[PacketFence-users] Successfully passed 802.1x auth but no network access

[Yan via PacketFence-users]

Hi dear users,


We use PF V7.3 in our office integrated with Aruba AC. Recently our wireless 
behaves very strange. Some users can connected to wireless, passed the 802.1x 
auth and can get the correct role and IP, but they just couldn't access any 
network. There is no wired in PF logs. But as we check Aruba AC logs, we can 
see many "User miss" logs. 
I don't know what caused this issue but now our network team said previous ACS 
didn't have this issue and let us check pf's problem.
Anyone ever met this issue ? 


Jan 10 10:49:54 172.26.2.230 Jan 10 10:49:52 2018 WHZH-7210-1 authmgr[4111]: 
<522050> <4111> <INFO> <WHZH-7210-1 172.26.2.230> 
MAC=f4:cc:89:e8:2a:d3,IP=172.26.36.202 User data downloaded to datapath, new 
Role=Didi-Guest-acl-prof/80, bw Contract=0/0, reason=New user IP processing, 
idle-timeout=300
Jan 10 10:49:54 172.26.2.230 Jan 10 10:49:52 2018 WHZH-7210-1 authmgr[4111]: 
<522026> <4111> <INFO> <WHZH-7210-1 172.26.2.230> MAC=f4:cc:89:e8:2a:d3 
IP=172.26.36.202 User miss: ingress=0x1041e, VLAN=205 flags=0x4000c040
Jan 10 10:49:54 172.26.2.230 Jan 10 10:49:52 2018 WHZH-7210-1 authmgr[4111]: 
<522050> <4111> <INFO> <WHZH-7210-1 172.26.2.230> 
MAC=8e:85:00:80:79:ff,IP=172.26.18.2 User data downloaded to datapath, new 
Role=employees/78, bw Contract=0/0, reason=New user IP processing, 
idle-timeout=15300
Jan 10 10:49:54 172.26.2.230 Jan 10 10:49:52 2018 WHZH-7210-1 authmgr[4111]: 
<522026> <4111> <INFO> <WHZH-7210-1 172.26.2.230> MAC=8e:85:00:80:79:ff 
IP=172.26.18.2 User miss: ingress=0x1048c, VLAN=204 flags=0x4000c040
Jan 10 10:49:54 172.26.2.230 Jan 10 10:49:52 2018 WHZH-7210-1 authmgr[4111]: 
<522050> <4111> <INFO> <WHZH-7210-1 172.26.2.230> 
MAC=84:44:67:4f:57:55,IP=172.26.33.243 User data downloaded to datapath, new 
Role=employees/78, bw Contract=0/0, reason=New user IP processing, 
idle-timeout=15300
Jan 10 10:49:54 172.26.2.230 Jan 10 10:49:52 2018 WHZH-7210-1 authmgr[4111]: 
<522026> <4111> <INFO> <WHZH-7210-1 172.26.2.230> MAC=84:44:67:4f:57:55 
IP=172.26.33.243 User miss: ingress=0x10399, VLAN=203 



BTW I comment out acct-session-id in /usr/local/pf/lib/pf/Switch/Aruba.pm since 
we found pf can't disconnect device with acctsessionid. Not sure if this action 
caused error.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users