Re: [PacketFence-users] VLAN ID : (undefined)

Fri, 03 Aug 2018 18:05:47 -0700 

Hello Ali,
PacketFence do his job, so it looks that your switch doesn't support vlan assignment by radius. 

Regards

Fabrice



Le 2018-08-03 à 06:23, Amjad Ali via PacketFence-users a écrit :

Hi All,


I'm trying to test an unsupported switch with packetfence that has 
support for 802.1X. The goal is to authenticate a client and assign a 
vlan to the connected switch port. I suppose that's what we call 
radius only enforcement?



The authentication goes well and I can see the user registered from 
the web UI. But when I check the switch port on the switch its not 
assigned to the proper vlan (VLAN ID 10)


The radius reply message says:


MS-MPPE-Encryption-Policy = Encryption-Required 
MS-MPPE-Encryption-Types = 4 MS-MPPE-Send-Key = 
0x1447f430c4f09d0f42d055e5a6230c77 MS-MPPE-Recv-Key = 
0xb144af604dfd40f6a55cf4ac4b0475bb EAP-Message = 0x032e0004 
Message-Authenticator = 0x00000000000000000000000000000000 
Stripped-User-Name = "pica8" Tunnel-Medium-Type = IEEE-802 Tunnel-Type 
= VLAN Tunnel-Private-Group-Id = "10"



I suppose the Tunnel-Private-Group-Id = 10 means the client be put in 
Vlan 10.


However, I see the below entry in the packetfence.log


Aug  3 16:19:17 packetfence8 packetfence_httpd.aaa: httpd.aaa(8796) 
INFO: [mac:e0:db:55:cd:84:62] PID: "pica8", Status: reg Returned VLAN: 
(undefined), Role: gaming (pf::role::fetchRoleForNode)




gaming is set to vlan 10 in packetfence-->Configuration-->Switches. 
(Role mapping by vlan id)


Can someone please help explain whats wrong here.

Thanks in advance.
Ali

--
Amjad Ali


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to