Re: [PacketFence-users] Problem with Acl with aruba 2530 in Packetfence V11

Thu, 07 Jul 2022 02:02:45 -0700

Bonjour,

Je suis absent.

N'ayant pas accès à ma messagerie pendant cette période, je prendrai connaissance de votre message à mon retour.

En cas d'urgence, vous pouvez contacter le Service Desk en téléphonant au 071 84 92 92 ou en envoyant un email à [email protected].

Cordialement,

 ---

Thank you for your e-mail.

I am out of office and I have no access to my e-mails.

I will get back to you as soon as I can.

In case of emergency, please contact your Service Desk Team by phone at 071 84 92 92 or by email : [email protected].

Best regards,

Bénoni Delfosse
Chief Technology Officer

+32 71 84 92 92
[email protected]

      

--REPLY above this line to respond--

COVID-19 : Uniwan met tout en oeuvre pour assurer la continuité de service.
Informations Uniwan/COVID-19 en temps réel : https://uniwan.be/cov19/

Here at Uniwan.be we care for your privacy. That is why we have taken appropriate measures to ensure that the data you have provided to us is always secure. If you have any questions related to GDPR compliance or data protection, please contact our Data Protection Officer.



From: [email protected]
Sent: 7/7/2022 8:37:48 AM +00:00
To: [email protected]
Subject: Re: [PacketFence-users] Problem with Acl with aruba 2530 in Packetfence V11

Hello,

 

I try with this config in my switch, it works perfectly with packetfence 10.3 but with packetfence 11.2, I can only put one rule acl, seem when packetfence send the rule on my switch (aruba 2530),  it send my rules in one line, and can’t take  carriage return by rules.

 

 

snmp-server community "public" Unrestricted

snmp-server host 10.0.x.x community "public" informs trap-level not-info

no snmp-server enable traps link-change 1-10

 

radius-server host 10.0.x.x key XxxX

 

aaa accounting network start-stop radius

aaa authentication telnet login radius local

aaa authentication web login radius local

aaa authentication ssh login radius local

 

 

aaa authentication port-access eap-radius

aaa port-access authenticator 1-9

aaa port-access authenticator 1-9 client-limit 3

aaa port-access authenticator active

 

aaa accounting network start-stop radius

 

William

 

 

 

 

 

 

De : Zammit, Ludovic <[email protected]>
Envoyé : jeudi 7 juillet 2022 10:58
À : William VANDAL <[email protected]>
Objet : Re: [PacketFence-users] Problem with Acl with aruba 2530 in Packetfence V11

 

Hello,

 

The one to one exchange is only for customer, when you reply you have to put the mailing list in CC. 

 

For the configuration I don’t know it for that particular model but you will find some configuration in the PacketFence network guide in the documentation section on packetfence.org

 

Thanks,



On Jul 6, 2022, at 6:17 PM, William VANDAL <[email protected]> wrote:



Hello Ludovic

 

Can you give me the file configuration to communicate between my switch aruba 2530, I use type : Aruba 2930m

 

Thanks

 

 

 

 

 

 

 

De : Zammit, Ludovic <[email protected]>
Envoyé : mercredi 6 juillet 2022 23:20
À : William VANDAL <[email protected]>
Objet : Re: [PacketFence-users] Problem with Acl with aruba 2530 in Packetfence V11

 

Hello William,

 

I highly doubt the system difference is playing a role here, only the returned attributes matter.

 

Thanks,

 

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432

Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142

Connect with Us:




On Jul 5, 2022, at 10:13 PM, William VANDAL <[email protected]> wrote:

 

Hello Ludovic,

Yes it the same switch aruba 2530, the different between it the Os : centos 7.9 (packetfence 10.3) and OS Debian 11.3 (packetfence 11.3)

 

thanks

 

 

<image002.png>

<image005.png>

<image007.png>

<image009.png>

William VANDAL     
Technicien informatique   
DAF - SSI
414020 p4390 - 835616

 

 

 

De : Zammit, Ludovic <[email protected]> 
Envoyé : mercredi 6 juillet 2022 11:51
À : William VANDAL <[email protected]>
Objet : Re: [PacketFence-users] Problem with Acl with aruba 2530 in Packetfence V11

 

Les deux réponse sont du même switche?

 

La réponse à l’air pareil donc je ne vois pas pourquoi il dit que l’alcool est trop longue. J’ai pas bcp jouer les acl dynamique d’aruba. 

 

Merci,

On Jul 5, 2022, at 7:40 PM, William VANDAL <[email protected]> wrote:

 

Hello Ludovic

 

In radius reply it have this log  in packetfence 11.2.0:

 

Temps de requête

1

Requête RADIUS

User-Name = "a08cfd2ef7b4"

CHAP-Password = 0xb541e3d5a478872c354b230f15503cf0f2

NAS-IP-Address = 10.0.200.233

NAS-Port = 1

Service-Type = Call-Check

Framed-Protocol = PPP

Framed-MTU = 1492

Called-Station-Id = "xx:xx:xx:9f:68:cf"

Calling-Station-Id = "xx:xx:xx:2e:f7:b4"

NAS-Identifier = "SW_spare"

CHAP-Challenge = 0x211d989352bc3790c91527129743696f

NAS-Port-Type = Ethernet

Event-Timestamp = "Jul  6 2022 10:25:46 +11"

Connect-Info = "CONNECT Ethernet 1000Mbps Full duplex"

Message-Authenticator = 0x13a56c0a37b0805145ed9809156f21b5

NAS-Port-Id = "1"

HP-Capability-Advert = 0x011a0000000b28

HP-Capability-Advert = 0x011a0000000b2e

HP-Capability-Advert = 0x011a0000000b30

HP-Capability-Advert = 0x011a0000000b3d

HP-Capability-Advert = 0x011a0000000b18

HP-Capability-Advert = 0x011a0000000b19

HP-Capability-Advert = 0x0138

HP-Capability-Advert = 0x013a

HP-Capability-Advert = 0x0140

HP-Capability-Advert = 0x0141

HP-Capability-Advert = 0x0151

MS-RAS-Vendor = 11

Stripped-User-Name = "a08cfd2ef7b4"

Realm = "null"

FreeRADIUS-Client-IP-Address = 10.0.200.233

PacketFence-KeyBalanced = "a27cd8cbd376908639088f287df41959"

PacketFence-Radius-Ip = "10.0.200.40"

User-Password = "******"

SQL-User-Name = "xxxxxxef7b4"

Réponse RADIUS

REST-HTTP-Status-Code = 200

Tunnel-Private-Group-Id = "10"

NAS-Filter-Rule = "permit in ip from any to 10.0.200.237"

NAS-Filter-Rule = "deny in ip from any to 10.0.200.0/24"

NAS-Filter-Rule = "deny in ip from any to 10.1.200.0/24"

NAS-Filter-Rule = "deny in ip from any to 10.51.200.0/24"

NAS-Filter-Rule = "permit in ip from any to any"

Tunnel-Medium-Type = IEEE-802

Tunnel-Type = VLAN

 

And this error in my aruba 2530

<image018.png>

 

But with packetfence 10.3, seem have the same log without problem with ACL

Temps de requête

0

Requête RADIUS

User-Name = "host/SHA-1401T1.MAIRIE-DUMBEA.LOCAL"

NAS-IP-Address = 10.0.200.242

NAS-Port = 35

Service-Type = Framed-User

Framed-Protocol = PPP

Framed-MTU = 1492

State = 0x20dcdfda2170c50510338c3864a7eba0

Called-Station-Id = "xx:xx:xx:5b:56:40"

Calling-Station-Id = "xx:xx:xx:1a:07:d3"

NAS-Identifier = "SW_DST_1"

NAS-Port-Type = Ethernet

Tunnel-Type:0 = VLAN

Tunnel-Medium-Type:0 = IEEE-802

Tunnel-Private-Group-Id:0 = "10"

Event-Timestamp = "janv.  1 1970 11:00:00 +11"

Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"

EAP-Message = 0x02ac00061a03

NAS-Port-Id = "35"

FreeRADIUS-Proxied-To = 127.0.0.1

HP-Capability-Advert = 0x011a0000000b28

HP-Capability-Advert = 0x011a0000000b2e

HP-Capability-Advert = 0x011a0000000b30

HP-Capability-Advert = 0x011a0000000b3d

HP-Capability-Advert = 0x011a0000000b18

HP-Capability-Advert = 0x011a0000000b19

HP-Capability-Advert = 0x0138

HP-Capability-Advert = 0x013a

HP-Capability-Advert = 0x0140

HP-Capability-Advert = 0x0141

HP-Capability-Advert = 0x0151

MS-RAS-Vendor = 11

EAP-Type = MSCHAPv2

Realm = "MAIRIE-DUMBEA.LOCAL"

PacketFence-Domain = "hdvAD"

PacketFence-KeyBalanced = "8d7703de83c8ec93aafe20806cdab0e9"

PacketFence-Radius-Ip = "10.0.200.237"

PacketFence-NTLMv2-_Only_ = ""

PacketFence-Outer-User = "host/SHA-1401T1.MAIRIE-DUMBEA.LOCAL"

User-Password = "******"

SQL-User-Name = "host/SHA-1401T1.MAIRIE-DUMBEA.LOCAL"

Réponse RADIUS

MS-MPPE-Encryption-Policy = Encryption-Required

MS-MPPE-Encryption-Types = 4

MS-MPPE-Send-Key = 0x9c8f99aba474ea611e05c984d36eb8c1

MS-MPPE-Recv-Key = 0x66576302b82578ac4a2e30bc10ed5b54

EAP-Message = 0x03ac0004

Message-Authenticator = 0x00000000000000000000000000000000

User-Name = "host/SHA-1401T1.MAIRIE-DUMBEA.LOCAL"

Tunnel-Type = VLAN

Tunnel-Private-Group-Id = "10"

NAS-Filter-Rule = "permit in ip from any to 10.0.200.237"

NAS-Filter-Rule = "deny in ip from any to 10.0.200.0/24"

NAS-Filter-Rule = "deny in ip from any to 10.1.200.0/24"

NAS-Filter-Rule = "deny in ip from any to 10.51.200.0/24"

NAS-Filter-Rule = "permit in ip from any to any"

Tunnel-Medium-Type = IEEE-802

 

 

 

 

 

<image010.png>

<image005.png>

<image007.png>

<image009.png>

William VANDAL     
Technicien informatique   
DAF - SSI
414020 p4390 - 835616

 

 

De : Zammit, Ludovic <[email protected]> 
Envoyé : mercredi 6 juillet 2022 00:15
À : PacketFence-users <[email protected]>
Cc : William VANDAL <[email protected]>
Objet : Re: [PacketFence-users] Problem with Acl with aruba 2530 in Packetfence V11

 

Hello William,

 

Check the Radius reply in the web admin in the Auditing section.

 

I doubt that we change that behavior over the two version.

 

Thanks,

 

Ludovic Zammit
Product Support Engineer Principal

<image022.png>

Cell: +1.613.670.8432

Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142

Connect with Us:






On Jul 3, 2022, at 8:23 PM, William VANDAL via PacketFence-users <[email protected]> wrote:

 

Hello,

 

Since we update Packetfence V10.3 to V11, Acl work only with one rule in our Switch Aruba 2530, if we add the 2nd rule, it make error: ‘’00712 radius: ACL error - entry too long, client E8XXXXXXX  port 22’’.

 

We post this problem last year.

Can you give the file configuration in Packetfence to make communication with my switch Aruba 2530 to debug this problem,

 

Thanks

 

Best regard






<image030.png>

<image031.png>

<image032.png>

<image033.png>

William VANDAL     
Technicien informatique   
DAF - SSI
414020 p4390 - 835616

 

 

 

 

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to