Hello, It looks like 192.168.254.14 is trying to ask for an authentication. Add it as the switch.
Thanks, Ludovic Zammit Product Support Engineer Principal Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Apr 12, 2022, at 3:02 AM, Misbah Hussaini <misbhaud...@gmail.com> wrote: > > Thanks Ludovic, I'm testing this config change. > > Meanwhile, I checked the radius log when the issue of auth occurred for us > and I found below lines. As I mentioned earlier, I increased the max threads > to a higher value in radius.conf file and the issue was resolved and auth > started working. Does everybody have to increase this value in Production? > I'm asking especially because we are planning to increase the number of > devices (by another 250) and perhaps then I need to use a much higher value > to avoid recurrence of this problem. > > Apr 7 10:06:23 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.14 port 1645 proto udp > Apr 7 10:06:25 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:06:25 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.14 port 1645 proto udp > Apr 7 10:06:26 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:06:26 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.14 port 1645 proto udp > Apr 7 10:06:28 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:06:28 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.14 port 1645 proto udp > Apr 7 10:06:30 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:06:30 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.14 port 1645 proto udp > Apr 7 10:06:37 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:06:37 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.28 port 1645 proto udp > Apr 7 10:06:42 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:06:42 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.28 port 1645 proto udp > Apr 7 10:06:57 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:06:57 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.13 port 1645 proto udp > Apr 7 10:07:02 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:07:02 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.13 port 1645 proto udp > Apr 7 10:07:04 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:07:04 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.23 port 1645 proto udp > Apr 7 10:07:07 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:07:07 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.13 port 1645 proto udp > Apr 7 10:07:09 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:07:09 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.23 port 1645 proto udp > Apr 7 10:07:12 NAC1 auth[368888]: rlm_sql (sql): No connections available > and at max connection limit > Apr 7 10:07:12 NAC1 auth[368888]: Ignoring request to auth address > 192.168.197.90 port 1812 bound to server packetfence from unknown client > 192.168.254.13 port 1645 proto udp > > > > Regards > Misbah > > > On Mon, 11 Apr 2022 at 17:19, Zammit, Ludovic <luza...@akamai.com > <mailto:luza...@akamai.com>> wrote: > Hello, > > You can disable the TCP FB Collector analyzing: > > You can disable the TCP fingerprinting by doing > > > # systemctl edit packetfence-fingerbank-collector.service > > > In the editor that opens, add: > > > [Service] > > Environment=COLLECTOR_DISABLE_TCP_HANDLER=true > > > Close the editor, then do: > > > # systemctl daemon-reload > > # systemctl restart packetfence-fingerbank-collector > > > Thanks, > > Ludovic Zammit > Product Support Engineer Principal > > Cell: +1.613.670.8432 > Akamai Technologies - Inverse > 145 Broadway > Cambridge, MA 02142 > Connect with Us: <https://community.akamai.com/> > <http://blogs.akamai.com/> > <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhkGXhfII$> > > <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhn3hmSw4$> > > <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhiw82adM$> > > <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!SWp7hL-2PyHJAaiZfWDTkgAbemIa3M4LNPnjmB3JPvhxHR1E_qQlKru872B5eN-rzoWFo7aUcvRhY_n9_Qc$> > >> On Apr 11, 2022, at 2:51 AM, Misbah Hussaini <misbhaud...@gmail.com >> <mailto:misbhaud...@gmail.com>> wrote: >> >> Hello, >> >> We are currently doing only wired 802.1x & MAC auth, the server config is >> >> Intel(R) Xeon(R) CPU E5-2407 v2 @ 2.40GHz >> 16GB RAM (Free RAM - 8GB) >> Running Debian X64. >> >> Also, I would like to disable the packetfence-fingerbank-collector from >> monit config as it is generating too many zombie processes alerts, I guess >> the monit config is managed by pfcmd geenratemonitconfig but I dunno how to >> disable specifically fingerbank-collector. >> >> Regards >> Misbah >> >> >> On Sat, 9 Apr 2022 at 00:23, Zammit, Ludovic <luza...@akamai.com >> <mailto:luza...@akamai.com>> wrote: >> Hello Misbah, >> >> I highly doubt that you would cap a cluster capacity with only 250 devices >> registered. >> >> You have an ongoing issue that need to be fixed. >> >> What’s the spec on the PF servers? Are you doing 802.1x or Mac >> authentication ? Wired ? Wireless? >> >> We have cluster of 3 running 10 000 unique radius authentication without >> choking. >> >> Thanks, >> >> Ludovic Zammit >> Product Support Engineer Principal >> >> Cell: +1.613.670.8432 >> Akamai Technologies - Inverse >> 145 Broadway >> Cambridge, MA 02142 >> Connect with Us: <https://community.akamai.com/> >> <http://blogs.akamai.com/> >> <https://urldefense.com/v3/__https://twitter.com/akamai__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvneW7Z63Y$> >> >> <https://urldefense.com/v3/__http://www.facebook.com/AkamaiTechnologies__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvn00CMBGY$> >> >> <https://urldefense.com/v3/__http://www.linkedin.com/company/akamai-technologies__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvnAn0KVkA$> >> >> <https://urldefense.com/v3/__http://www.youtube.com/user/akamaitechnologies?feature=results_main__;!!GjvTz_vk!WpjZfRBMI0mVuUAS2zXkY5v4UuJaTKuuP0bM29s40nnrJwz_hjxk8aolOJkcFWvyf6EOzIffTyvnCNH0oAI$> >> >>> On Apr 7, 2022, at 4:18 AM, Misbah Hussaini via PacketFence-users >>> <packetfence-users@lists.sourceforge.net >>> <mailto:packetfence-users@lists.sourceforge.net>> wrote: >>> >>> Hello, >>> >>> Firstly, I'm happy with the way Packetfence is working in the environment. >>> A big thanks to the team for the project and awesome documentation. I have >>> configured Packetfence in a 3 node cluster and registered 250+ devices so >>> far. >>> >>> I faced a problem with the radius server reaching the max connections limit >>> and most of the users were disconnected while I fixed the problem (had to >>> increase the max spare servers to a high value in radius.conf). I was >>> optimistic with the cluster setup, thinking I should not be facing downtime >>> issues but didn't realize that a config issue could lead to a blackout. >>> >>> Now, this leads me to wonder if there is a way in which I could have >>> decreased the downtime for the end users while we fixed the problem in the >>> config. Also, I would appreciate highlighting any other Production related >>> settings that need to be fine tuned to avoid such instances in future.. >>> >>> >>> Regards >>> Misbah >>> _______________________________________________ >>> PacketFence-users mailing list >>> PacketFence-users@lists.sourceforge.net >>> <mailto:PacketFence-users@lists.sourceforge.net> >>> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!HgrKFaieZq5jctGQKZZFOfERw1Xxn-35gkE2_VNs6FiuvQnK4pMpdGzvoWG00YjT$ >>> >>> <https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!HgrKFaieZq5jctGQKZZFOfERw1Xxn-35gkE2_VNs6FiuvQnK4pMpdGzvoWG00YjT$> >>> >> >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users