Hello Thapeli, i can see that you have multiples issues in your config.
First the switch config doesn't looks to be correct. If the packetfence server is plugged on the port Fa/01 only the vlan 1 is allowed. Next you don't have to enable 802.1x on this port. interface FastEthernet0/1 switchport trunk allowed vlan 1 switchport mode trunk dot1x port-control auto dot1x host-mode multi-host dot1x timeout quiet-period 2 dot1x timeout tx-period 3 dot1x reauthentication Port where you plug your testing device should be like that: switchport mode access dot1x port-control auto dot1x host-mode multi-host dot1x reauthentication Also on the pf side it looks that you have an interface interface eno16777736.1 which is useless since the native vlan looks to be 1 , so eno16777736 is already in the vlan 1. Other thing, you can't return the vlan id 1 if the native vlan on the switchport is already the 1, you should return nothing. [172.16.251.2] description=Test Switch guestVlan= defaultVlan= type=Cisco::Catalyst_2950 VoIPLLDPDetect=N uplink=23,24 radiusSecret=useStrongerSecret MachineVlan= UserVlan= And verify that you are able to ping the switch ip from packetfence : 172.16.251.2 Regards Fabrice Le jeu. 8 juil. 2021 à 17:16, Thapeli Matsabu via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hi, > > Find the attached. I only have one server. It is also working as radius. > > > > > > Kind regards, > > > > > > *From:* Zammit, Ludovic <luza...@akamai.com> > *Sent:* 08 July 2021 09:28 PM > *To:* Thapeli Matsabu <thap...@dataproof.co.za> > *Cc:* packetfence-users@lists.sourceforge.net > *Subject:* Re: [PacketFence-users] VLAN Enforcement with MAC address > authentication > > > > Hello there, > > > > If your Radius audit log is empty it probably means that the radius > authentication did not work properly or you are still cached from a > previous authentication. > > > > Can you provide the /usr/local/pf/logs/packetfence.log and the > /usr/local/pf/logs/radius.log of the server that does the authentication ? > > > > Thanks, > > > > *Ludovic Zammit* > *Product Support Engineer Principal* > > [image: Image removed by sender.] > > *Cell:* +1.613.670.8432 > > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > > Connect with Us: > > [image: Image removed by sender.] <https://community.akamai.com/>[image: > Image removed by sender.] <http://blogs.akamai.com/>[image: Image removed > by sender.] <https://twitter.com/akamai>[image: Image removed by sender.] > <http://www.facebook.com/AkamaiTechnologies>[image: Image removed by > sender.] <http://www.linkedin.com/company/akamai-technologies>[image: > Image removed by sender.] > <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > > > > On Jul 8, 2021, at 3:25 PM, Thapeli Matsabu <thap...@dataproof.co.za> > wrote: > > > > Hi Ludovic, > > Apologies for delayed response. Due to covid restrictions I am working > from home and my lab was still at the office. Today I went and got the > equipment. > > > > 1. My radius audit log is empty. What does that mean? > 2. Radius CoA. Is this on the switch configuration? > > > > > > > > *From:* Zammit, Ludovic <luza...@akamai.com> > *Sent:* 06 July 2021 02:41 PM > *To:* packetfence-users@lists.sourceforge.net > *Cc:* Thapeli Matsabu <thap...@dataproof.co.za> > *Subject:* Re: [PacketFence-users] VLAN Enforcement with MAC address > authentication > > > > Hello there, > > > > Multiple things that you can verify. > > > > 1. Make sure in Auditing that the radius reply for that Mac address > contain the Tunnel-Private-Group-Id = “1" > > > > 2. Re-check if the radius CoA is correctly configured to disconnect user > (radius dynamic authorization) > > > > 3. Show us your configuration / logs related to that authentication. > > > > Thanks, > > > > *Ludovic Zammit* > *Product Support Engineer Principal* > > <~WRD0001.jpg> > > *Cell:* +1.613.670.8432 > > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > > Connect with Us: > > <~WRD0001.jpg> <https://community.akamai.com/><~WRD0001.jpg> > <http://blogs.akamai.com/><~WRD0001.jpg> > <https://urldefense.com/v3/__https:/twitter.com/akamai__;!!GjvTz_vk!CzKvF6LHZ-ULrWu1EQAj8A4e-zOmElpAaiRlNcH4TpiafvtKJeTPrGgFsa0B5A$> > <~WRD0001.jpg> > <https://urldefense.com/v3/__http:/www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!CzKvF6LHZ-ULrWu1EQAj8A4e-zOmElpAaiRlNcH4TpiafvtKJeTPrGi_VB6f5w$> > <~WRD0001.jpg> > <https://urldefense.com/v3/__http:/www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!CzKvF6LHZ-ULrWu1EQAj8A4e-zOmElpAaiRlNcH4TpiafvtKJeTPrGhG6wwm0w$> > <~WRD0001.jpg> > <https://urldefense.com/v3/__http:/www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!CzKvF6LHZ-ULrWu1EQAj8A4e-zOmElpAaiRlNcH4TpiafvtKJeTPrGhWd5JvhA$> > > > > > On Jul 6, 2021, at 3:51 AM, Thapeli Matsabu via PacketFence-users < > packetfence-users@lists.sourceforge.net> wrote: > > > > Hi all, > > I have been through this mailing trying to find if someone had this > problem before, but I could not find anything similar. > > > > I am trying to configure VLAN Enforcement with MAC address authentication: > > - I am using Cisco 2950 with PF 10 on Centos 7 > - I have configured 4 networks: see network.conf attached > > > - Management and Normal– default VLAN (1) > - Registration – VLAN 2 > - Isolation – VLAN 3 > - MAC detection – VLAN 4 (no configured on PF, only on the router) > > > - I have configured my router and PF can see and manage the VLANs. > See my router config attached > - I have manually registered a device on PF > - I want to manually register devices and all registered devices > should go to VLAN 1 (Normal and management) and unregistered devices to > just sit in registration VLAN, and in future registered devices that does > not meet the requirements to go to ISOLATION VLAN. > > > > My problem is that when I connect a device to port 16, it get stuck in > VLAN 2 and it never gets moved to VLAN 1, which is my default VLAN, even > though on PF the device is already registered. If I connect to any other > port, it get moved to VLA 1 even if it’s not registered. > > > > > > > > Regards, > > > > <image003.jpg> > > > > > > > > > > <pf.conf><networks.conf><switches.conf><cisco config.txt> > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!ACAuMID8HF8M7MWrECip8SKCJsDnEDPVqDheOMjtajjM5b2OVVoVmgtKHao_CfOi$ > <https://urldefense.com/v3/__https:/lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!ACAuMID8HF8M7MWrECip8SKCJsDnEDPVqDheOMjtajjM5b2OVVoVmgtKHao_CfOi$> > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
