet 192.168.3.2 netmask 255.255.255.0 broadcast 192.168.3.255
>>>>>> inet6 fe80::a00:27ff:fe35:fcc4 prefixlen 64 scopeid 0x20<link>
>>>>>> ether 08:00:27:35:fc:c4 txqueuelen 1000 (Ethernet)
>>>>>> RX packets 0 bytes 0 (0.0 B)
>>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>>> TX packets 10 bytes 732 (732.0 B)
>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>
>>>>>> enp0s3.10: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>>>> inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255
>>>>>> inet6 fe80::a00:27ff:fe35:fcc4 prefixlen 64 scopeid 0x20<link>
>>>>>> ether 08:00:27:35:fc:c4 txqueuelen 1000 (Ethernet)
>>>>>> RX packets 0 bytes 0 (0.0 B)
>>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>>> TX packets 10 bytes 732 (732.0 B)
>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>
>>>>>> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
>>>>>> inet 127.0.0.1 netmask 255.0.0.0
>>>>>> inet6 ::1 prefixlen 128 scopeid 0x10<host>
>>>>>> loop txqueuelen 1 (Loopback Local)
>>>>>> RX packets 1162494 bytes 167041449 (159.3 MiB)
>>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>>> TX packets 1162494 bytes 167041449 (159.3 MiB)
>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>
>>>>>> [root@packetfence ~]#
>>>>>>
>>>>>>
>>>>>>
>>>>>> [root@packetfence ~]# cat /usr/local/pf/conf/networks.conf
>>>>>> [192.168.3.0]
>>>>>> dns=192.168.3.2
>>>>>> dhcp_start=192.168.3.10
>>>>>> gateway=192.168.3.2
>>>>>> domain-name=vlan-isolation.scrivener.com.br
>>>>>> nat_enabled=disabled
>>>>>> named=enabled
>>>>>> dhcp_max_lease_time=30
>>>>>> fake_mac_enabled=disabled
>>>>>> dhcpd=enabled
>>>>>> dhcp_end=192.168.3.246
>>>>>> type=vlan-isolation
>>>>>> netmask=255.255.255.0
>>>>>> dhcp_default_lease_time=30
>>>>>>
>>>>>> [192.168.2.0]
>>>>>> dns=192.168.2.2
>>>>>> dhcp_start=192.168.2.10
>>>>>> gateway=192.168.2.2
>>>>>> domain-name=vlan-registration.scrivener.com.br
>>>>>> nat_enabled=disabled
>>>>>> named=enabled
>>>>>> dhcp_max_lease_time=30
>>>>>> fake_mac_enabled=disabled
>>>>>> dhcpd=enabled
>>>>>> dhcp_end=192.168.2.246
>>>>>> type=vlan-registration
>>>>>> netmask=255.255.255.0
>>>>>> dhcp_default_lease_time=30
>>>>>> [root@packetfence ~]#
>>>>>>
>>>>>>
>>>>>>
>>>>>> [root@packetfence ~]# cat /usr/local/pf/conf/switches.conf
>>>>>> [172.16.0.50]
>>>>>> mode=production
>>>>>> defaultVlan=10
>>>>>> deauthMethod=RADIUS
>>>>>> description=SWITCH DELL - 172.16.0.50
>>>>>> type=Dell::N1500
>>>>>> radiusSecret=useStrongerSecret
>>>>>> SNMPVersion=2c
>>>>>>
>>>>>> #
>>>>>> # Copyright (C) 2005-2017 Inverse inc.
>>>>>> #
>>>>>> # See the enclosed file COPYING for license information (GPL).
>>>>>> # If you did not receive this file, see
>>>>>> # http://www.fsf.org/licensing/licenses/gpl.html
>>>>>> [192.168.0.1]
>>>>>> description=Test Switch
>>>>>> type=Cisco::Catalyst_2900XL
>>>>>> mode=production
>>>>>> uplink=23,24
>>>>>>
>>>>>> #SNMPVersion = 3
>>>>>> #SNMPEngineID = 0000000000000
>>>>>> #SNMPUserNameRead = readUser
>>>>>> #SNMPAuthProtocolRead = MD5
>>>>>> #SNMPAuthPasswordRead = authpwdread
>>>>>> #SNMPPrivProtocolRead = DES
>>>>>> #SNMPPrivPasswordRead = privpwdread
>>>>>> #SNMPUserNameWrite = writeUser
>>>>>> #SNMPAuthProtocolWrite = MD5
>>>>>> #SNMPAuthPasswordWrite = authpwdwrite
>>>>>> #SNMPPrivProtocolWrite = DES
>>>>>> #SNMPPrivPasswordWrite = privpwdwrite
>>>>>> #SNMPVersionTrap = 3
>>>>>> #SNMPUserNameTrap = readUser
>>>>>> #SNMPAuthProtocolTrap = MD5
>>>>>> #SNMPAuthPasswordTrap = authpwdread
>>>>>> #SNMPPrivProtocolTrap = DES
>>>>>> #SNMPPrivPasswordTrap = privpwdread
>>>>>> [192.168.1.0/24]
>>>>>> description=Test Range Switch
>>>>>> type=Cisco::Catalyst_2900XL
>>>>>> mode=production
>>>>>> uplink=23,24
>>>>>> [root@packetfence ~]#
>>>>>>
>>>>>>
>>>>>> Follow switch configuration:
>>>>>>
>>>>>> Following the configuration of the manual, the model of my switch is
>>>>>> DELL n1548.
>>>>>> (https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_dell)
>>>>>>
>>>>>>
>>>>>> console#show running-config
>>>>>>
>>>>>> !Current Configuration:
>>>>>> !System Description "Dell Networking N1548, 6.2.6.6, Linux 3.6.5"
>>>>>> !System Software Version 6.2.6.6
>>>>>> !
>>>>>> configure
>>>>>> vlan 2-5,10,100
>>>>>> exit
>>>>>> vlan 2
>>>>>> name "Registration"
>>>>>> exit
>>>>>> vlan 3
>>>>>> name "Isolation"
>>>>>> exit
>>>>>> vlan 4
>>>>>> name "Mac detection"
>>>>>> exit
>>>>>> vlan 5
>>>>>> name "Guest"
>>>>>> exit
>>>>>> vlan 100
>>>>>> name "VoIP"
>>>>>> exit
>>>>>> stack
>>>>>> member 1 3 ! N1548
>>>>>> exit
>>>>>> interface vlan 1
>>>>>> ip address 172.16.0.50 255.255.255.0
>>>>>> exit
>>>>>> authentication enable
>>>>>> dot1x system-auth-control
>>>>>> aaa authentication dot1x default radius
>>>>>> aaa authorization network default radius
>>>>>> dot1x dynamic-vlan enable
>>>>>> voice vlan
>>>>>> aaa server radius dynamic-author
>>>>>> client 172.16.0.2 server-key "useStrongerSecret"
>>>>>> exit
>>>>>> radius-server host auth 172.16.0.2
>>>>>> name "PacketFence"
>>>>>> usage 802.1x
>>>>>> key "useStrongerSecret"
>>>>>> exit
>>>>>> !
>>>>>> interface Gi1/0/11
>>>>>> switchport mode trunk
>>>>>> switchport trunk allowed vlan 1-5,100
>>>>>> dot1x port-control force-authorized
>>>>>> exit
>>>>>> !
>>>>>> interface Gi1/0/13
>>>>>> switchport voice detect auto
>>>>>> switchport mode general
>>>>>> switchport access vlan 10
>>>>>> dot1x port-control mac-based
>>>>>> dot1x reauthentication
>>>>>> dot1x mac-auth-bypass
>>>>>> authentication order mab
>>>>>> authentication priority mab
>>>>>> lldp transmit-tlv sys-desc sys-cap
>>>>>> lldp transmit-mgmt
>>>>>> lldp notification
>>>>>> lldp med confignotification
>>>>>> voice vlan 100
>>>>>> exit
>>>>>> snmp-server engineid local 800002a203141877eaf0a0
>>>>>> snmp-server community "private" rw
>>>>>> snmp-server community "public" ro
>>>>>> exit
>>>>>>
>>>>>> console#
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> I still do not understand where the error is. Any idea
>>>>>>
>>>>>>
>>>>>> 2017-12-29 11:15 GMT-03:00 Fabrice Durand via PacketFence-users
>>>>>> <packetfence-users@lists.sourceforge.net>:
>>>>>>> Hello André,
>>>>>>>
>>>>>>> First you need to check on the switch side if the mac address of the
>>>>>>> device is in the vlan 300.
>>>>>>>
>>>>>>> Next a registration vlan is a vlan managed by PacketFence, so you need
>>>>>>> to enable dhcp on the vlan 300 and 600.
>>>>>>> Another thing i can see is that the interface enp0s8.300 (vlan 300) use
>>>>>>> the network 172.17.0.0/24 and it should be 172.16.0.0/24 ?! (but enp0s8
>>>>>>> use this network).
>>>>>>>
>>>>>>> So i my opinion, you probably mess up the vlan/interface config.
>>>>>>>
>>>>>>> If enp0s8 interface is really on the vlan 300 then enp0s8.300 is
>>>>>>> useless and you probably have to use the vlan 301 as the registration
>>>>>>> network.
>>>>>>>
>>>>>>> Last things, be sure that enp0s8 is plugged on a trunk port and be sure
>>>>>>> that you define all the vlans in your switch configuration.
>>>>>>>
>>>>>>> Regards
>>>>>>> Fabrice
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Le 2017-12-29 à 08:50, André Scrivener via PacketFence-users a écrit :
>>>>>>>> I'm configuring pf as vlan enforcement, but I'm having a problem,
>>>>>>>> where vlans with their respective IPs are not being assigned. In the
>>>>>>>> logs it returns
>>>>>>>> the correct vlans, but does not apply to the station.
>>>>>>>>
>>>>>>>>
>>>>>>>> Dec 29 11:36:54 packtfence packetfence_httpd.aaa: httpd.aaa(5185)
>>>>>>>> INFO: [mac:64:1c:67:82:7d:f2] handling radius autz request: from
>>>>>>>> switch_ip => (172.16.0.50), connection_type =>
>>>>>>>> WIRED_MAC_AUTH,switch_mac => (14:18:77:ea:f0:a2), mac =>
>>>>>>>> [64:1c:67:82:7d:f2], port => 41, username => "641C67827DF2"
>>>>>>>> (pf::radius::authorize)
>>>>>>>> Dec 29 11:36:54 packtfence packetfence_httpd.aaa: httpd.aaa(5185)
>>>>>>>> INFO: [mac:64:1c:67:82:7d:f2] Instantiate profile default
>>>>>>>> (pf::Connection::ProfileFactory::_from_profile)
>>>>>>>> Dec 29 11:36:54 packtfence packetfence_httpd.aaa: httpd.aaa(5185)
>>>>>>>> INFO: [mac:64:1c:67:82:7d:f2] is of status unreg; belongs into
>>>>>>>> registration VLAN (pf::role::getRegistrationRole)
>>>>>>>> Dec 29 11:36:54 packtfence packetfence_httpd.aaa: httpd.aaa(5185)
>>>>>>>> INFO: [mac:64:1c:67:82:7d:f2] (172.16.0.50) Added VLAN 300 to the
>>>>>>>> returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept)
>>>>>>>>
>>>>>>>>
>>>>>>>> Dec 29 11:36:54 packtfence auth[7662]: Need 1 more connections to
>>>>>>>> reach min connections (3)
>>>>>>>> Dec 29 11:36:54 packtfence auth[7662]: rlm_rest (rest): Opening
>>>>>>>> additional connection (23), 1 of 62 pending slots used
>>>>>>>> Dec 29 11:36:54 packtfence auth[7662]: Need 1 more connections to
>>>>>>>> reach min connections (3)
>>>>>>>> Dec 29 11:36:54 packtfence auth[7662]: rlm_sql (sql): Opening
>>>>>>>> additional connection (25), 1 of 62 pending slots used
>>>>>>>> Dec 29 11:36:54 packtfence auth[7662]: [mac:64:1c:67:82:7d:f2]
>>>>>>>> Accepted user: and returned VLAN 300
>>>>>>>> Dec 29 11:36:54 packtfence auth[7662]: (44) Login OK: [641C67827DF2]
>>>>>>>> (from client 172.16.0.50 port 41 cli 64:1c:67:82:7d:f2)
>>>>>>>>
>>>>>>>>
>>>>>>>> In the logs it returns to vlan correct, but does not assign to the
>>>>>>>> computer, it stubborn in assigning the network 172.16.0.0/24.
>>>>>>>>
>>>>>>>> I did not configure DHCP in packetfence, when packetfence returns a
>>>>>>>> vlan it is for it to get dhcp from my infrastructure. (So I imagine.)
>>>>>>>>
>>>>>>>> Follows some of my settings, it's okay to expose information since
>>>>>>>> it's a lab.
>>>>>>>>
>>>>>>>>
>>>>>>>> [root@packtfence ~]# ifconfig
>>>>>>>> SCRIVENER-b: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>>>>>> inet 169.254.0.2 netmask 255.255.255.252 broadcast
>>>>>>>> 169.254.0.3
>>>>>>>> inet6 fe80::c8b5:5bff:febe:b1cc prefixlen 64 scopeid
>>>>>>>> 0x20<link>
>>>>>>>> ether ca:b5:5b:be:b1:cc txqueuelen 1000 (Ethernet)
>>>>>>>> RX packets 8 bytes 648 (648.0 B)
>>>>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>>>>> TX packets 8 bytes 648 (648.0 B)
>>>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>>>
>>>>>>>> enp0s3: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
>>>>>>>> ether 08:00:27:a3:36:2a txqueuelen 1000 (Ethernet)
>>>>>>>> RX packets 5668 bytes 8119227 (7.7 MiB)
>>>>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>>>>> TX packets 1260 bytes 80253 (78.3 KiB)
>>>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>>>
>>>>>>>> enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>>>>>> inet 172.16.0.2 netmask 255.255.255.0 broadcast 172.16.0.255
>>>>>>>> inet6 fe80::a00:27ff:fef4:37f8 prefixlen 64 scopeid
>>>>>>>> 0x20<link>
>>>>>>>> ether 08:00:27:f4:37:f8 txqueuelen 1000 (Ethernet)
>>>>>>>> RX packets 20960 bytes 4119093 (3.9 MiB)
>>>>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>>>>> TX packets 12227 bytes 21064744 (20.0 MiB)
>>>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>>>
>>>>>>>> enp0s8.300: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>>>>>> inet 172.17.0.2 netmask 255.255.255.0 broadcast 172.17.0.255
>>>>>>>> inet6 fe80::a00:27ff:fef4:37f8 prefixlen 64 scopeid
>>>>>>>> 0x20<link>
>>>>>>>> ether 08:00:27:f4:37:f8 txqueuelen 1000 (Ethernet)
>>>>>>>> RX packets 10 bytes 628 (628.0 B)
>>>>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>>>>> TX packets 14 bytes 900 (900.0 B)
>>>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>>>
>>>>>>>> enp0s8.301: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>>>>>> inet 172.19.0.2 netmask 255.255.255.0 broadcast 172.19.0.255
>>>>>>>> inet6 fe80::a00:27ff:fef4:37f8 prefixlen 64 scopeid
>>>>>>>> 0x20<link>
>>>>>>>> ether 08:00:27:f4:37:f8 txqueuelen 1000 (Ethernet)
>>>>>>>> RX packets 10 bytes 628 (628.0 B)
>>>>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>>>>> TX packets 14 bytes 900 (900.0 B)
>>>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>>>
>>>>>>>> enp0s8.600: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>>>>>> inet 172.18.0.2 netmask 255.255.255.0 broadcast 172.18.0.255
>>>>>>>> inet6 fe80::a00:27ff:fef4:37f8 prefixlen 64 scopeid
>>>>>>>> 0x20<link>
>>>>>>>> ether 08:00:27:f4:37:f8 txqueuelen 1000 (Ethernet)
>>>>>>>> RX packets 10 bytes 628 (628.0 B)
>>>>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>>>>> TX packets 14 bytes 900 (900.0 B)
>>>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>>>
>>>>>>>> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
>>>>>>>> inet 127.0.0.1 netmask 255.0.0.0
>>>>>>>> inet6 ::1 prefixlen 128 scopeid 0x10<host>
>>>>>>>> loop txqueuelen 1 (Loopback Local)
>>>>>>>> RX packets 1567747 bytes 224694729 (214.2 MiB)
>>>>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>>>>> TX packets 1567747 bytes 224694729 (214.2 MiB)
>>>>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> [root@packtfence ~]# cat /usr/local/pf/conf/networks.conf
>>>>>>>> [172.17.0.0]
>>>>>>>> dns=172.17.0.2
>>>>>>>> dhcp_start=172.17.0.10
>>>>>>>> gateway=172.17.0.2
>>>>>>>> domain-name=vlan-registration.scrivener.com.br
>>>>>>>> nat_enabled=disabled
>>>>>>>> named=enabled
>>>>>>>> dhcp_max_lease_time=30
>>>>>>>> fake_mac_enabled=disabled
>>>>>>>> dhcpd=disabled
>>>>>>>> dhcp_end=172.17.0.246
>>>>>>>> type=vlan-registration
>>>>>>>> netmask=255.255.255.0
>>>>>>>> dhcp_default_lease_time=30
>>>>>>>>
>>>>>>>> [172.18.0.0]
>>>>>>>> dns=172.18.0.2
>>>>>>>> dhcp_start=172.18.0.10
>>>>>>>> gateway=172.18.0.2
>>>>>>>> domain-name=vlan-isolation.scrivener.com.br
>>>>>>>> nat_enabled=disabled
>>>>>>>> named=enabled
>>>>>>>> dhcp_max_lease_time=30
>>>>>>>> fake_mac_enabled=disabled
>>>>>>>> dhcpd=disabled
>>>>>>>> dhcp_end=172.18.0.246
>>>>>>>> type=vlan-isolation
>>>>>>>> netmask=255.255.255.0
>>>>>>>> dhcp_default_lease_time=30
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> [root@packtfence ~]# cat /usr/local/pf/conf/switches.conf
>>>>>>>> #
>>>>>>>> # Copyright (C) 2005-2017 Inverse inc.
>>>>>>>> #
>>>>>>>> # See the enclosed file COPYING for license information (GPL).
>>>>>>>> # If you did not receive this file, see
>>>>>>>> # http://www.fsf.org/licensing/licenses/gpl.html
>>>>>>>> [default]
>>>>>>>> type=Dell::N1500
>>>>>>>> registrationVlan=300
>>>>>>>> isolationVlan=600
>>>>>>>> uplink=5
>>>>>>>> cliUser=[secret]
>>>>>>>> cliPwd=[secret]
>>>>>>>> cliEnablePwd=[secret]
>>>>>>>> #
>>>>>>>> # SNMP section
>>>>>>>> #
>>>>>>>> # PacketFence -> Switch
>>>>>>>> SNMPVersion=2c
>>>>>>>> #
>>>>>>>> # RADIUS NAS Client config
>>>>>>>> #
>>>>>>>> # RADIUS shared secret with switch
>>>>>>>> radiusSecret=teste123
>>>>>>>> CORPORATIVOVlan=301
>>>>>>>> uplink_dynamic=0
>>>>>>>>
>>>>>>>> [172.16.0.50]
>>>>>>>> mode=production
>>>>>>>> description=172.16.0.50
>>>>>>>> ExternalPortalEnforcement=Y
>>>>>>>> deauthMethod=Telnet
>>>>>>>> cliAccess=Y
>>>>>>>> defaultVlan=301
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Any can help? Please! My Christmas present and New Year's Eve.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Att,
>>>>>>>> Andre Scrivener
>>>>>>>>
>>>>>>>>
>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>> Check out the vibrant tech community on one of the world's most
>>>>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> PacketFence-users mailing list
>>>>>>>> PacketFence-users@lists.sourceforge.net
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>>
>>>>>>> --
>>>>>>> Fabrice Durand
>>>>>>> fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
>>>>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and
>>>>>>> PacketFence (http://packetfence.org)
>>>>>>>
>>>>>>> ------------------------------------------------------------------------------
>>>>>>> Check out the vibrant tech community on one of the world's most
>>>>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>>>>> _______________________________________________
>>>>>>> PacketFence-users mailing list
>>>>>>> PacketFence-users@lists.sourceforge.net
>>>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Att
>>>>>> Andre
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Att
>>>>> Andre
>>>>
>>>> --
>>>> Fabrice Durand
>>>> fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>>>> (http://packetfence.org)
>>>
>>>
>>>
>>> --
>>> Att
>>> Andre Scrivener
>>
>> --
>> Fabrice Durand
>> fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>
>
>
> --
> Att,
> Andre Scrivener
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users