Re: [PacketFence-users] MAC Authentication help pls

[Zammit, Ludovic via PacketFence-users]

Hello Jose,

I think you are correct.

Thanks,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Apr 25, 2022, at 8:09 AM, José Ramos via PacketFence-users 
>  wrote:
> 
> I tried with an other switch (Cisco SMB) and this worked so I think that this 
> is a switch problem. Maybe this is because it is a virtualized switch.
> 
> 
> On Sun, Apr 24, 2022 at 7:15 PM José Ramos  > wrote:
> Here is the switch configuration (testing so almost empty :))
> aaa new-model
> !
> !
> aaa group server radius packetfence
>  server 192.168.1.100 auth-port 1812 acct-port 1813
> !
> aaa authentication login default local
> aaa authentication dot1x default group packetfence
> aaa authorization network default group packetfence
> !
> !
> !
> !
> aaa server radius dynamic-author
>  client 192.168.1.100 server-key x
>  port 3799
> !
> aaa session-id common
> no ip icmp rate-limit unreachable
> !
> ip cef
> !
> !
> no ip domain-lookup
> no ipv6 cef
> ipv6 multicast rpf use-bgp
> !
> !
> dot1x system-auth-control
> !
> !
> !
> !
> !
> spanning-tree mode pvst
> spanning-tree extend system-id
> !
> !
> !
> !
> vlan internal allocation policy ascending
> !
> ip tcp synwait-time 5
> !
> !
> !
> !
> !
> !
> !
> !
> !
> interface Ethernet0/0
>  switchport trunk encapsulation dot1q
>  switchport mode trunk
>  duplex auto
> !
> interface Ethernet0/1
>  duplex auto
> !
> interface Ethernet0/2
>  switchport mode access
>  duplex auto
>  authentication order mab dot1x
>  authentication priority mab dot1x
>  authentication port-control auto
>  authentication periodic
>  authentication timer restart 10800
>  authentication timer reauthenticate 10800
>  mab
>  no snmp trap link-status
>  dot1x pae authenticator
>  dot1x timeout quiet-period 10
>  dot1x timeout tx-period 10
> !
> interface Ethernet0/3
>  duplex auto
> !
> interface Ethernet1/0
>  duplex auto
> !
> interface Ethernet1/1
>  duplex auto
> !
> interface Ethernet1/2
>  duplex auto
> !
> interface Ethernet1/3
>  duplex auto
> !
> interface Ethernet2/0
>  duplex auto
> !
> interface Ethernet2/1
>  duplex auto
> !
> interface Ethernet2/2
>  duplex auto
> !
> interface Ethernet2/3
>  duplex auto
> !
> interface Ethernet3/0
>  duplex auto
> !
> interface Ethernet3/1
>  duplex auto
> !
> interface Ethernet3/2
>  duplex auto
> !
> interface Ethernet3/3
>  duplex auto
> !
> interface Vlan1
>  ip address 192.168.10.10 255.255.255.0
> !
> interface Vlan20
>  no ip address
>  ip helper-address 192.168.1.100
>  shutdown
> !
> !
> no ip http server
> !
> ip route 0.0.0.0 0.0.0.0 192.168.10.254
> !
> !
> !
> snmp-server community public RO
> snmp-server community private RW
> !
> radius-server host 192.168.1.100 auth-port 1812 acct-port 1813 timeout 2 key 
> x
> radius-server vsa send authentication
> !
> !
> control-plane
> !
> !
> line con 0
>  exec-timeout 0 0
>  privilege level 15
>  logging synchronous
> line aux 0
>  exec-timeout 0 0
>  privilege level 15
>  logging synchronous
> line vty 0 4
> !
> end
> 
> 
> On Sun, Apr 24, 2022 at 2:11 PM rein--- via PacketFence-users 
>  > wrote:
> please paste your config on the switchport and the general settings on the 
> switch. 
> 
> you can also use the log (sh log) to see what happens when you plug in 
> something in the switch.
> 
> April 21, 2022 8:30 AM, "José Ramos via PacketFence-users" 
>  >
>  wrote:
> Hello dear PacketFence users and developers !
> I have successfully configured PacketFence with 802.1x (PF directly connected 
> on the switch to manage).
> But I can't figure out how to to MAC authentication. I have enabled MAB on my 
> Cisco switch and registered the MAC address in the node tab. But nothing 
> happens when I connect the device. I'm not put in the registration/isolation 
> vlan and have no access to corporate network (which is logical since I 
> enabled MAB).
> Can someone help me pls ?
> Thank you in advance !
> José Ramos.
> 
> 
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net 
> 
> https://lists.sourceforge.net/lists/listinfo/packetfence-users 
> 
> 

Re: [PacketFence-users] MAC Authentication help pls

[José Ramos via PacketFence-users]

I tried with an other switch (Cisco SMB) and this worked so I think that
this is a switch problem. Maybe this is because it is a virtualized switch.


On Sun, Apr 24, 2022 at 7:15 PM José Ramos 
wrote:

> Here is the switch configuration (testing so almost empty :))
> *aaa new-model*
> *!*
> *!*
> *aaa group server radius packetfence*
> * server 192.168.1.100 auth-port 1812 acct-port 1813*
> *!*
> *aaa authentication login default local*
> *aaa authentication dot1x default group packetfence*
> *aaa authorization network default group packetfence*
> *!*
> *!*
> *!*
> *!*
> *aaa server radius dynamic-author*
> * client 192.168.1.100 server-key x*
> * port 3799*
> *!*
> *aaa session-id common*
> *no ip icmp rate-limit unreachable*
> *!*
> *ip cef*
> *!*
> *!*
> *no ip domain-lookup*
> *no ipv6 cef*
> *ipv6 multicast rpf use-bgp*
> *!*
> *!*
> *dot1x system-auth-control*
> *!*
> *!*
> *!*
> *!*
> *!*
> *spanning-tree mode pvst*
> *spanning-tree extend system-id*
> *!*
> *!*
> *!*
> *!*
> *vlan internal allocation policy ascending*
> *!*
> *ip tcp synwait-time 5*
> *!*
> *!*
> *!*
> *!*
> *!*
> *!*
> *!*
> *!*
> *!*
> *interface Ethernet0/0*
> * switchport trunk encapsulation dot1q*
> * switchport mode trunk*
> * duplex auto*
> *!*
> *interface Ethernet0/1*
> * duplex auto*
> *!*
> *interface Ethernet0/2*
> * switchport mode access*
> * duplex auto*
> * authentication order mab dot1x*
> * authentication priority mab dot1x*
> * authentication port-control auto*
> * authentication periodic*
> * authentication timer restart 10800*
> * authentication timer reauthenticate 10800*
> * mab*
> * no snmp trap link-status*
> * dot1x pae authenticator*
> * dot1x timeout quiet-period 10*
> * dot1x timeout tx-period 10*
> *!*
> *interface Ethernet0/3*
> * duplex auto*
> *!*
> *interface Ethernet1/0*
> * duplex auto*
> *!*
> *interface Ethernet1/1*
> * duplex auto*
> *!*
> *interface Ethernet1/2*
> * duplex auto*
> *!*
> *interface Ethernet1/3*
> * duplex auto*
> *!*
> *interface Ethernet2/0*
> * duplex auto*
> *!*
> *interface Ethernet2/1*
> * duplex auto*
> *!*
> *interface Ethernet2/2*
> * duplex auto*
> *!*
> *interface Ethernet2/3*
> * duplex auto*
> *!*
> *interface Ethernet3/0*
> * duplex auto*
> *!*
> *interface Ethernet3/1*
> * duplex auto*
> *!*
> *interface Ethernet3/2*
> * duplex auto*
> *!*
> *interface Ethernet3/3*
> * duplex auto*
> *!*
> *interface Vlan1*
> * ip address 192.168.10.10 255.255.255.0*
> *!*
> *interface Vlan20*
> * no ip address*
> * ip helper-address 192.168.1.100*
> * shutdown*
> *!*
> *!*
> *no ip http server*
> *!*
> *ip route 0.0.0.0 0.0.0.0 192.168.10.254*
> *!*
> *!*
> *!*
> *snmp-server community public RO*
> *snmp-server community private RW*
> *!*
> *radius-server host 192.168.1.100 auth-port 1812 acct-port 1813 timeout 2
> key x*
> *radius-server vsa send authentication*
> *!*
> *!*
> *control-plane*
> *!*
> *!*
> *line con 0*
> * exec-timeout 0 0*
> * privilege level 15*
> * logging synchronous*
> *line aux 0*
> * exec-timeout 0 0*
> * privilege level 15*
> * logging synchronous*
> *line vty 0 4*
> *!*
> *end*
>
>
> On Sun, Apr 24, 2022 at 2:11 PM rein--- via PacketFence-users <
> packetfence-users@lists.sourceforge.net> wrote:
>
>> please paste your config on the switchport and the general settings on
>> the switch.
>>
>> you can also use the log (sh log) to see what happens when you plug in
>> something in the switch.
>>
>> April 21, 2022 8:30 AM, "José Ramos via PacketFence-users" <
>> packetfence-users@lists.sourceforge.net
>> >
>> wrote:
>>
>> Hello dear PacketFence users and developers !
>> I have successfully configured PacketFence with 802.1x (PF directly
>> connected on the switch to manage).
>> But I can't figure out how to to MAC authentication. I have enabled MAB
>> on my Cisco switch and registered the MAC address in the node tab. But
>> nothing happens when I connect the device. I'm not put in the
>> registration/isolation vlan and have no access to corporate network (which
>> is logical since I enabled MAB).
>> Can someone help me pls ?
>> Thank you in advance !
>> José Ramos.
>>
>>
>>
>> ___
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] MAC Authentication help pls

[José Ramos via PacketFence-users]

Here is the switch configuration (testing so almost empty :))
*aaa new-model*
*!*
*!*
*aaa group server radius packetfence*
* server 192.168.1.100 auth-port 1812 acct-port 1813*
*!*
*aaa authentication login default local*
*aaa authentication dot1x default group packetfence*
*aaa authorization network default group packetfence*
*!*
*!*
*!*
*!*
*aaa server radius dynamic-author*
* client 192.168.1.100 server-key x*
* port 3799*
*!*
*aaa session-id common*
*no ip icmp rate-limit unreachable*
*!*
*ip cef*
*!*
*!*
*no ip domain-lookup*
*no ipv6 cef*
*ipv6 multicast rpf use-bgp*
*!*
*!*
*dot1x system-auth-control*
*!*
*!*
*!*
*!*
*!*
*spanning-tree mode pvst*
*spanning-tree extend system-id*
*!*
*!*
*!*
*!*
*vlan internal allocation policy ascending*
*!*
*ip tcp synwait-time 5*
*!*
*!*
*!*
*!*
*!*
*!*
*!*
*!*
*!*
*interface Ethernet0/0*
* switchport trunk encapsulation dot1q*
* switchport mode trunk*
* duplex auto*
*!*
*interface Ethernet0/1*
* duplex auto*
*!*
*interface Ethernet0/2*
* switchport mode access*
* duplex auto*
* authentication order mab dot1x*
* authentication priority mab dot1x*
* authentication port-control auto*
* authentication periodic*
* authentication timer restart 10800*
* authentication timer reauthenticate 10800*
* mab*
* no snmp trap link-status*
* dot1x pae authenticator*
* dot1x timeout quiet-period 10*
* dot1x timeout tx-period 10*
*!*
*interface Ethernet0/3*
* duplex auto*
*!*
*interface Ethernet1/0*
* duplex auto*
*!*
*interface Ethernet1/1*
* duplex auto*
*!*
*interface Ethernet1/2*
* duplex auto*
*!*
*interface Ethernet1/3*
* duplex auto*
*!*
*interface Ethernet2/0*
* duplex auto*
*!*
*interface Ethernet2/1*
* duplex auto*
*!*
*interface Ethernet2/2*
* duplex auto*
*!*
*interface Ethernet2/3*
* duplex auto*
*!*
*interface Ethernet3/0*
* duplex auto*
*!*
*interface Ethernet3/1*
* duplex auto*
*!*
*interface Ethernet3/2*
* duplex auto*
*!*
*interface Ethernet3/3*
* duplex auto*
*!*
*interface Vlan1*
* ip address 192.168.10.10 255.255.255.0*
*!*
*interface Vlan20*
* no ip address*
* ip helper-address 192.168.1.100*
* shutdown*
*!*
*!*
*no ip http server*
*!*
*ip route 0.0.0.0 0.0.0.0 192.168.10.254*
*!*
*!*
*!*
*snmp-server community public RO*
*snmp-server community private RW*
*!*
*radius-server host 192.168.1.100 auth-port 1812 acct-port 1813 timeout 2
key x*
*radius-server vsa send authentication*
*!*
*!*
*control-plane*
*!*
*!*
*line con 0*
* exec-timeout 0 0*
* privilege level 15*
* logging synchronous*
*line aux 0*
* exec-timeout 0 0*
* privilege level 15*
* logging synchronous*
*line vty 0 4*
*!*
*end*


On Sun, Apr 24, 2022 at 2:11 PM rein--- via PacketFence-users <
packetfence-users@lists.sourceforge.net> wrote:

> please paste your config on the switchport and the general settings on the
> switch.
>
> you can also use the log (sh log) to see what happens when you plug in
> something in the switch.
>
> April 21, 2022 8:30 AM, "José Ramos via PacketFence-users" <
> packetfence-users@lists.sourceforge.net
> >
> wrote:
>
> Hello dear PacketFence users and developers !
> I have successfully configured PacketFence with 802.1x (PF directly
> connected on the switch to manage).
> But I can't figure out how to to MAC authentication. I have enabled MAB on
> my Cisco switch and registered the MAC address in the node tab. But nothing
> happens when I connect the device. I'm not put in the
> registration/isolation vlan and have no access to corporate network (which
> is logical since I enabled MAB).
> Can someone help me pls ?
> Thank you in advance !
> José Ramos.
>
>
>
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] MAC Authentication help pls

[rein--- via PacketFence-users]

please paste your config on the switchport and the general settings on the 
switch. 

you can also use the log (sh log) to see what happens when you plug in 
something in the switch.

April 21, 2022 8:30 AM, "José Ramos via PacketFence-users" 
mailto:packetfence-users@lists.sourceforge.net?to=%22Jos%C3%A9%20Ramos%20via%20PacketFence-users%22%20)>
 wrote:
Hello dear PacketFence users and developers !
I have successfully configured PacketFence with 802.1x (PF directly connected 
on the switch to manage). 
But I can't figure out how to to MAC authentication. I have enabled MAB on my 
Cisco switch and registered the MAC address in the node tab. But nothing 
happens when I connect the device. I'm not put in the registration/isolation 
vlan and have no access to corporate network (which is logical since I enabled 
MAB). 
Can someone help me pls ? 
Thank you in advance ! 
José Ramos.
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] MAC Authentication help pls

[Zammit, Ludovic via PacketFence-users]

Hello Jose,

Please post here the switch port configuration.

Thanks,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:   
    
  
  


> On Apr 21, 2022, at 2:30 AM, José Ramos via PacketFence-users 
>  wrote:
> 
> Hello dear PacketFence users and developers !
> I have successfully configured PacketFence with 802.1x (PF directly connected 
> on the switch to manage).
> 
> But I can't figure out how to to MAC authentication. I have enabled MAB on my 
> Cisco switch and registered the MAC address in the node tab. But nothing 
> happens when I connect the device. I'm not put in the registration/isolation 
> vlan and have no access to corporate network (which is logical since I 
> enabled MAB).
> 
> Can someone help me pls ?
> Thank you in advance !
> 
> José Ramos.
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!WJG8JBWQf9ac5fessO3xwDxM770E13Y-CGj3FZN-GAi3dEat1h1xqg1E5s41Ynk3iBw3Zig443P6McZtRUsdCjksE7ANdECUy15CAg$
>  



smime.p7s
Description: S/MIME cryptographic signature
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] MAC Authentication help pls

[José Ramos via PacketFence-users]

Hello dear PacketFence users and developers !
I have successfully configured PacketFence with 802.1x (PF directly
connected on the switch to manage).

But I can't figure out how to to MAC authentication. I have enabled MAB on
my Cisco switch and registered the MAC address in the node tab. But nothing
happens when I connect the device. I'm not put in the
registration/isolation vlan and have no access to corporate network (which
is logical since I enabled MAB).

Can someone help me pls ?
Thank you in advance !

José Ramos.
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users