Hi,
8021x is the only method that's being used on the switch. RADIUS gets the
request from the client and it accepts the request but it assigns it to VLAN 2
(Registry VLAN) and the client also doesn't get an IP Address.
In my setup, I don't have have a DHCP server for my access VLAN, is it poss
Hello Fabrice,
I am happy to do away with in-line and do a full implementation
at layer 2, but I have no control over the network the traffic originates
from. That network will pass me the VLAN's and allow radius
communication with the wireless controller as well as pass me
the required VLAN's.
T
Good subject.
I am not a specialist but in my configuration (routed out of band), the
dhcp service of PF is for isolation or registration.
The registration role is only for the "no 8021x captif portal". On my
access vlan, I have an other dhcp server.
You can do a "sh auth session" on the switch
Hello,
I am trying to send back an ACL from Packetfence to the switch after
authentication:
my acl in the radius-filter has multiple line like:
answer19 = cisco-avpair => ip:inacl#190=deny ip any 153.144.129.128
0.0.0.127
answer20 = cisco-avpair => ip:inacl#200=deny ip any 153.144.27.0 0.0.0.255
Hi Everyone,
I’m a student and I’m using PacketFence for my project. I’m just trying to do a
simple 802.1x authentication lab.
My setup is:
2960 Switch
PacketFence 8.3.0
Client
When I plug my client (windows) into the switchport, a username and password
box comes up on the client.
My issue is
Hello Tony,
you can do that with inline network but there is a limitation.
When a device is in the inline network then it mean that the locationlog
changed to inline and after that there is no way to disconnect the
device from the equipment because PacketFence think that it's inline.
What yo