Hello, Do you want to do Web Auth or VLAN enforcement for the portal ? You can’t do both.
Thanks, Ludovic Zammit lzam...@inverse.ca <mailto:lzam...@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca <http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Nov 10, 2020, at 8:05 AM, Abdoul Raouf Diabagate via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > I just installed packetfence version 10.2 ZEN. after following the setup > guide i want to do my first test. the test with the 8021X supplicant works > and the customer is dynamically registered in the correct vlan > > However when I want to test the captive portal, I plug a windows computer > into one of the switch ports. after a few minutes, the computer is placed in > my registration vlan and receives a dynamically ip address from packetfence. > and I am redirected to the address > http://192.168.222.129/Cisco::Catalyst_2960/sidceab07 > <http://192.168.222.129/Cisco::Catalyst_2960/sidceab07>. > after a few minutes of waiting, the browser displays 'waiting time exceeded' > > However when I move a port of the switch manually in the registration vlan, > and I plug in a computer, the portal page automatically displays > > Any ideas? > > [switch port conf] > interface FastEthernet0/12 > switchport mode access > authentication order dot1x mab > authentication priority dot1x mab > authentication port-control auto > authentication periodic > authentication timer restart 10800 > authentication timer reauthenticate 7200 > authentication violation replace > mab > no snmp trap link-status > dot1x pae authenticator > dot1x timeout quiet-period 2 > dot1x timeout tx-period 3 > > [Packetfence LOG] > > Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: > [mac:b0:6e:bf:ab:3a:fe] handling radius autz request: from switch_ip => > (192.168.222.130), connection_type => Ethernet-NoEAP,switch_mac => > (88:90:8d:30:60:0c), mac => [b0:6e:bf:ab:3a:fe], port => 10012, username => > "b06ebfab3afe" (pf::radius::authorize) > Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: > [mac:b0:6e:bf:ab:3a:fe] Instantiate profile noEAP > (pf::Connection::ProfileFactory::_from_profile) > Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: > [mac:b0:6e:bf:ab:3a:fe] is of status unreg; belongs into registration VLAN > (pf::role::getRegistrationRole) > Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: > [mac:b0:6e:bf:ab:3a:fe] (192.168.222.130) Added VLAN 120 to the returned > RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) > Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: > [mac:b0:6e:bf:ab:3a:fe] (192.168.222.130) Added role registration to the > returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) > Nov 10 13:00:52 packetfence packetfence_httpd.aaa: httpd.aaa(15827) INFO: > [mac:b0:6e:bf:ab:3a:fe] Adding web authentication redirection to reply using > role: 'registration' and URL: > 'http://192.168.222.129/Cisco::Catalyst_2960/sidc3b51a > <http://192.168.222.129/Cisco::Catalyst_2960/sidc3b51a>' > (pf::Switch::Cisco::Catalyst_2960::returnRadiusAccessAccept) > Nov 10 13:00:56 packetfence packetfence: pfperl-api(1486) INFO: Using 300 > resolution threshold (pf::pfcron::task::cluster_check::run) > Nov 10 13:00:56 packetfence packetfence: pfperl-api(1487) INFO: processed 0 > security_events during security_event maintenance (1605013256.13453 > 1605013256.14244) (pf::security_event::security_event_maintenance) > Nov 10 13:00:56 packetfence packetfence: pfperl-api(1486) INFO: All cluster > members are running the same configuration version > (pf::pfcron::task::cluster_check::run) > Nov 10 13:00:56 packetfence packetfence: pfperl-api(1487) INFO: processed 0 > security_events during security_event maintenance (1605013256.1439 > 1605013256.14699) (pf::security_event::security_event_maintenance) > Nov 10 13:00:56 packetfence packetfence: pfperl-api(1485) INFO: getting > security_events triggers for accounting cleanup > (pf::accounting::acct_maintenance) > Nov 10 13:01:48 packetfence pfqueue: pfqueue(27361) WARN: > [mac:b0:6e:bf:ab:3a:fe] Unable to match MAC address to IP '192.168.120.103' > (pf::ip4log::ip2mac) > Nov 10 13:01:48 packetfence pfqueue: pfqueue(27361) INFO: > [mac:b0:6e:bf:ab:3a:fe] oldip (192.168.120.53) and newip (192.168.120.103) > are different for b0:6e:bf:ab:3a:fe - closing ip4log entry > (pf::api::update_ip4log) > Nov 10 13:01:48 packetfence pfqueue: pfqueue(26901) WARN: > [mac:b0:6e:bf:ab:3a:fe] Unable to pull accounting history for device > b0:6e:bf:ab:3a:fe. The history set doesn't exist yet. > (pf::accounting_events_history::latest_mac_history) > Nov 10 13:01:48 packetfence pfqueue: pfqueue(26901) WARN: > [mac:b0:6e:bf:ab:3a:fe] Unable to pull accounting history for device > b0:6e:bf:ab:3a:fe. The history set doesn't exist yet. > (pf::accounting_events_history::latest_mac_history) > Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: getting > security_events triggers for accounting cleanup > (pf::accounting::acct_maintenance) > Nov 10 13:01:56 packetfence packetfence: pfperl-api(1486) INFO: processed 0 > security_events during security_event maintenance (1605013316.14234 > 1605013316.1507) (pf::security_event::security_event_maintenance) > Nov 10 13:01:56 packetfence packetfence: pfperl-api(1486) INFO: processed 0 > security_events during security_event maintenance (1605013316.15212 > 1605013316.15555) (pf::security_event::security_event_maintenance) > Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: Using 300 > resolution threshold (pf::pfcron::task::cluster_check::run) > Nov 10 13:01:56 packetfence packetfence: pfperl-api(1485) INFO: All cluster > members are running the same configuration version > (pf::pfcron::task::cluster_check::run) > Nov 10 13:02:56 packetfence packetfence: pfperl-api(1487) INFO: processed 0 > security_events during security_event maintenance (1605013376.14526 > 1605013376.1536) (pf::security_event::security_event_maintenance) > Nov 10 13:02:56 packetfence packetfence: pfperl-api(1488) INFO: Using 300 > resolution threshold (pf::pfcron::task::cluster_check::run) > Nov 10 13:02:56 packetfence packetfence: pfperl-api(1488) INFO: All cluster > members are running the same configuration version > (pf::pfcron::task::cluster_check::run) > Nov 10 13:02:56 packetfence packetfence: pfperl-api(1487) INFO: processed 0 > security_events during security_event maintenance (1605013376.15512 > 1605013376.16199) (pf::security_event::security_event_maintenance) > Nov 10 13:02:56 packetfence packetfence: pfperl-api(1486) INFO: getting > security_events triggers for accounting cleanup > (pf::accounting::acct_maintenance) > Nov 10 13:03:02 packetfence pfipset[16318]: t=2020-11-10T13:03:02+0000 > lvl=info msg="No Inline Network bypass ipsets reload" pid=16318 > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
