Re: [PacketFence-users] Aruba IAP radius CoA failing

[Adam Smith]

Np I understand, get what you need done and you can get it back to me when
you're done. I'll check back in a week if I don't hear from you.
On Jun 28, 2016 5:17 PM, "Tim DeNike"  wrote:

Crap. Totally forgot. Sorry. I the middle of replacing all the edge
switches in our network. :)

I'll try to remember tomorrow morning.

Sent from my iPhone

On Jun 28, 2016, at 6:55 PM, Adam Smith  wrote:

Tim,

Just wondering if you were able to get that module diff?

*Adam Smith*
Network Administrator

Sundance Institute
O:435.658.3456
E:adam_sm...@sundance.org
www.sundance.org

On Sun, Jun 26, 2016 at 9:06 AM, Tim DeNike  wrote:

> I'll try to grab you a diff of my module tomorrow. It was a really minor
> change.
>
> Sent from my iPhone
>
> On Jun 26, 2016, at 8:35 AM, Adam Smith  wrote:
>
> Thanks for the input.  Do you have any suggestions of what to look for or
> where to make the changes.  I tried to do the radius debug, but I don't
> think coa or DM messages seem to show up when using raddebug.
>
>
> --
> Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
> Francisco, CA to explore cutting-edge tech and listen to tech luminaries
> present their vision of the future. This family event has something for
> everyone, including kids. Get more information and register today.
> http://sdm.link/attshape
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> --
> Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
> Francisco, CA to explore cutting-edge tech and listen to tech luminaries
> present their vision of the future. This family event has something for
> everyone, including kids. Get more information and register today.
> http://sdm.link/attshape
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Odd behavior - Cisco Catalyst 2960-S - Packetfence 6.1.0

[Vianney Amador]

Will do, thank you!


_
From: Durand fabrice 
Sent: Tuesday, June 28, 2016 7:36 PM
Subject: Re: [PacketFence-users] Odd behavior - Cisco Catalyst 2960-S - 
Packetfence 6.1.0
To:  


Hi Vianney,

i am sure it will work, also you can add "authentication mac-move 
permit" in global configuration.
 
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/command_reference/b_sec_152ex_2960-x_cr/b_sec_152ex_2960-x_cr_chapter_010.html#wp1977723595


Regards
Fabrice


Le 2016-06-28 18:48, Vianney Amador a  écrit :
Hi Fabrice,
Your suggestion makes sense, I will give it a shot  
tomorrow.
According to the Cisco documentation:
  

This example shows how to configure an802.1x-enabled port to remove 
the current session andinitiate authentication with a new device 
when it connectsto the port:  




Switch(config-if)# authentication violationreplace  










I will keep you posted.  




Thank you,  

Vianney  
  To:packetfence-users@lists.sourceforge.net
From: fdur...@inverse.ca
Date: Tue, 28 Jun 2016 18:30:34 -0400
Subject: Re: [PacketFence-users] Odd behavior - Cisco
Catalyst 2960-S - Packetfence 6.1.0

Hi Vianney,

the issue is on the switch side, not in packetfence side.

Add that to your switch port config: authentication
violation replace

Regards
Fabrice


Le 2016-06-28 16:37, Vianney  Amador a écrit :
Hi guys,
I just added a Cisco Catalyst 2960-S (running   
   latest IOS version) to my test environment  
using 802.1X with MAC Authentication bypass  (Multi­Domain) 
following the Packetfence official  documentation.  
  
I hooked up a Voice-IP phone (Cisco SPA514) on 
one a switch port, thephone was successfully registered on 
my voice VLAN,then I hooked up a PC on the phone's switch 
port,went thru the registration process and got it  
  successfully registered on my production VLAN.
  Everything was working as expected, until I   
 decided to connect another PC (never registered
before) to the phone's switch portthe phone went
completely off,  then I checked the switch port status, here is the 
   result:
  
  GigabitEthernet1/0/37 is down, line protocol 
is  down (err-disabled)
  Port      Name               
Status       Vlan      Duplex  Speed Type  
Gi1/0/37                     err-disabled 162         auto  
 auto 10/100/1000BaseTX

I re-plugged the phone to the switch port, but 
it  did not help at all, then I ran "shutdown" on the   
 interface and then "no shutdown", then everything
when back to normal and I was able to register thisnew PC.  
  
  I was able toreproduce 
this issue twice.
  I tested with both de-auth methods: SNMP and  
  RADIUS.
Anything showed up on the 
packetfence.log

  
  Here is my switch config on the device and
  Packetfence:
  [192.168.1.59]
  description=SWITCH03  group=Cisco_Catalyst_2960   
   

[group Cisco_Catalyst_2960] 
 RoleMap=N  mode=production  AD01Vlan=162   
   

Re: [PacketFence-users] Odd behavior - Cisco Catalyst 2960-S - Packetfence 6.1.0

[Durand fabrice]

Hi Vianney,

i am sure it will work, also you can add " authentication mac-move 
permit" in global configuration.

 
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/command_reference/b_sec_152ex_2960-x_cr/b_sec_152ex_2960-x_cr_chapter_010.html#wp1977723595


Regards
Fabrice


Le 2016-06-28 18:48, Vianney Amador a écrit :

Hi Fabrice,

Your suggestion makes sense, I will give it a shot tomorrow.

According to the Cisco documentation:

This example shows how to configure an 802.1x-enabled port to remove 
the current session and initiate authentication with a new device when 
it connects to the port:



Switch(config-if)# authentication violation replace




I will keep you posted.


Thank you,

Vianney



To: packetfence-users@lists.sourceforge.net
From: fdur...@inverse.ca
Date: Tue, 28 Jun 2016 18:30:34 -0400
Subject: Re: [PacketFence-users] Odd behavior - Cisco Catalyst 2960-S 
- Packetfence 6.1.0


Hi Vianney,

the issue is on the switch side, not in packetfence side.

Add that to your switch port config: authentication violation replace

Regards
Fabrice


Le 2016-06-28 16:37, Vianney Amador a écrit :

Hi guys,

I just added a Cisco Catalyst 2960-S (running latest IOS version)
to my test environment using 802.1X with MAC Authentication bypass
(Multi­Domain) following the Packetfence official documentation.

I hooked up a Voice-IP phone (Cisco SPA514) on one a switch port,
the phone was successfully registered on my voice VLAN, then I
hooked up a PC on the phone's switch port, went thru the
registration process and got it successfully registered on my
production VLAN.

Everything was working as expected, until I decided to connect
another PC (never registered before) to the phone's switch
portthe phone went completely off,  then I checked the
switch port status, here is the result:


GigabitEthernet1/0/37 is down, line protocol is down (err-disabled)

Port  Name   Status   Vlan Duplex  Speed Type
Gi1/0/37 err-disabled 162  auto   auto
10/100/1000BaseTX


I re-plugged the phone to the switch port, but it did not help at
all, then I ran "shutdown" on the interface and then "no
shutdown", then everything when back to normal and I was able to
register this new PC.

I was able to reproduce this issue twice.

I tested with both de-auth methods: SNMP and RADIUS.

Anything showed up on the packetfence.log



Here is my switch config on the device and Packetfence:

[192.168.1.59]
description=SWITCH03
group=Cisco_Catalyst_2960


[group Cisco_Catalyst_2960]
RoleMap=N
mode=production
AD01Vlan=162
SNMPCommunityRead=SNMPpass
useCoA=Y
SNMPCommunityWrite=SNMPpass
VoIPCDPDetect=N
deauthMethod=RADIUS
VoIPDHCPDetect=Y
AccessListMap=N
description=Switch _01
type=Cisco::Catalyst_2960
VoIPLLDPDetect=N
VoIPEnabled=Y
isolationVlan=360
radiusSecret=StrongRadius
UrlMap=N
registrationVlan=260
voiceVlan=20


-

dot1x system-auth-control
aaa new-model
aaa group server radius packetfence
 server name pfnac
aaa authentication login default local
aaa authentication dot1x default group packetfence
aaa authorization network default group packetfence


radius server pfnac
address ipv4 192.168.1.31 auth-port 1812 acct-port 1813
automate-tester username dummy ignore-acct-port idle-time 3
key 0 StrongRadius


radius-server vsa send authentication


aaa server radius dynamic-author
client StrongRadius server-key StrongRadius
port 3799


snmp-server community SNMPpass RO
snmp-server community SNMPpass RW


switchport mode access
switchport voice vlan 20
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 10800
mab
no snmp trap link-status
dot1x pae authenticator
dot1x timeout quiet-period 2
dot1x timeout tx-period 3
spanning-tree portfast





Any thoughts?

Thank you.








--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape



___
PacketFence-users mailing list
   

Re: [PacketFence-users] Aruba IAP radius CoA failing

[Tim DeNike]

Crap. Totally forgot. Sorry. I the middle of replacing all the edge
switches in our network. :)

I'll try to remember tomorrow morning.

Sent from my iPhone

On Jun 28, 2016, at 6:55 PM, Adam Smith  wrote:

Tim,

Just wondering if you were able to get that module diff?

*Adam Smith*
Network Administrator

Sundance Institute
O:435.658.3456
E:adam_sm...@sundance.org
www.sundance.org


On Sun, Jun 26, 2016 at 9:06 AM, Tim DeNike  wrote:

> I'll try to grab you a diff of my module tomorrow. It was a really minor
> change.
>
> Sent from my iPhone
>
> On Jun 26, 2016, at 8:35 AM, Adam Smith  wrote:
>
> Thanks for the input.  Do you have any suggestions of what to look for or
> where to make the changes.  I tried to do the radius debug, but I don't
> think coa or DM messages seem to show up when using raddebug.
>
>
> --
> Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
> Francisco, CA to explore cutting-edge tech and listen to tech luminaries
> present their vision of the future. This family event has something for
> everyone, including kids. Get more information and register today.
> http://sdm.link/attshape
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> --
> Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
> Francisco, CA to explore cutting-edge tech and listen to tech luminaries
> present their vision of the future. This family event has something for
> everyone, including kids. Get more information and register today.
> http://sdm.link/attshape
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape

___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Aruba IAP radius CoA failing

[Adam Smith]

Tim,

Just wondering if you were able to get that module diff?

*Adam Smith*
Network Administrator
[image: Inline image 1][image: Inline image 2]
Sundance Institute
O:435.658.3456
E:adam_sm...@sundance.org
www.sundance.org


On Sun, Jun 26, 2016 at 9:06 AM, Tim DeNike  wrote:

> I'll try to grab you a diff of my module tomorrow. It was a really minor
> change.
>
> Sent from my iPhone
>
> On Jun 26, 2016, at 8:35 AM, Adam Smith  wrote:
>
> Thanks for the input.  Do you have any suggestions of what to look for or
> where to make the changes.  I tried to do the radius debug, but I don't
> think coa or DM messages seem to show up when using raddebug.
>
>
> --
> Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
> Francisco, CA to explore cutting-edge tech and listen to tech luminaries
> present their vision of the future. This family event has something for
> everyone, including kids. Get more information and register today.
> http://sdm.link/attshape
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> --
> Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
> Francisco, CA to explore cutting-edge tech and listen to tech luminaries
> present their vision of the future. This family event has something for
> everyone, including kids. Get more information and register today.
> http://sdm.link/attshape
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Odd behavior - Cisco Catalyst 2960-S - Packetfence 6.1.0

[Vianney Amador]

Hi Fabrice,
Your suggestion makes sense, I will give it a shot tomorrow.
According to the Cisco documentation:








This example shows how to configure an 802.1x-enabled port to remove the 
current session and initiate authentication with a new device when it connects 
to the port:


Switch(config-if)# authentication violation replace


I will keep you posted.
Thank you,Vianney
To: packetfence-users@lists.sourceforge.net
From: fdur...@inverse.ca
Date: Tue, 28 Jun 2016 18:30:34 -0400
Subject: Re: [PacketFence-users] Odd behavior - Cisco Catalyst 2960-S - 
Packetfence 6.1.0


  

  
  
Hi Vianney,



the issue is on the switch side, not in packetfence side.



Add that to your switch port config: authentication violation
replace



Regards

Fabrice





Le 2016-06-28 16:37, Vianney Amador a
  écrit :



  
  Hi guys,



I just added a Cisco Catalyst 2960-S (running latest IOS
  version) to my test environment using 802.1X with MAC
  Authentication bypass (Multi­Domain) following the Packetfence
  official documentation.



I hooked up a Voice-IP phone (Cisco
SPA514) on one a
switch port, the phone was successfully registered on my
voice VLAN, then I hooked up a PC on the phone's switch
port, went thru the registration process and got it
successfully registered on my production VLAN.


  
Everything was working as expected, until I decided to
connect another PC (never registered before) to the phone's
switch portthe phone went completely off,  then I
checked the switch port
status, here is the result:


  


  
GigabitEthernet1/0/37 is down, line protocol is down
  (err-disabled)




  Port  Name   Status   Vlan  
Duplex  Speed Type
  Gi1/0/37 err-disabled 162
 auto   auto 10/100/1000BaseTX







I re-plugged the phone to the switch port, but it did not
  help at all, then I ran
"shutdown" on the interface and then "no shutdown", then
everything when back to normal and I was able to register
this new PC.


  
I was able to reproduce this
issue twice.


  
I tested with both de-auth methods: SNMP and RADIUS.


  

  Anything showed up on the packetfence.log






  


  
Here is my switch config on the device and Packetfence:




  [192.168.1.59]
  description=SWITCH03
  group=Cisco_Catalyst_2960
  

  
  

  
  [group Cisco_Catalyst_2960]
  RoleMap=N
  mode=production
  AD01Vlan=162
  SNMPCommunityRead=SNMPpass
  useCoA=Y
  SNMPCommunityWrite=SNMPpass
  VoIPCDPDetect=N
  deauthMethod=RADIUS
  VoIPDHCPDetect=Y
  AccessListMap=N
  description=Switch _01
  type=Cisco::Catalyst_2960
  VoIPLLDPDetect=N
  VoIPEnabled=Y
  isolationVlan=360
  radiusSecret=StrongRadius
  UrlMap=N
  registrationVlan=260

voiceVlan=20




-


  

  dot1x system-auth-control
  aaa new-model
  aaa group server radius packetfence
   server name pfnac
  aaa authentication login default local
  aaa authentication dot1x default group packetfence
  aaa authorization network default group packetfence
  

  
  

  
  radius server pfnac
  address ipv4 192.168.1.31 auth-port 1812 acct-port 1813
  automate-tester username dummy ignore-acct-port idle-time
3
  key 0 StrongRadius
  

  
  

  
  radius-server vsa send authentication
  

  
  

  
  aaa server radius dynamic-author
  client StrongRadius server-key StrongRadius
  port 3799
  

  
  

  
  snmp-server community SNMPpass RO
  snmp-server community SNMPpass RW
  

  
  

  
  switchport mode access
  switchport voice vlan 20
  authentication host-mode multi-domain
  authentication order dot1x mab
  authentication priority dot1x mab
  authentication 

Re: [PacketFence-users] Odd behavior - Cisco Catalyst 2960-S - Packetfence 6.1.0

[Durand fabrice]

Hi Vianney,

the issue is on the switch side, not in packetfence side.

Add that to your switch port config: authentication violation replace

Regards
Fabrice


Le 2016-06-28 16:37, Vianney Amador a écrit :

Hi guys,

I just added a Cisco Catalyst 2960-S (running latest IOS version) to 
my test environment using 802.1X with MAC Authentication bypass 
(Multi­Domain) following the Packetfence official documentation.


I hooked up a Voice-IP phone (Cisco SPA514) on one a switch port, the 
phone was successfully registered on my voice VLAN, then I hooked up a 
PC on the phone's switch port, went thru the registration process and 
got it successfully registered on my production VLAN.


Everything was working as expected, until I decided to connect another 
PC (never registered before) to the phone's switch portthe phone 
went completely off,  then I checked the switch port status, here is 
the result:



GigabitEthernet1/0/37 is down, line protocol is down (err-disabled)

Port  Name   Status   Vlan Duplex  Speed Type
Gi1/0/37 err-disabled 162  auto   auto 
10/100/1000BaseTX



I re-plugged the phone to the switch port, but it did not help at all, 
then I ran "shutdown" on the interface and then "no shutdown", then 
everything when back to normal and I was able to register this new PC.


I was able to reproduce this issue twice.

I tested with both de-auth methods: SNMP and RADIUS.

Anything showed up on the packetfence.log



Here is my switch config on the device and Packetfence:

[192.168.1.59]
description=SWITCH03
group=Cisco_Catalyst_2960


[group Cisco_Catalyst_2960]
RoleMap=N
mode=production
AD01Vlan=162
SNMPCommunityRead=SNMPpass
useCoA=Y
SNMPCommunityWrite=SNMPpass
VoIPCDPDetect=N
deauthMethod=RADIUS
VoIPDHCPDetect=Y
AccessListMap=N
description=Switch _01
type=Cisco::Catalyst_2960
VoIPLLDPDetect=N
VoIPEnabled=Y
isolationVlan=360
radiusSecret=StrongRadius
UrlMap=N
registrationVlan=260
voiceVlan=20

-

dot1x system-auth-control
aaa new-model
aaa group server radius packetfence
 server name pfnac
aaa authentication login default local
aaa authentication dot1x default group packetfence
aaa authorization network default group packetfence


radius server pfnac
address ipv4 192.168.1.31 auth-port 1812 acct-port 1813
automate-tester username dummy ignore-acct-port idle-time 3
key 0 StrongRadius


radius-server vsa send authentication


aaa server radius dynamic-author
client StrongRadius server-key StrongRadius
port 3799


snmp-server community SNMPpass RO
snmp-server community SNMPpass RW


switchport mode access
switchport voice vlan 20
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 10800
mab
no snmp trap link-status
dot1x pae authenticator
dot1x timeout quiet-period 2
dot1x timeout tx-period 3
spanning-tree portfast





Any thoughts?

Thank you.







--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape


___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Graphite errors

[Derek Wuelfrath]

Excellent,

Let me know so that I can adjust the config in the package !

Cheers!
-dw.

—
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Jun 28, 2016, at 16:49, Bebbet van Dinges  wrote:
> 
> 
> 
> On 28-6-2016 22:36, Derek Wuelfrath wrote:
>> Hello Bebbet,
>> 
>> Any news ?
>> 
>> Cheers!
>> -dw.
> 
> No news, in the form of no errors, i was thinking to report back
> tomorrow, check 1 more night before calling it a win.
> 
> Thanks!
> 
> Bebbet
> 
> --
> Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
> Francisco, CA to explore cutting-edge tech and listen to tech luminaries
> present their vision of the future. This family event has something for
> everyone, including kids. Get more information and register today.
> http://sdm.link/attshape___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Graphite errors

[Bebbet van Dinges]

On 28-6-2016 22:36, Derek Wuelfrath wrote:
> Hello Bebbet,
> 
> Any news ?
> 
> Cheers!
> -dw.

No news, in the form of no errors, i was thinking to report back
tomorrow, check 1 more night before calling it a win.

Thanks!

Bebbet



signature.asc
Description: OpenPGP digital signature
--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Odd behavior - Cisco Catalyst 2960-S - Packetfence 6.1.0

[Vianney Amador]

Hi guys,
I just added a Cisco Catalyst 2960-S (running latest IOS version) to my test 
environment using 802.1X with MAC Authentication bypass (Multi­Domain) 
following the Packetfence official documentation.
I hooked up a Voice-IP phone (Cisco SPA514) on one a switch port, the phone was 
successfully registered on my voice VLAN, then I hooked up a PC on the phone's 
switch port, went thru the registration process and got it successfully 
registered on my production VLAN.
Everything was working as expected, until I decided to connect another PC 
(never registered before) to the phone's switch portthe phone went 
completely off,  then I checked the switch port status, here is the result:

GigabitEthernet1/0/37 is down, line protocol is down (err-disabled)
Port  Name   Status   Vlan   Duplex  Speed TypeGi1/0/37 
err-disabled 162  auto   auto 10/100/1000BaseTX

I re-plugged the phone to the switch port, but it did not help at all, then I 
ran "shutdown" on the interface and then "no shutdown", then everything when 
back to normal and I was able to register this new PC.
I was able to reproduce this issue twice.
I tested with both de-auth methods: SNMP and RADIUS.
Anything showed up on the packetfence.log


Here is my switch config on the device and Packetfence:
[192.168.1.59]description=SWITCH03group=Cisco_Catalyst_2960

[group 
Cisco_Catalyst_2960]RoleMap=Nmode=productionAD01Vlan=162SNMPCommunityRead=SNMPpassuseCoA=YSNMPCommunityWrite=SNMPpassVoIPCDPDetect=NdeauthMethod=RADIUSVoIPDHCPDetect=YAccessListMap=Ndescription=Switch
 
_01type=Cisco::Catalyst_2960VoIPLLDPDetect=NVoIPEnabled=YisolationVlan=360radiusSecret=StrongRadiusUrlMap=NregistrationVlan=260voiceVlan=20
-
dot1x system-auth-controlaaa new-modelaaa group server radius packetfence 
server name pfnacaaa authentication login default localaaa authentication dot1x 
default group packetfenceaaa authorization network default group packetfence

radius server pfnacaddress ipv4 192.168.1.31 auth-port 1812 acct-port 
1813automate-tester username dummy ignore-acct-port idle-time 3key 0 
StrongRadius

radius-server vsa send authentication

aaa server radius dynamic-authorclient StrongRadius server-key StrongRadiusport 
3799

snmp-server community SNMPpass ROsnmp-server community SNMPpass RW

switchport mode accessswitchport voice vlan 20authentication host-mode 
multi-domainauthentication order dot1x mabauthentication priority dot1x 
mabauthentication port-control autoauthentication periodicauthentication timer 
restart 10800authentication timer reauthenticate 10800mabno snmp trap 
link-statusdot1x pae authenticatordot1x timeout quiet-period 2dot1x timeout 
tx-period 3spanning-tree portfast




Any thoughts?
Thank you.




  --
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] Graphite errors

[Derek Wuelfrath]

Hello Bebbet,

Any news ?

Cheers!
-dw.

—
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)

> On Jun 27, 2016, at 09:32, Bebbet van Dinges  wrote:
> 
> 
> 
> On 27-6-2016 15:11, Derek Wuelfrath wrote:
>> Hello Bebbet,
>> 
>> In the logrotate configuration file, can you change the two ‘su’ statements
>> 
>> from
>> 
>> su pf pf
>> 
>> to 
>> 
>> su root pf
>> 
>> Thanks
>> 
>> Cheers!
>> -dw.
> 
> Hello,
> 
> I've changed those parameters, i'll let you know!
> Thanks for all the suggestions so far!
> 
> Kind regards,
> Bebbet
> 
> --
> Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
> Francisco, CA to explore cutting-edge tech and listen to tech luminaries
> present their vision of the future. This family event has something for
> everyone, including kids. Get more information and register today.
> http://sdm.link/attshape___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users


--
Attend Shape: An AT Tech Expo July 15-16. Meet us at AT Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users