Hello,
I’m currently working on a PacketFence setup and having trouble with the
dynamic VLAN assignment. Authentication is functioning correctly
(verified via logs), and the switch confirms that 802.1X authentication
is successful. However, VLAN assignment is not working as expected.
Here’s a summary of my setup and the steps I’ve taken:
• I have added the switch and enabled Role Mapping by VLAN ID,
assigning the correct VLAN ID.
• I created an Authentication Source with Authentication Rules
using the memberof condition and the full DN of the LDAP group. This has
been tested with and without any conditions, with the same result.
• The issue persists where no VLAN is assigned after successful
authentication.
Logs
Below are some logs that may help diagnose the issue:
*packetfence.log*
2024-09-16T15:57:44.791790+02:00 packetfence-14
httpd.aaa-docker-wrapper[3036]: httpd.aaa(7) INFO:
[mac:00:e0:4c:68:08:27] Instantiate profile 8021x
(pf::Connection::ProfileFactory::_from_profile)
2024-09-16T15:57:44.809341+02:00 packetfence-14
httpd.aaa-docker-wrapper[3036]: httpd.aaa(7) INFO:
[mac:00:e0:4c:68:08:27] Found authentication source(s) : '' for realm
'null' (pf::config::util::filter_authentication_sources)
2024-09-16T15:57:44.809463+02:00 packetfence-14
httpd.aaa-docker-wrapper[3036]: httpd.aaa(7) INFO:
[mac:00:e0:4c:68:08:27] No rules matches or no category defined for the
node, set it as unreg. (pf::role::getNodeInfoForAutoReg)
2024-09-16T15:57:44.809463+02:00 packetfence-14
httpd.aaa-docker-wrapper[3036]: httpd.aaa(7) WARN:
[mac:00:e0:4c:68:08:27] No category computed for autoreg
(pf::role::getNodeInfoForAutoReg)
2024-09-16T15:57:44.814522+02:00 packetfence-14
httpd.aaa-docker-wrapper[3036]: httpd.aaa(7) INFO:
[mac:00:e0:4c:68:08:27] Username was NOT defined or unable to match a
role - returning node based role '' (pf::role::getRegisteredRole)
2024-09-16T15:57:44.814864+02:00 packetfence-14
httpd.aaa-docker-wrapper[3036]: httpd.aaa(7) WARN:
[mac:00:e0:4c:68:08:27] No parameter Vlan found in conf/switches.conf
for the switch 192.168.188.212 (pf::Switch::getVlanByName)
*radius.log*
2024-09-16T15:57:44.258471+02:00 packetfence-14 auth[91590]: Adding
client 192.168.188.212/32
2024-09-16T15:57:44.827353+02:00 packetfence-14 auth[91590]: (42) Login
OK: [test01] (from client 192.168.188.212/32 port 50004 cli
00:e0:4c:68:08:27 via TLS tunnel)
2024-09-16T15:57:44.837698+02:00 packetfence-14 auth[91590]: (43) Login
OK: [test01] (from client 192.168.188.212/32 port 50004 cli
00:e0:4c:68:08:27)
What I’ve Tried:
• Confirmed that the authentication source is correctly
configured, using an LDAP group with the full DN in the rule.
• Verified that the switch is properly configured for 802.1X and
dynamic VLAN assignment.
• Examined the PacketFence configuration for role mapping and
VLAN settings, but the VLAN remains undefined after authentication.
Environment:
• PacketFence version: 14
• Switch model and firmware:
vios_l2-ADVENTERPRISEK9-M),
Experimental Version 15.2(20200924:215240
C3560 Software (C3560-IPBASE-M),
Version 12.2(35)SE5
• Authentication source: ActiveDirecty
• OS of PacketFence server: Debian 12
Any help or direction on how to resolve this VLAN assignment issue would
be appreciated! Has anyone encountered something similar?
Thanks in advance.
Best regards,
[Your Name]
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
