Hello Christian, Are you doing VLAN enforcement or Role enforcement ?
On Aruba you have to do one of them, not both at the same time. How are you redirected on the captive portal ? By a radius request ? Once you get authenticated PF sends a radius disconnect message to the AP to kick your Mac address out for the client to reconnect immediately and get the production vlan/role. Check the logs/packetfence.log for your Mac address the activity and see if you can find any error. Thanks, Ludovic Zammit lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca <http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Mar 10, 2020, at 8:00 AM, Christian Sudec via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > Hi everybody! > > First the current situation so far: > > We installed a test-network, where the packetfence-server is reachable with > an ip 10.5.1.4 (type management) > and set 'RADIUS enforcement' as chosen method. > > Next we installed a Mikrotik-Switch (POE) with 4 VLANS (771-774) and attached > an Aruba-AP to a trunk port > with the mentioned VLANs. The default VLAN is 771 and the AP gets an IP and > can connect to the pf-server. > > Now we created an authentication-source to our AD and created a > switch-template for the AP. There are two > roles based on AD-group-membership: teachers (VID 772) and pupils (VID 773) - > set in the switch profile under > 'Role mapping by VLAN ID'. > > As far as it was possible, we set up the AP according to the packetfence > device configuration guide, because > the guide refers to ArubaOS 5.x, but we are already at 8.6.0.2. > > Now we are stuck: everybody can login with an ad-username (and pasword), but > the user doesn't get > transferred to the correct vlan and stays in the default. In 'Auditing' I can > see at 'Node Information' the > Role N/A and there is no Tunnel-Private-Group-ID in the RADIUS Reply. > > Can somebody enlighten me on what to check or what to set / how to debug? > > kind regards > Chris > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users