[PacketFence-users] Switch is not managed by packetfence

Amjad Ali via PacketFence-users Wed, 01 Aug 2018 05:09:40 -0700

Hi All,

I have a pica8 switch (P-3297) running Pica8's NOS. Its a 48 port 1G box.


The configuration on the switch needed to support dot1x as per Pica8 docs
is the below two steps.

1) set protocols dot1x aaa radius authentication server-ip 10.10.50.233
shared-key test
2) set protocols dot1x interface ge-1/1/13 auth-mode dot1x

The packetfence switch config is

[10.10.51.148]
description=3297
radiusSecret=test
deauthMethod=RADIUS
cliAccess=Y
VoIPDHCPDetect=N
VoIPLLDPDetect=N
VoIPCDPDetect=N
cliTransport=SSH
cliPwd=123456
cliUser=admin

But i'm getting the following error.

(4174) Wed Aug  1 10:43:18 2018: Debug: eap: Sending EAP Success (code 3)
ID 59 length 4
(4174) Wed Aug  1 10:43:18 2018: Debug: eap: Freeing handler
(4174) Wed Aug  1 10:43:18 2018: Debug:       [eap] = ok
(4174) Wed Aug  1 10:43:18 2018: Debug:     } # authenticate = ok
(4174) Wed Aug  1 10:43:18 2018: Debug:   # Executing section post-auth
from file /usr/local/pf/raddb/sites-enabled/packetfence-tunnel
(4174) Wed Aug  1 10:43:18 2018: Debug:     post-auth {
(4174) Wed Aug  1 10:43:18 2018: Debug:       policy
packetfence-set-tenant-id {
(4174) Wed Aug  1 10:43:18 2018: Debug:         if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0") {
(4174) Wed Aug  1 10:43:18 2018: Debug:         EXPAND
%{%{control:PacketFence-Tenant-Id}:-0}
(4174) Wed Aug  1 10:43:18 2018: Debug:            --> 1
(4174) Wed Aug  1 10:43:18 2018: Debug:         if (
"%{%{control:PacketFence-Tenant-Id}:-0}" == "0")  -> FALSE
(4174) Wed Aug  1 10:43:18 2018: Debug:         if (
&control:PacketFence-Tenant-Id == 0 ) {
(4174) Wed Aug  1 10:43:18 2018: Debug:         if (
&control:PacketFence-Tenant-Id == 0 )  -> FALSE
(4174) Wed Aug  1 10:43:18 2018: Debug:       } # policy
packetfence-set-tenant-id = noop
(4174) Wed Aug  1 10:43:18 2018: Debug: rest: Expanding URI components
(4174) Wed Aug  1 10:43:18 2018: Debug: rest: EXPAND http://127.0.0.1:7070
(4174) Wed Aug  1 10:43:18 2018: Debug: rest:    --> http://127.0.0.1:7070
(4174) Wed Aug  1 10:43:18 2018: Debug: rest: EXPAND //radius/rest/authorize
(4174) Wed Aug  1 10:43:18 2018: Debug: rest:    --> //radius/rest/authorize
(4174) Wed Aug  1 10:43:18 2018: Debug: rest: Sending HTTP POST to "
http://127.0.0.1:7070//radius/rest/authorize";
(4174) Wed Aug  1 10:43:18 2018: Debug: rest: Encoding attribute "User-Name"
(4174) Wed Aug  1 10:43:18 2018: Debug: rest: Encoding attribute
"NAS-IP-Address"
(4174) Wed Aug  1 10:43:18 2018: Debug: rest: Encoding attribute "NAS-Port"
(4174) Wed Aug  1 10:43:18 2018: Debug: rest: Encoding attribute
"Framed-MTU"
(4174) Wed Aug  1 10:43:18 2018: Debug: rest: Encoding attribute "State"
(4174) Wed Aug  1 10:43:18 2018: Debug: rest: Encoding attribute
"Called-Station-Id"
(4174) Wed Aug  1 10:43:18 2018: Debug: rest: Encoding attribute
"Calling-Station-Id"
(4174) Wed Aug  1 10:43:18 2018: Debug: rest: Encoding attribute
"NAS-Port-Type"
(4174) Wed Aug  1 10:43:18 2018: Debug: rest: Encoding attribute
"Event-Timestamp"
(4174) Wed Aug  1 10:43:18 2018: Debug: rest: Encoding attribute
"EAP-Message"
(4174) Wed Aug  1 10:43:18 2018: Debug: rest: Encoding attribute
"FreeRADIUS-Proxied-To"
(4174) Wed Aug  1 10:43:18 2018: Debug: rest: Encoding attribute "EAP-Type"
(4174) Wed Aug  1 10:43:18 2018: Debug: rest: Encoding attribute
"Stripped-User-Name"
(4174) Wed Aug  1 10:43:18 2018: Debug: rest: Encoding attribute "Realm"
(4174) Wed Aug  1 10:43:18 2018: Debug: rest: Processing response header
(4174) Wed Aug  1 10:43:18 2018: Debug: rest:   Status : 401 (Unauthorized)
(4174) Wed Aug  1 10:43:18 2018: Debug: rest:   Type   : json
(application/json)
(4174) Wed Aug  1 10:43:18 2018: ERROR: rest: Server returned:
(4174) Wed Aug  1 10:43:18 2018: ERROR: rest: {"Reply-Message":"Switch is
not managed by
PacketFence","control:PacketFence-Authorization-Status":"allow","control:PacketFence-Request-Time":1533091398}
(4174) Wed Aug  1 10:43:18 2018: Debug:       [rest] = invalid
(4174) Wed Aug  1 10:43:18 2018: Debug:     } # post-auth = invalid
(4174) Wed Aug  1 10:43:18 2018: Debug:   Using Post-Auth-Type Reject
(4174) Wed Aug  1 10:43:18 2018: Debug:   # Executing group from file
/usr/local/pf/raddb/sites-enabled/packetfence-tunnel
(4174) Wed Aug  1 10:43:18 2018: Debug:     Post-Auth-Type REJECT {
(4174) Wed Aug  1 10:43:18 2018: Debug:       update {
(4174) Wed Aug  1 10:43:18 2018: Debug:       } # update = noop
(4174) Wed Aug  1 10:43:18 2018: Debug:       policy
packetfence-audit-log-reject {


Can you please suggest/advise what steps I need to take to make this work.

Many thanks,
Ali
-- 
Amjad Ali

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Switch is not managed by packetfence

Reply via email to