[PacketFence-users] 802.1X + MAC Authentication

Discussion:

Kristaps Dambergs

2015-09-21 21:17:58 UTC

Hi,

I am trying to implement PF ZEN using 801.1x + MAC. When i connect laptop
to port (Registration VLAN) no IP address is received, no access to outh
portal. I can't even ping switch from pf server. I added my config below.

Hoping for some help.

Thanks

PF Logs:

[***@PacketFence-ZEN-5-3 ~]# tail -f /usr/local/pf/logs/packetfence.log

Sep 19 09:09:27 pfcmd.pl(1615) INFO: Daemon carbon-relay took 1.537 seconds
to start. (pf::services::manager::launchService)

Sep 19 09:09:27 pfcmd.pl(1615) INFO: Daemon collectd took 0.196 seconds to
start. (pf::services::manager::launchService)

Sep 19 09:09:27 pfcmd.pl(1615) INFO: pf::services::manager,
/usr/local/pf/lib/pf/services/manager.pm, 178
(pf::services::manager::dhcpd::generateConfig)

Sep 19 09:09:27 pfcmd.pl(1615) INFO: Memory configuration is not valid
anymore for key interfaces::listen_ints in local cached_hash
(pfconfig::cached::is_valid)

Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an undefined
interface... (pf::cluster::members_ips)

Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an undefined
interface... (pf::cluster::members_ips)

Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an undefined
interface... (pf::cluster::members_ips)

Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an undefined
interface... (pf::cluster::members_ips)

Sep 19 09:09:27 pfcmd.pl(1615) INFO: Daemon dhcpd took 0.241 seconds to
start. (pf::services::manager::launchService)

Sep 19 09:10:07 pfcmd.pl(1615) INFO: Daemon httpd.aaa took 40.085 seconds
to start. (pf::services::manager::launchService)

Sep 19 09:11:22 pfcmd.pl(1615) INFO: Daemon httpd.graphite took 36.280
seconds to start. (pf::services::manager::launchService)

[***@PacketFence-ZEN-5-3 ~]# tail -f /usr/local/pf/logs/snmptrapd.log

NET-SNMP version 5.5

2015-09-19 08:44:42 NET-SNMP version 5.5 Stopped.

Stopping snmptrapd

NET-SNMP version 5.5

2015-09-19 09:05:12 NET-SNMP version 5.5 Stopped.

Stopping snmptrapd

NET-SNMP version 5.5

NET-SNMP version 5.5

[***@PacketFence-ZEN-5-3 ~]# tail -f /usr/local/pf/logs/snmptrapd.log

NET-SNMP version 5.5

2015-09-19 08:44:42 NET-SNMP version 5.5 Stopped.

Stopping snmptrapd

NET-SNMP version 5.5

2015-09-19 09:05:12 NET-SNMP version 5.5 Stopped.

Stopping snmptrapd

NET-SNMP version 5.5

NET-SNMP version 5.5

[***@PacketFence-ZEN-5-3 ~]# sudo vi /usr/local/pf/conf/switches.conf

RoleMap=Y

mode=testing

macSearchesMaxNb=30

macSearchesSleepInterval=2

uplink=dynamic

#

# Command Line Interface

#

# cliTransport could be: Telnet, SSH or Serial

cliTransport=Telnet

cliUser=

cliPwd=

cliEnablePwd=

#

# SNMP section

#

# PacketFence -> Switch

SNMPVersion=1

SNMPCommunityRead=public

SNMPCommunityWrite=private

#SNMPEngineID = 0000000000000

#SNMPUserNameRead = readUser

#SNMPAuthProtocolRead = MD5

#SNMPAuthPasswordRead = authpwdread

#SNMPPrivProtocolRead = DES

#SNMPPrivPasswordRead = privpwdread

#SNMPUserNameWrite = writeUser

#SNMPAuthProtocolWrite = MD5

#SNMPAuthPasswordWrite = authpwdwrite

#SNMPPrivProtocolWrite = DES

#SNMPPrivPasswordWrite = privpwdwrite

# Switch -> PacketFence

SNMPVersionTrap=1

SNMPCommunityTrap=public

#SNMPAuthProtocolTrap = MD5

#SNMPAuthPasswordTrap = authpwdread

#SNMPPrivProtocolTrap = DES

#SNMPPrivPasswordTrap = privpwdread

#

# Web Services Interface

#

# wsTransport could be: http or https

wsTransport=http

wsUser=

wsPwd=

#

# RADIUS NAS Client config

#

# RADIUS shared secret with switch

radiusSecret=

[192.168.0.3]

mode=production

deauthMethod=RADIUS

AccessListMap=N

description=2610

SNMPVersionTrap=1

type=HP::Procurve_2600

VoIPEnabled=N

radiusSecret="PASSWD"

uplink_dynamic=0

uplink=23,24

My procurve 2610 config:

Running configuration:

; J9086A Configuration Editor; Created on release #R.11.60

hostname "ProCurveSwitch"

time timezone 180

no telnet-server

interface 23

name "pfserver"

exit

trunk 23 Trk1 Trunk

timesync sntp

vlan 1

name "Default"

untagged 1-2,4-22,24-28,Trk1

ip address 192.168.0.3 255.255.255.0

no untagged 3

exit

vlan 2

name "Registration"

untagged 3

ip address 192.168.2.1 255.255.255.0

tagged Trk1

exit

vlan 3

name "Isolation"

ip address 192.168.3.1 255.255.255.0

tagged Trk1

exit

vlan 10

name "Normal"

ip address 192.168.1.1 255.255.255.0

tagged Trk1

exit

radius-server host 192.168.0.10 key Parole321

aaa server-group radius "packetfence" host 192.168.0.10

aaa authentication port-access eap-radius server-group "packetfence"

aaa authentication mac-based chap-radius server-group "packetfence"

port-security 1 learn-mode port-access action send-alarm

port-security 2 learn-mode port-access action send-alarm

port-security 3 learn-mode port-access action send-alarm

port-security 4 learn-mode port-access action send-alarm

port-security 5 learn-mode port-access action send-alarm

port-security 6 learn-mode port-access action send-alarm

port-security 7 learn-mode port-access action send-alarm

port-security 8 learn-mode port-access action send-alarm

port-security 9 learn-mode port-access action send-alarm

port-security 10 learn-mode port-access action send-alarm

port-security 11 learn-mode port-access action send-alarm

port-security 12 learn-mode port-access action send-alarm

port-security 13 learn-mode port-access action send-alarm

port-security 14 learn-mode port-access action send-alarm

port-security 15 learn-mode port-access action send-alarm

port-security 16 learn-mode port-access action send-alarm

port-security 17 learn-mode port-access action send-alarm

port-security 18 learn-mode port-access action send-alarm

port-security 19 learn-mode port-access action send-alarm

port-security 20 learn-mode port-access action send-alarm

port-security 21 learn-mode port-access action send-alarm

port-security 22 learn-mode port-access action send-alarm

snmp-server host 192.168.0.10 community "public" informs trap-level Not-INFO

no snmp-server enable traps link-change 1-22

sntp unicast

sntp server 129.6.15.30

aaa port-access authenticator 1-22

aaa port-access authenticator 1 client-limit 1

aaa port-access authenticator 2 client-limit 1

aaa port-access authenticator 3 client-limit 1

aaa port-access authenticator 4 client-limit 1

aaa port-access authenticator 5 client-limit 1

aaa port-access authenticator 6 client-limit 1

aaa port-access authenticator 7 client-limit 1

aaa port-access authenticator 8 client-limit 1

aaa port-access authenticator 9 client-limit 1

aaa port-access authenticator 10 client-limit 1

aaa port-access authenticator 11 client-limit 1

aaa port-access authenticator 12 client-limit 1

aaa port-access authenticator 13 client-limit 1

aaa port-access authenticator 14 client-limit 1

aaa port-access authenticator 15 client-limit 1

aaa port-access authenticator 16 client-limit 1

aaa port-access authenticator 17 client-limit 1

aaa port-access authenticator 18 client-limit 1

aaa port-access authenticator 19 client-limit 1

aaa port-access authenticator 20 client-limit 1

aaa port-access authenticator 21 client-limit 1

aaa port-access authenticator 22 client-limit 1

aaa port-access authenticator active

aaa port-access mac-based 1-22

aaa port-access mac-based 1 addr-moves

aaa port-access mac-based 1 reauth-period 14400

aaa port-access mac-based 2 addr-moves

aaa port-access mac-based 2 reauth-period 14400

aaa port-access mac-based 3 addr-moves

aaa port-access mac-based 3 reauth-period 14400

aaa port-access mac-based 4 addr-moves

aaa port-access mac-based 4 reauth-period 14400

aaa port-access mac-based 5 addr-moves

aaa port-access mac-based 5 reauth-period 14400

aaa port-access mac-based 6 addr-moves

aaa port-access mac-based 6 reauth-period 14400

aaa port-access mac-based 7 addr-moves

aaa port-access mac-based 7 reauth-period 14400

aaa port-access mac-based 8 addr-moves

aaa port-access mac-based 8 reauth-period 14400

aaa port-access mac-based 9 addr-moves

aaa port-access mac-based 9 reauth-period 14400

aaa port-access mac-based 10 addr-moves

aaa port-access mac-based 10 reauth-period 14400

aaa port-access mac-based 11 addr-moves

aaa port-access mac-based 11 reauth-period 14400

aaa port-access mac-based 12 addr-moves

aaa port-access mac-based 12 reauth-period 14400

aaa port-access mac-based 13 addr-moves

aaa port-access mac-based 13 reauth-period 14400

aaa port-access mac-based 14 addr-moves

aaa port-access mac-based 14 reauth-period 14400

aaa port-access mac-based 15 addr-moves

aaa port-access mac-based 15 reauth-period 14400

aaa port-access mac-based 16 addr-moves

aaa port-access mac-based 16 reauth-period 14400

aaa port-access mac-based 17 addr-moves

aaa port-access mac-based 17 reauth-period 14400

aaa port-access mac-based 18 addr-moves

aaa port-access mac-based 18 reauth-period 14400

aaa port-access mac-based 19 addr-moves

aaa port-access mac-based 19 reauth-period 14400

aaa port-access mac-based 20 addr-moves

aaa port-access mac-based 20 reauth-period 14400

aaa port-access mac-based 21 addr-moves

aaa port-access mac-based 21 reauth-period 14400

aaa port-access mac-based 22 addr-moves

aaa port-access mac-based 22 reauth-period 14400

aaa port-access 1 controlled-direction in

aaa port-access 2 controlled-direction in

aaa port-access 3 controlled-direction in

aaa port-access 4 controlled-direction in

aaa port-access 5 controlled-direction in

aaa port-access 6 controlled-direction in

aaa port-access 7 controlled-direction in

aaa port-access 8 controlled-direction in

aaa port-access 9 controlled-direction in

aaa port-access 10 controlled-direction in

aaa port-access 11 controlled-direction in

aaa port-access 12 controlled-direction in

aaa port-access 13 controlled-direction in

aaa port-access 14 controlled-direction in

aaa port-access 15 controlled-direction in

aaa port-access 16 controlled-direction in

aaa port-access 17 controlled-direction in

aaa port-access 18 controlled-direction in

aaa port-access 19 controlled-direction in

aaa port-access 20 controlled-direction in

aaa port-access 21 controlled-direction in

aaa port-access 22 controlled-direction in

spanning-tree Trk1 priority 4

ip ssh

password manager

password operator

Kristaps Dambergs

2015-09-24 19:50:16 UTC

Permalink

Could somebody help me?

Post by Kristaps Dambergs
Hi,
I am trying to implement PF ZEN using 801.1x + MAC. When i connect laptop
to port (Registration VLAN) no IP address is received, no access to outh
portal. I can't even ping switch from pf server. I added my config below.
Hoping for some help.
Thanks
Sep 19 09:09:27 pfcmd.pl(1615) INFO: Daemon carbon-relay took 1.537
seconds to start. (pf::services::manager::launchService)
Sep 19 09:09:27 pfcmd.pl(1615) INFO: Daemon collectd took 0.196 seconds
to start. (pf::services::manager::launchService)
Sep 19 09:09:27 pfcmd.pl(1615) INFO: pf::services::manager,
/usr/local/pf/lib/pf/services/manager.pm, 178
(pf::services::manager::dhcpd::generateConfig)
Sep 19 09:09:27 pfcmd.pl(1615) INFO: Memory configuration is not valid
anymore for key interfaces::listen_ints in local cached_hash
(pfconfig::cached::is_valid)
Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an
undefined interface... (pf::cluster::members_ips)
Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an
undefined interface... (pf::cluster::members_ips)
Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an
undefined interface... (pf::cluster::members_ips)
Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an
undefined interface... (pf::cluster::members_ips)
Sep 19 09:09:27 pfcmd.pl(1615) INFO: Daemon dhcpd took 0.241 seconds to
start. (pf::services::manager::launchService)
Sep 19 09:10:07 pfcmd.pl(1615) INFO: Daemon httpd.aaa took 40.085 seconds
to start. (pf::services::manager::launchService)
Sep 19 09:11:22 pfcmd.pl(1615) INFO: Daemon httpd.graphite took 36.280
seconds to start. (pf::services::manager::launchService)
NET-SNMP version 5.5
2015-09-19 08:44:42 NET-SNMP version 5.5 Stopped.
Stopping snmptrapd
NET-SNMP version 5.5
2015-09-19 09:05:12 NET-SNMP version 5.5 Stopped.
Stopping snmptrapd
NET-SNMP version 5.5
NET-SNMP version 5.5
NET-SNMP version 5.5
2015-09-19 08:44:42 NET-SNMP version 5.5 Stopped.
Stopping snmptrapd
NET-SNMP version 5.5
2015-09-19 09:05:12 NET-SNMP version 5.5 Stopped.
Stopping snmptrapd
NET-SNMP version 5.5
NET-SNMP version 5.5
RoleMap=Y
mode=testing
macSearchesMaxNb=30
macSearchesSleepInterval=2
uplink=dynamic
#
# Command Line Interface
#
# cliTransport could be: Telnet, SSH or Serial
cliTransport=Telnet
cliUser=
cliPwd=
cliEnablePwd=
#
# SNMP section
#
# PacketFence -> Switch
SNMPVersion=1
SNMPCommunityRead=public
SNMPCommunityWrite=private
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
# Switch -> PacketFence
SNMPVersionTrap=1
SNMPCommunityTrap=public
#SNMPAuthProtocolTrap = MD5
#SNMPAuthPasswordTrap = authpwdread
#SNMPPrivProtocolTrap = DES
#SNMPPrivPasswordTrap = privpwdread
#
# Web Services Interface
#
# wsTransport could be: http or https
wsTransport=http
wsUser=
wsPwd=
#
# RADIUS NAS Client config
#
# RADIUS shared secret with switch
radiusSecret=
[192.168.0.3]
mode=production
deauthMethod=RADIUS
AccessListMap=N
description=2610
SNMPVersionTrap=1
type=HP::Procurve_2600
VoIPEnabled=N
radiusSecret="PASSWD"
uplink_dynamic=0
uplink=23,24
; J9086A Configuration Editor; Created on release #R.11.60
hostname "ProCurveSwitch"
time timezone 180
no telnet-server
interface 23
name "pfserver"
exit
trunk 23 Trk1 Trunk
timesync sntp
vlan 1
name "Default"
untagged 1-2,4-22,24-28,Trk1
ip address 192.168.0.3 255.255.255.0
no untagged 3
exit
vlan 2
name "Registration"
untagged 3
ip address 192.168.2.1 255.255.255.0
tagged Trk1
exit
vlan 3
name "Isolation"
ip address 192.168.3.1 255.255.255.0
tagged Trk1
exit
vlan 10
name "Normal"
ip address 192.168.1.1 255.255.255.0
tagged Trk1
exit
radius-server host 192.168.0.10 key Parole321
aaa server-group radius "packetfence" host 192.168.0.10
aaa authentication port-access eap-radius server-group "packetfence"
aaa authentication mac-based chap-radius server-group "packetfence"
port-security 1 learn-mode port-access action send-alarm
port-security 2 learn-mode port-access action send-alarm
port-security 3 learn-mode port-access action send-alarm
port-security 4 learn-mode port-access action send-alarm
port-security 5 learn-mode port-access action send-alarm
port-security 6 learn-mode port-access action send-alarm
port-security 7 learn-mode port-access action send-alarm
port-security 8 learn-mode port-access action send-alarm
port-security 9 learn-mode port-access action send-alarm
port-security 10 learn-mode port-access action send-alarm
port-security 11 learn-mode port-access action send-alarm
port-security 12 learn-mode port-access action send-alarm
port-security 13 learn-mode port-access action send-alarm
port-security 14 learn-mode port-access action send-alarm
port-security 15 learn-mode port-access action send-alarm
port-security 16 learn-mode port-access action send-alarm
port-security 17 learn-mode port-access action send-alarm
port-security 18 learn-mode port-access action send-alarm
port-security 19 learn-mode port-access action send-alarm
port-security 20 learn-mode port-access action send-alarm
port-security 21 learn-mode port-access action send-alarm
port-security 22 learn-mode port-access action send-alarm
snmp-server host 192.168.0.10 community "public" informs trap-level Not-INFO
no snmp-server enable traps link-change 1-22
sntp unicast
sntp server 129.6.15.30
aaa port-access authenticator 1-22
aaa port-access authenticator 1 client-limit 1
aaa port-access authenticator 2 client-limit 1
aaa port-access authenticator 3 client-limit 1
aaa port-access authenticator 4 client-limit 1
aaa port-access authenticator 5 client-limit 1
aaa port-access authenticator 6 client-limit 1
aaa port-access authenticator 7 client-limit 1
aaa port-access authenticator 8 client-limit 1
aaa port-access authenticator 9 client-limit 1
aaa port-access authenticator 10 client-limit 1
aaa port-access authenticator 11 client-limit 1
aaa port-access authenticator 12 client-limit 1
aaa port-access authenticator 13 client-limit 1
aaa port-access authenticator 14 client-limit 1
aaa port-access authenticator 15 client-limit 1
aaa port-access authenticator 16 client-limit 1
aaa port-access authenticator 17 client-limit 1
aaa port-access authenticator 18 client-limit 1
aaa port-access authenticator 19 client-limit 1
aaa port-access authenticator 20 client-limit 1
aaa port-access authenticator 21 client-limit 1
aaa port-access authenticator 22 client-limit 1
aaa port-access authenticator active
aaa port-access mac-based 1-22
aaa port-access mac-based 1 addr-moves
aaa port-access mac-based 1 reauth-period 14400
aaa port-access mac-based 2 addr-moves
aaa port-access mac-based 2 reauth-period 14400
aaa port-access mac-based 3 addr-moves
aaa port-access mac-based 3 reauth-period 14400
aaa port-access mac-based 4 addr-moves
aaa port-access mac-based 4 reauth-period 14400
aaa port-access mac-based 5 addr-moves
aaa port-access mac-based 5 reauth-period 14400
aaa port-access mac-based 6 addr-moves
aaa port-access mac-based 6 reauth-period 14400
aaa port-access mac-based 7 addr-moves
aaa port-access mac-based 7 reauth-period 14400
aaa port-access mac-based 8 addr-moves
aaa port-access mac-based 8 reauth-period 14400
aaa port-access mac-based 9 addr-moves
aaa port-access mac-based 9 reauth-period 14400
aaa port-access mac-based 10 addr-moves
aaa port-access mac-based 10 reauth-period 14400
aaa port-access mac-based 11 addr-moves
aaa port-access mac-based 11 reauth-period 14400
aaa port-access mac-based 12 addr-moves
aaa port-access mac-based 12 reauth-period 14400
aaa port-access mac-based 13 addr-moves
aaa port-access mac-based 13 reauth-period 14400
aaa port-access mac-based 14 addr-moves
aaa port-access mac-based 14 reauth-period 14400
aaa port-access mac-based 15 addr-moves
aaa port-access mac-based 15 reauth-period 14400
aaa port-access mac-based 16 addr-moves
aaa port-access mac-based 16 reauth-period 14400
aaa port-access mac-based 17 addr-moves
aaa port-access mac-based 17 reauth-period 14400
aaa port-access mac-based 18 addr-moves
aaa port-access mac-based 18 reauth-period 14400
aaa port-access mac-based 19 addr-moves
aaa port-access mac-based 19 reauth-period 14400
aaa port-access mac-based 20 addr-moves
aaa port-access mac-based 20 reauth-period 14400
aaa port-access mac-based 21 addr-moves
aaa port-access mac-based 21 reauth-period 14400
aaa port-access mac-based 22 addr-moves
aaa port-access mac-based 22 reauth-period 14400
aaa port-access 1 controlled-direction in
aaa port-access 2 controlled-direction in
aaa port-access 3 controlled-direction in
aaa port-access 4 controlled-direction in
aaa port-access 5 controlled-direction in
aaa port-access 6 controlled-direction in
aaa port-access 7 controlled-direction in
aaa port-access 8 controlled-direction in
aaa port-access 9 controlled-direction in
aaa port-access 10 controlled-direction in
aaa port-access 11 controlled-direction in
aaa port-access 12 controlled-direction in
aaa port-access 13 controlled-direction in
aaa port-access 14 controlled-direction in
aaa port-access 15 controlled-direction in
aaa port-access 16 controlled-direction in
aaa port-access 17 controlled-direction in
aaa port-access 18 controlled-direction in
aaa port-access 19 controlled-direction in
aaa port-access 20 controlled-direction in
aaa port-access 21 controlled-direction in
aaa port-access 22 controlled-direction in
spanning-tree Trk1 priority 4
ip ssh
password manager
password operator

Ludovic Zammit

2015-09-25 12:55:34 UTC

Permalink

Hello Kristaps,

Few things you could do:

- Check if the radius configuration on the switch is properly done
- Check that the radius authentication request is reaching packetfence box
- Check the VLAN configured in PacketFence for the registration VLAN
- Check which VLAN is applied to the port

After all this steps you should be able to see the portal if everything is correctly configured.

Thanks and have a nice day.
Ludovic Zammit
***@inverse.ca <mailto:***@inverse.ca> :: +1.514.447.4918 (x145) :: www.inverse.ca <http://www.inverse.ca/>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>)

Post by Kristaps Dambergs
Could somebody help me?
Hi,
I am trying to implement PF ZEN using 801.1x + MAC. When i connect laptop to port (Registration VLAN) no IP address is received, no access to outh portal. I can't even ping switch from pf server. I added my config below.
Hoping for some help.
Thanks
Sep 19 09:09:27 pfcmd.pl <http://pfcmd.pl/>(1615) INFO: Daemon carbon-relay took 1.537 seconds to start. (pf::services::manager::launchService)
Sep 19 09:09:27 pfcmd.pl <http://pfcmd.pl/>(1615) INFO: Daemon collectd took 0.196 seconds to start. (pf::services::manager::launchService)
Sep 19 09:09:27 pfcmd.pl <http://pfcmd.pl/>(1615) INFO: pf::services::manager, /usr/local/pf/lib/pf/services/manager.pm <http://manager.pm/>, 178 (pf::services::manager::dhcpd::generateConfig)
Sep 19 09:09:27 pfcmd.pl <http://pfcmd.pl/>(1615) INFO: Memory configuration is not valid anymore for key interfaces::listen_ints in local cached_hash (pfconfig::cached::is_valid)
Sep 19 09:09:27 pfcmd.pl <http://pfcmd.pl/>(1615) WARN: requesting member ips for an undefined interface... (pf::cluster::members_ips)
Sep 19 09:09:27 pfcmd.pl <http://pfcmd.pl/>(1615) WARN: requesting member ips for an undefined interface... (pf::cluster::members_ips)
Sep 19 09:09:27 pfcmd.pl <http://pfcmd.pl/>(1615) WARN: requesting member ips for an undefined interface... (pf::cluster::members_ips)
Sep 19 09:09:27 pfcmd.pl <http://pfcmd.pl/>(1615) WARN: requesting member ips for an undefined interface... (pf::cluster::members_ips)
Sep 19 09:09:27 pfcmd.pl <http://pfcmd.pl/>(1615) INFO: Daemon dhcpd took 0.241 seconds to start. (pf::services::manager::launchService)
Sep 19 09:10:07 pfcmd.pl <http://pfcmd.pl/>(1615) INFO: Daemon httpd.aaa took 40.085 seconds to start. (pf::services::manager::launchService)
Sep 19 09:11:22 pfcmd.pl <http://pfcmd.pl/>(1615) INFO: Daemon httpd.graphite took 36.280 seconds to start. (pf::services::manager::launchService)
NET-SNMP version 5.5
2015-09-19 08:44:42 NET-SNMP version 5.5 Stopped.
Stopping snmptrapd
NET-SNMP version 5.5
2015-09-19 09:05:12 NET-SNMP version 5.5 Stopped.
Stopping snmptrapd
NET-SNMP version 5.5
NET-SNMP version 5.5
NET-SNMP version 5.5
2015-09-19 08:44:42 NET-SNMP version 5.5 Stopped.
Stopping snmptrapd
NET-SNMP version 5.5
2015-09-19 09:05:12 NET-SNMP version 5.5 Stopped.
Stopping snmptrapd
NET-SNMP version 5.5
NET-SNMP version 5.5
RoleMap=Y
mode=testing
macSearchesMaxNb=30
macSearchesSleepInterval=2
uplink=dynamic
#
# Command Line Interface
#
# cliTransport could be: Telnet, SSH or Serial
cliTransport=Telnet
cliUser=
cliPwd=
cliEnablePwd=
#
# SNMP section
#
# PacketFence -> Switch
SNMPVersion=1
SNMPCommunityRead=public
SNMPCommunityWrite=private
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
# Switch -> PacketFence
SNMPVersionTrap=1
SNMPCommunityTrap=public
#SNMPAuthProtocolTrap = MD5
#SNMPAuthPasswordTrap = authpwdread
#SNMPPrivProtocolTrap = DES
#SNMPPrivPasswordTrap = privpwdread
#
# Web Services Interface
#
# wsTransport could be: http or https
wsTransport=http
wsUser=
wsPwd=
#
# RADIUS NAS Client config
#
# RADIUS shared secret with switch
radiusSecret=
[192.168.0.3]
mode=production
deauthMethod=RADIUS
AccessListMap=N
description=2610
SNMPVersionTrap=1
type=HP::Procurve_2600
VoIPEnabled=N
radiusSecret="PASSWD"
uplink_dynamic=0
uplink=23,24
; J9086A Configuration Editor; Created on release #R.11.60
hostname "ProCurveSwitch"
time timezone 180
no telnet-server
interface 23
name "pfserver"
exit
trunk 23 Trk1 Trunk
timesync sntp
vlan 1
name "Default"
untagged 1-2,4-22,24-28,Trk1
ip address 192.168.0.3 255.255.255.0
no untagged 3
exit
vlan 2
name "Registration"
untagged 3
ip address 192.168.2.1 255.255.255.0
tagged Trk1
exit
vlan 3
name "Isolation"
ip address 192.168.3.1 255.255.255.0
tagged Trk1
exit
vlan 10
name "Normal"
ip address 192.168.1.1 255.255.255.0
tagged Trk1
exit
radius-server host 192.168.0.10 key Parole321
aaa server-group radius "packetfence" host 192.168.0.10
aaa authentication port-access eap-radius server-group "packetfence"
aaa authentication mac-based chap-radius server-group "packetfence"
port-security 1 learn-mode port-access action send-alarm
port-security 2 learn-mode port-access action send-alarm
port-security 3 learn-mode port-access action send-alarm
port-security 4 learn-mode port-access action send-alarm
port-security 5 learn-mode port-access action send-alarm
port-security 6 learn-mode port-access action send-alarm
port-security 7 learn-mode port-access action send-alarm
port-security 8 learn-mode port-access action send-alarm
port-security 9 learn-mode port-access action send-alarm
port-security 10 learn-mode port-access action send-alarm
port-security 11 learn-mode port-access action send-alarm
port-security 12 learn-mode port-access action send-alarm
port-security 13 learn-mode port-access action send-alarm
port-security 14 learn-mode port-access action send-alarm
port-security 15 learn-mode port-access action send-alarm
port-security 16 learn-mode port-access action send-alarm
port-security 17 learn-mode port-access action send-alarm
port-security 18 learn-mode port-access action send-alarm
port-security 19 learn-mode port-access action send-alarm
port-security 20 learn-mode port-access action send-alarm
port-security 21 learn-mode port-access action send-alarm
port-security 22 learn-mode port-access action send-alarm
snmp-server host 192.168.0.10 community "public" informs trap-level Not-INFO
no snmp-server enable traps link-change 1-22
sntp unicast
sntp server 129.6.15.30
aaa port-access authenticator 1-22
aaa port-access authenticator 1 client-limit 1
aaa port-access authenticator 2 client-limit 1
aaa port-access authenticator 3 client-limit 1
aaa port-access authenticator 4 client-limit 1
aaa port-access authenticator 5 client-limit 1
aaa port-access authenticator 6 client-limit 1
aaa port-access authenticator 7 client-limit 1
aaa port-access authenticator 8 client-limit 1
aaa port-access authenticator 9 client-limit 1
aaa port-access authenticator 10 client-limit 1
aaa port-access authenticator 11 client-limit 1
aaa port-access authenticator 12 client-limit 1
aaa port-access authenticator 13 client-limit 1
aaa port-access authenticator 14 client-limit 1
aaa port-access authenticator 15 client-limit 1
aaa port-access authenticator 16 client-limit 1
aaa port-access authenticator 17 client-limit 1
aaa port-access authenticator 18 client-limit 1
aaa port-access authenticator 19 client-limit 1
aaa port-access authenticator 20 client-limit 1
aaa port-access authenticator 21 client-limit 1
aaa port-access authenticator 22 client-limit 1
aaa port-access authenticator active
aaa port-access mac-based 1-22
aaa port-access mac-based 1 addr-moves
aaa port-access mac-based 1 reauth-period 14400
aaa port-access mac-based 2 addr-moves
aaa port-access mac-based 2 reauth-period 14400
aaa port-access mac-based 3 addr-moves
aaa port-access mac-based 3 reauth-period 14400
aaa port-access mac-based 4 addr-moves
aaa port-access mac-based 4 reauth-period 14400
aaa port-access mac-based 5 addr-moves
aaa port-access mac-based 5 reauth-period 14400
aaa port-access mac-based 6 addr-moves
aaa port-access mac-based 6 reauth-period 14400
aaa port-access mac-based 7 addr-moves
aaa port-access mac-based 7 reauth-period 14400
aaa port-access mac-based 8 addr-moves
aaa port-access mac-based 8 reauth-period 14400
aaa port-access mac-based 9 addr-moves
aaa port-access mac-based 9 reauth-period 14400
aaa port-access mac-based 10 addr-moves
aaa port-access mac-based 10 reauth-period 14400
aaa port-access mac-based 11 addr-moves
aaa port-access mac-based 11 reauth-period 14400
aaa port-access mac-based 12 addr-moves
aaa port-access mac-based 12 reauth-period 14400
aaa port-access mac-based 13 addr-moves
aaa port-access mac-based 13 reauth-period 14400
aaa port-access mac-based 14 addr-moves
aaa port-access mac-based 14 reauth-period 14400
aaa port-access mac-based 15 addr-moves
aaa port-access mac-based 15 reauth-period 14400
aaa port-access mac-based 16 addr-moves
aaa port-access mac-based 16 reauth-period 14400
aaa port-access mac-based 17 addr-moves
aaa port-access mac-based 17 reauth-period 14400
aaa port-access mac-based 18 addr-moves
aaa port-access mac-based 18 reauth-period 14400
aaa port-access mac-based 19 addr-moves
aaa port-access mac-based 19 reauth-period 14400
aaa port-access mac-based 20 addr-moves
aaa port-access mac-based 20 reauth-period 14400
aaa port-access mac-based 21 addr-moves
aaa port-access mac-based 21 reauth-period 14400
aaa port-access mac-based 22 addr-moves
aaa port-access mac-based 22 reauth-period 14400
aaa port-access 1 controlled-direction in
aaa port-access 2 controlled-direction in
aaa port-access 3 controlled-direction in
aaa port-access 4 controlled-direction in
aaa port-access 5 controlled-direction in
aaa port-access 6 controlled-direction in
aaa port-access 7 controlled-direction in
aaa port-access 8 controlled-direction in
aaa port-access 9 controlled-direction in
aaa port-access 10 controlled-direction in
aaa port-access 11 controlled-direction in
aaa port-access 12 controlled-direction in
aaa port-access 13 controlled-direction in
aaa port-access 14 controlled-direction in
aaa port-access 15 controlled-direction in
aaa port-access 16 controlled-direction in
aaa port-access 17 controlled-direction in
aaa port-access 18 controlled-direction in
aaa port-access 19 controlled-direction in
aaa port-access 20 controlled-direction in
aaa port-access 21 controlled-direction in
aaa port-access 22 controlled-direction in
spanning-tree Trk1 priority 4
ip ssh
password manager
password operator
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Kristaps Dambergs

2015-09-26 15:53:58 UTC

Permalink

Thank you Ludovic for reply! The problem might be that i can't ping pf
server from switch and vice versa. I am using Vmware Workstation with NAT,
firewall is disabled. What could be wrong?

Post by Ludovic Zammit
Hello Kristaps,
- Check if the radius configuration on the switch is properly done
- Check that the radius authentication request is reaching packetfence box
- Check the VLAN configured in PacketFence for the registration VLAN
- Check which VLAN is applied to the port
After all this steps you should be able to see the portal if everything is
correctly configured.
Thanks and have a nice day.
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
Could somebody help me?

Post by Kristaps Dambergs
Hi,
I am trying to implement PF ZEN using 801.1x + MAC. When i connect laptop
to port (Registration VLAN) no IP address is received, no access to outh
portal. I can't even ping switch from pf server. I added my config below.
Hoping for some help.
Thanks
Sep 19 09:09:27 pfcmd.pl(1615) INFO: Daemon carbon-relay took 1.537
seconds to start. (pf::services::manager::launchService)
Sep 19 09:09:27 pfcmd.pl(1615) INFO: Daemon collectd took 0.196 seconds
to start. (pf::services::manager::launchService)
Sep 19 09:09:27 pfcmd.pl(1615) INFO: pf::services::manager,
/usr/local/pf/lib/pf/services/manager.pm, 178
(pf::services::manager::dhcpd::generateConfig)
Sep 19 09:09:27 pfcmd.pl(1615) INFO: Memory configuration is not valid
anymore for key interfaces::listen_ints in local cached_hash
(pfconfig::cached::is_valid)
Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an
undefined interface... (pf::cluster::members_ips)
Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an
undefined interface... (pf::cluster::members_ips)
Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an
undefined interface... (pf::cluster::members_ips)
Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an
undefined interface... (pf::cluster::members_ips)
Sep 19 09:09:27 pfcmd.pl(1615) INFO: Daemon dhcpd took 0.241 seconds to
start. (pf::services::manager::launchService)
Sep 19 09:10:07 pfcmd.pl(1615) INFO: Daemon httpd.aaa took 40.085
seconds to start. (pf::services::manager::launchService)
Sep 19 09:11:22 pfcmd.pl(1615) INFO: Daemon httpd.graphite took 36.280
seconds to start. (pf::services::manager::launchService)
NET-SNMP version 5.5
2015-09-19 08:44:42 NET-SNMP version 5.5 Stopped.
Stopping snmptrapd
NET-SNMP version 5.5
2015-09-19 09:05:12 NET-SNMP version 5.5 Stopped.
Stopping snmptrapd
NET-SNMP version 5.5
NET-SNMP version 5.5
NET-SNMP version 5.5
2015-09-19 08:44:42 NET-SNMP version 5.5 Stopped.
Stopping snmptrapd
NET-SNMP version 5.5
2015-09-19 09:05:12 NET-SNMP version 5.5 Stopped.
Stopping snmptrapd
NET-SNMP version 5.5
NET-SNMP version 5.5
RoleMap=Y
mode=testing
macSearchesMaxNb=30
macSearchesSleepInterval=2
uplink=dynamic
#
# Command Line Interface
#
# cliTransport could be: Telnet, SSH or Serial
cliTransport=Telnet
cliUser=
cliPwd=
cliEnablePwd=
#
# SNMP section
#
# PacketFence -> Switch
SNMPVersion=1
SNMPCommunityRead=public
SNMPCommunityWrite=private
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
# Switch -> PacketFence
SNMPVersionTrap=1
SNMPCommunityTrap=public
#SNMPAuthProtocolTrap = MD5
#SNMPAuthPasswordTrap = authpwdread
#SNMPPrivProtocolTrap = DES
#SNMPPrivPasswordTrap = privpwdread
#
# Web Services Interface
#
# wsTransport could be: http or https
wsTransport=http
wsUser=
wsPwd=
#
# RADIUS NAS Client config
#
# RADIUS shared secret with switch
radiusSecret=
[192.168.0.3]
mode=production
deauthMethod=RADIUS
AccessListMap=N
description=2610
SNMPVersionTrap=1
type=HP::Procurve_2600
VoIPEnabled=N
radiusSecret="PASSWD"
uplink_dynamic=0
uplink=23,24
; J9086A Configuration Editor; Created on release #R.11.60
hostname "ProCurveSwitch"
time timezone 180
no telnet-server
interface 23
name "pfserver"
exit
trunk 23 Trk1 Trunk
timesync sntp
vlan 1
name "Default"
untagged 1-2,4-22,24-28,Trk1
ip address 192.168.0.3 255.255.255.0
no untagged 3
exit
vlan 2
name "Registration"
untagged 3
ip address 192.168.2.1 255.255.255.0
tagged Trk1
exit
vlan 3
name "Isolation"
ip address 192.168.3.1 255.255.255.0
tagged Trk1
exit
vlan 10
name "Normal"
ip address 192.168.1.1 255.255.255.0
tagged Trk1
exit
radius-server host 192.168.0.10 key Parole321
aaa server-group radius "packetfence" host 192.168.0.10
aaa authentication port-access eap-radius server-group "packetfence"
aaa authentication mac-based chap-radius server-group "packetfence"
port-security 1 learn-mode port-access action send-alarm
port-security 2 learn-mode port-access action send-alarm
port-security 3 learn-mode port-access action send-alarm
port-security 4 learn-mode port-access action send-alarm
port-security 5 learn-mode port-access action send-alarm
port-security 6 learn-mode port-access action send-alarm
port-security 7 learn-mode port-access action send-alarm
port-security 8 learn-mode port-access action send-alarm
port-security 9 learn-mode port-access action send-alarm
port-security 10 learn-mode port-access action send-alarm
port-security 11 learn-mode port-access action send-alarm
port-security 12 learn-mode port-access action send-alarm
port-security 13 learn-mode port-access action send-alarm
port-security 14 learn-mode port-access action send-alarm
port-security 15 learn-mode port-access action send-alarm
port-security 16 learn-mode port-access action send-alarm
port-security 17 learn-mode port-access action send-alarm
port-security 18 learn-mode port-access action send-alarm
port-security 19 learn-mode port-access action send-alarm
port-security 20 learn-mode port-access action send-alarm
port-security 21 learn-mode port-access action send-alarm
port-security 22 learn-mode port-access action send-alarm
snmp-server host 192.168.0.10 community "public" informs trap-level Not-INFO
no snmp-server enable traps link-change 1-22
sntp unicast
sntp server 129.6.15.30
aaa port-access authenticator 1-22
aaa port-access authenticator 1 client-limit 1
aaa port-access authenticator 2 client-limit 1
aaa port-access authenticator 3 client-limit 1
aaa port-access authenticator 4 client-limit 1
aaa port-access authenticator 5 client-limit 1
aaa port-access authenticator 6 client-limit 1
aaa port-access authenticator 7 client-limit 1
aaa port-access authenticator 8 client-limit 1
aaa port-access authenticator 9 client-limit 1
aaa port-access authenticator 10 client-limit 1
aaa port-access authenticator 11 client-limit 1
aaa port-access authenticator 12 client-limit 1
aaa port-access authenticator 13 client-limit 1
aaa port-access authenticator 14 client-limit 1
aaa port-access authenticator 15 client-limit 1
aaa port-access authenticator 16 client-limit 1
aaa port-access authenticator 17 client-limit 1
aaa port-access authenticator 18 client-limit 1
aaa port-access authenticator 19 client-limit 1
aaa port-access authenticator 20 client-limit 1
aaa port-access authenticator 21 client-limit 1
aaa port-access authenticator 22 client-limit 1
aaa port-access authenticator active
aaa port-access mac-based 1-22
aaa port-access mac-based 1 addr-moves
aaa port-access mac-based 1 reauth-period 14400
aaa port-access mac-based 2 addr-moves
aaa port-access mac-based 2 reauth-period 14400
aaa port-access mac-based 3 addr-moves
aaa port-access mac-based 3 reauth-period 14400
aaa port-access mac-based 4 addr-moves
aaa port-access mac-based 4 reauth-period 14400
aaa port-access mac-based 5 addr-moves
aaa port-access mac-based 5 reauth-period 14400
aaa port-access mac-based 6 addr-moves
aaa port-access mac-based 6 reauth-period 14400
aaa port-access mac-based 7 addr-moves
aaa port-access mac-based 7 reauth-period 14400
aaa port-access mac-based 8 addr-moves
aaa port-access mac-based 8 reauth-period 14400
aaa port-access mac-based 9 addr-moves
aaa port-access mac-based 9 reauth-period 14400
aaa port-access mac-based 10 addr-moves
aaa port-access mac-based 10 reauth-period 14400
aaa port-access mac-based 11 addr-moves
aaa port-access mac-based 11 reauth-period 14400
aaa port-access mac-based 12 addr-moves
aaa port-access mac-based 12 reauth-period 14400
aaa port-access mac-based 13 addr-moves
aaa port-access mac-based 13 reauth-period 14400
aaa port-access mac-based 14 addr-moves
aaa port-access mac-based 14 reauth-period 14400
aaa port-access mac-based 15 addr-moves
aaa port-access mac-based 15 reauth-period 14400
aaa port-access mac-based 16 addr-moves
aaa port-access mac-based 16 reauth-period 14400
aaa port-access mac-based 17 addr-moves
aaa port-access mac-based 17 reauth-period 14400
aaa port-access mac-based 18 addr-moves
aaa port-access mac-based 18 reauth-period 14400
aaa port-access mac-based 19 addr-moves
aaa port-access mac-based 19 reauth-period 14400
aaa port-access mac-based 20 addr-moves
aaa port-access mac-based 20 reauth-period 14400
aaa port-access mac-based 21 addr-moves
aaa port-access mac-based 21 reauth-period 14400
aaa port-access mac-based 22 addr-moves
aaa port-access mac-based 22 reauth-period 14400
aaa port-access 1 controlled-direction in
aaa port-access 2 controlled-direction in
aaa port-access 3 controlled-direction in
aaa port-access 4 controlled-direction in
aaa port-access 5 controlled-direction in
aaa port-access 6 controlled-direction in
aaa port-access 7 controlled-direction in
aaa port-access 8 controlled-direction in
aaa port-access 9 controlled-direction in
aaa port-access 10 controlled-direction in
aaa port-access 11 controlled-direction in
aaa port-access 12 controlled-direction in
aaa port-access 13 controlled-direction in
aaa port-access 14 controlled-direction in
aaa port-access 15 controlled-direction in
aaa port-access 16 controlled-direction in
aaa port-access 17 controlled-direction in
aaa port-access 18 controlled-direction in
aaa port-access 19 controlled-direction in
aaa port-access 20 controlled-direction in
aaa port-access 21 controlled-direction in
aaa port-access 22 controlled-direction in
spanning-tree Trk1 priority 4
ip ssh
password manager
password operator

------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Kristaps Dambergs

2015-10-15 20:31:04 UTC

Permalink

Hello,

I am using PF 5.3 802.1x + MAC auth. When I plug a device in the switch
port ehich is set on VLAN 2 (reg) nothin happens after. Unable to get IP
address from DHCP. No access to authorization portal. I posted my config
below.

Any help would be much appreciated.

Thanks

[***@PacketFence-ZEN-5-3 ~]# tail -f /usr/local/pf/logs/packetfence.log

Oct 15 15:57:26 httpd.aaa(1948) INFO: [e8:9a:8f:ec:cb:bf] handling radius
autz request: from switch_ip => (192.168.0.3), connection_type =>
WIRED_MAC_AUTH,switch_mac => (c0:91:34:64:62:f3), mac =>
[e8:9a:8f:ec:cb:bf], port => 13, username => "e89a8feccbbf"
(pf::radius::authorize)

Oct 15 15:57:26 httpd.aaa(1948) INFO: [e8:9a:8f:ec:cb:bf] is of status
unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)

Oct 15 15:57:26 httpd.aaa(1948) WARN: Role-based Network Access Control is
not supported on network device type pf::Switch::HP::Procurve_2600.
(pf::Switch::supportsRoleBasedEnforcement)

Oct 15 15:57:26 httpd.aaa(1948) INFO: [e8:9a:8f:ec:cb:bf] (192.168.0.3)
Returning ACCEPT with VLAN 2 and role
(pf::Switch::returnRadiusAccessAccept)

[***@PacketFence-ZEN-5-3 pf]# tail -f
/usr/local/pf/logs/pfdhcplistener.log

Oct 15 15:43:22 pfdhcplistener(2008) INFO: Matched MAC '00:1d:7d:07:a1:16'
to IP address '192.168.0.103' using SQL 'iplog' table (pf::iplog::mac2ip)

Oct 15 15:43:22 pfdhcplistener(2008) INFO: Matched IP '192.168.0.103' to
MAC address '00:1d:7d:07:a1:16' using SQL 'iplog' table (pf::iplog::ip2mac)

Oct 15 15:43:30 pfdhcplistener(2008) INFO: 00:1d:7d:07:a1:16 requested an
IP with the following informations: last_dhcp = 2015-10-15
15:43:22,computername = ZALMAN,dhcp_fingerprint =
1,15,3,6,44,46,47,31,33,121,249,252,43,dhcp_vendor = MSFT 5.0
(main::listen_dhcp)

Oct 15 15:43:30 pfdhcplistener(2008) INFO: DHCPREQUEST from
00:1d:7d:07:a1:16 (192.168.0.103) (main::parse_dhcp_request)

Oct 15 15:43:30 pfdhcplistener(2008) INFO: Matched MAC '00:1d:7d:07:a1:16'
to IP address '192.168.0.103' using SQL 'iplog' table (pf::iplog::mac2ip)

Oct 15 15:43:30 pfdhcplistener(2008) INFO: Matched IP '192.168.0.103' to
MAC address '00:1d:7d:07:a1:16' using SQL 'iplog' table (pf::iplog::ip2mac)

Oct 15 15:43:31 pfdhcplistener(2008) INFO: 00:1d:7d:07:a1:16 requested an
IP with the following informations: last_dhcp = 2015-10-15
15:43:30,computername = ZALMAN,dhcp_fingerprint =
1,15,3,6,44,46,47,31,33,121,249,252,43,dhcp_vendor = MSFT 5.0
(main::listen_dhcp)

Oct 15 15:43:31 pfdhcplistener(2008) INFO: DHCPACK from 192.168.0.1
(f8:d1:11:af:83:24) to host 00:1d:7d:07:a1:16 (192.168.0.103) for 7200
seconds (main::parse_dhcp_ack)

Oct 15 15:43:31 pfdhcplistener(2008) INFO: Matched MAC '00:1d:7d:07:a1:16'
to IP address '192.168.0.103' using SQL 'iplog' table (pf::iplog::mac2ip)

Oct 15 15:43:31 pfdhcplistener(2008) INFO: Matched IP '192.168.0.103' to
MAC address '00:1d:7d:07:a1:16' using SQL 'iplog' table (pf::iplog::ip2mac)

[***@PacketFence-ZEN-5-3 pf]# ifconfig

eth0 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB

inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:243373 errors:0 dropped:0 overruns:0 frame:0

TX packets:163313 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:66422609 (63.3 MiB) TX bytes:40397839 (38.5 MiB)

eth0.2 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB

inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:10 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)

eth0.3 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB

inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:10 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)

eth0.4 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB

inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:10 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)

eth0.10 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB

inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0

inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:10 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:65536 Metric:1

RX packets:334900 errors:0 dropped:0 overruns:0 frame:0

TX packets:334900 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:64297397 (61.3 MiB) TX bytes:64297397 (61.3 MiB)

[***@PacketFence-ZEN-5-3 ~]# sudo vi /usr/local/pf/conf/switches.conf

RoleMap=Y

mode=testing

macSearchesMaxNb=30

macSearchesSleepInterval=2

uplink=dynamic

#

# Command Line Interface

#

# cliTransport could be: Telnet, SSH or Serial

cliTransport=Telnet

cliUser=

cliPwd=

cliEnablePwd=

#

# SNMP section

#

# PacketFence -> Switch

SNMPVersion=1

SNMPCommunityRead=public

SNMPCommunityWrite=private

#SNMPEngineID = 0000000000000

#SNMPUserNameRead = readUser

#SNMPAuthProtocolRead = MD5

#SNMPAuthPasswordRead = authpwdread

#SNMPPrivProtocolRead = DES

#SNMPPrivPasswordRead = privpwdread

#SNMPUserNameWrite = writeUser

#SNMPAuthProtocolWrite = MD5

#SNMPAuthPasswordWrite = authpwdwrite

#SNMPPrivProtocolWrite = DES

#SNMPPrivPasswordWrite = privpwdwrite

# Switch -> PacketFence

SNMPVersionTrap=1

SNMPCommunityTrap=public

#SNMPAuthProtocolTrap = MD5

#SNMPAuthPasswordTrap = authpwdread

#SNMPPrivProtocolTrap = DES

#SNMPPrivPasswordTrap = privpwdread

#

# Web Services Interface

#

# wsTransport could be: http or https

wsTransport=http

wsUser=

wsPwd=

#

# RADIUS NAS Client config

#

# RADIUS shared secret with switch

radiusSecret=

[192.168.0.3]

mode=production

deauthMethod=RADIUS

AccessListMap=N

description=2610

SNMPVersionTrap=1

type=HP::Procurve_2600

VoIPEnabled=N

radiusSecret="PASSWD"

uplink_dynamic=0

uplink=23,24

My procurve 2610 config:

Running configuration:

; J9086A Configuration Editor; Created on release #R.11.60

hostname "ProCurveSwitch"

time timezone 180

no telnet-server

interface 23

name "pfserver"

exit

trunk 23 Trk1 Trunk

timesync sntp

vlan 1

name "Default"

untagged 1-2,4-22,24-28,Trk1

ip address 192.168.0.3 255.255.255.0

no untagged 3

exit

vlan 2

name "Registration"

untagged 3

ip address 192.168.2.1 255.255.255.0

tagged Trk1

exit

vlan 3

name "Isolation"

ip address 192.168.3.1 255.255.255.0

tagged Trk1

exit

vlan 10

name "Normal"

ip address 192.168.1.1 255.255.255.0

tagged Trk1

exit

radius-server host 192.168.0.10 key Parole321

aaa server-group radius "packetfence" host 192.168.0.10

aaa authentication port-access eap-radius server-group "packetfence"

aaa authentication mac-based chap-radius server-group "packetfence"

port-security 1 learn-mode port-access action send-alarm

port-security 2 learn-mode port-access action send-alarm

port-security 3 learn-mode port-access action send-alarm

port-security 4 learn-mode port-access action send-alarm

port-security 5 learn-mode port-access action send-alarm

port-security 6 learn-mode port-access action send-alarm

port-security 7 learn-mode port-access action send-alarm

port-security 8 learn-mode port-access action send-alarm

port-security 9 learn-mode port-access action send-alarm

port-security 10 learn-mode port-access action send-alarm

port-security 11 learn-mode port-access action send-alarm

port-security 12 learn-mode port-access action send-alarm

port-security 13 learn-mode port-access action send-alarm

port-security 14 learn-mode port-access action send-alarm

port-security 15 learn-mode port-access action send-alarm

port-security 16 learn-mode port-access action send-alarm

port-security 17 learn-mode port-access action send-alarm

port-security 18 learn-mode port-access action send-alarm

port-security 19 learn-mode port-access action send-alarm

port-security 20 learn-mode port-access action send-alarm

port-security 21 learn-mode port-access action send-alarm

port-security 22 learn-mode port-access action send-alarm

snmp-server host 192.168.0.10 community "public" informs trap-level Not-INFO

no snmp-server enable traps link-change 1-22

sntp unicast

sntp server 129.6.15.30

aaa port-access authenticator 1-22

aaa port-access authenticator 1 client-limit 1

aaa port-access authenticator 2 client-limit 1

aaa port-access authenticator 3 client-limit 1

aaa port-access authenticator 4 client-limit 1

aaa port-access authenticator 5 client-limit 1

aaa port-access authenticator 6 client-limit 1

aaa port-access authenticator 7 client-limit 1

aaa port-access authenticator 8 client-limit 1

aaa port-access authenticator 9 client-limit 1

aaa port-access authenticator 10 client-limit 1

aaa port-access authenticator 11 client-limit 1

aaa port-access authenticator 12 client-limit 1

aaa port-access authenticator 13 client-limit 1

aaa port-access authenticator 14 client-limit 1

aaa port-access authenticator 15 client-limit 1

aaa port-access authenticator 16 client-limit 1

aaa port-access authenticator 17 client-limit 1

aaa port-access authenticator 18 client-limit 1

aaa port-access authenticator 19 client-limit 1

aaa port-access authenticator 20 client-limit 1

aaa port-access authenticator 21 client-limit 1

aaa port-access authenticator 22 client-limit 1

aaa port-access authenticator active

aaa port-access mac-based 1-22

aaa port-access mac-based 1 addr-moves

aaa port-access mac-based 1 reauth-period 14400

aaa port-access mac-based 2 addr-moves

aaa port-access mac-based 2 reauth-period 14400

aaa port-access mac-based 3 addr-moves

aaa port-access mac-based 3 reauth-period 14400

aaa port-access mac-based 4 addr-moves

aaa port-access mac-based 4 reauth-period 14400

aaa port-access mac-based 5 addr-moves

aaa port-access mac-based 5 reauth-period 14400

aaa port-access mac-based 6 addr-moves

aaa port-access mac-based 6 reauth-period 14400

aaa port-access mac-based 7 addr-moves

aaa port-access mac-based 7 reauth-period 14400

aaa port-access mac-based 8 addr-moves

aaa port-access mac-based 8 reauth-period 14400

aaa port-access mac-based 9 addr-moves

aaa port-access mac-based 9 reauth-period 14400

aaa port-access mac-based 10 addr-moves

aaa port-access mac-based 10 reauth-period 14400

aaa port-access mac-based 11 addr-moves

aaa port-access mac-based 11 reauth-period 14400

aaa port-access mac-based 12 addr-moves

aaa port-access mac-based 12 reauth-period 14400

aaa port-access mac-based 13 addr-moves

aaa port-access mac-based 13 reauth-period 14400

aaa port-access mac-based 14 addr-moves

aaa port-access mac-based 14 reauth-period 14400

aaa port-access mac-based 15 addr-moves

aaa port-access mac-based 15 reauth-period 14400

aaa port-access mac-based 16 addr-moves

aaa port-access mac-based 16 reauth-period 14400

aaa port-access mac-based 17 addr-moves

aaa port-access mac-based 17 reauth-period 14400

aaa port-access mac-based 18 addr-moves

aaa port-access mac-based 18 reauth-period 14400

aaa port-access mac-based 19 addr-moves

aaa port-access mac-based 19 reauth-period 14400

aaa port-access mac-based 20 addr-moves

aaa port-access mac-based 20 reauth-period 14400

aaa port-access mac-based 21 addr-moves

aaa port-access mac-based 21 reauth-period 14400

aaa port-access mac-based 22 addr-moves

aaa port-access mac-based 22 reauth-period 14400

aaa port-access 1 controlled-direction in

aaa port-access 2 controlled-direction in

aaa port-access 3 controlled-direction in

aaa port-access 4 controlled-direction in

aaa port-access 5 controlled-direction in

aaa port-access 6 controlled-direction in

aaa port-access 7 controlled-direction in

aaa port-access 8 controlled-direction in

aaa port-access 9 controlled-direction in

aaa port-access 10 controlled-direction in

aaa port-access 11 controlled-direction in

aaa port-access 12 controlled-direction in

aaa port-access 13 controlled-direction in

aaa port-access 14 controlled-direction in

aaa port-access 15 controlled-direction in

aaa port-access 16 controlled-direction in

aaa port-access 17 controlled-direction in

aaa port-access 18 controlled-direction in

aaa port-access 19 controlled-direction in

aaa port-access 20 controlled-direction in

aaa port-access 21 controlled-direction in

aaa port-access 22 controlled-direction in

spanning-tree Trk1 priority 4

ip ssh

password manager

password operator

Durand fabrice

2015-10-15 22:12:14 UTC

Permalink

Hello,

you issue is on the eth0 interface, it looks that the vlan 2 is not
tagged on the switch port.
If you check all the vlan interfaces there is no RX packets.

Regards
Fabrice

Post by Kristaps Dambergs
Hello,
I am using PF 5.3 802.1x + MAC auth. When I plug a device in the
switch port ehich is set on VLAN 2 (reg) nothin happens after. Unable
to get IP address from DHCP. No access to authorization portal. I
posted my config below.
Any help would be much appreciated.
Thanks
Oct 15 15:57:26 httpd.aaa(1948) INFO: [e8:9a:8f:ec:cb:bf] handling
radius autz request: from switch_ip => (192.168.0.3), connection_type
=> WIRED_MAC_AUTH,switch_mac => (c0:91:34:64:62:f3), mac =>
[e8:9a:8f:ec:cb:bf], port => 13, username => "e89a8feccbbf"
(pf::radius::authorize)
Oct 15 15:57:26 httpd.aaa(1948) INFO: [e8:9a:8f:ec:cb:bf] is of status
unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Oct 15 15:57:26 httpd.aaa(1948) WARN: Role-based Network Access
Control is not supported on network device type
pf::Switch::HP::Procurve_2600. (pf::Switch::supportsRoleBasedEnforcement)
Oct 15 15:57:26 httpd.aaa(1948) INFO: [e8:9a:8f:ec:cb:bf]
(192.168.0.3) Returning ACCEPT with VLAN 2 and role
(pf::Switch::returnRadiusAccessAccept)
/usr/local/pf/logs/pfdhcplistener.log
Oct 15 15:43:22 pfdhcplistener(2008) INFO: Matched MAC
'00:1d:7d:07:a1:16' to IP address '192.168.0.103' using SQL 'iplog'
table (pf::iplog::mac2ip)
Oct 15 15:43:22 pfdhcplistener(2008) INFO: Matched IP '192.168.0.103'
to MAC address '00:1d:7d:07:a1:16' using SQL 'iplog' table
(pf::iplog::ip2mac)
Oct 15 15:43:30 pfdhcplistener(2008) INFO: 00:1d:7d:07:a1:16 requested
an IP with the following informations: last_dhcp = 2015-10-15
15:43:22,computername = ZALMAN,dhcp_fingerprint =
1,15,3,6,44,46,47,31,33,121,249,252,43,dhcp_vendor = MSFT 5.0
(main::listen_dhcp)
Oct 15 15:43:30 pfdhcplistener(2008) INFO: DHCPREQUEST from
00:1d:7d:07:a1:16 (192.168.0.103) (main::parse_dhcp_request)
Oct 15 15:43:30 pfdhcplistener(2008) INFO: Matched MAC
'00:1d:7d:07:a1:16' to IP address '192.168.0.103' using SQL 'iplog'
table (pf::iplog::mac2ip)
Oct 15 15:43:30 pfdhcplistener(2008) INFO: Matched IP '192.168.0.103'
to MAC address '00:1d:7d:07:a1:16' using SQL 'iplog' table
(pf::iplog::ip2mac)
Oct 15 15:43:31 pfdhcplistener(2008) INFO: 00:1d:7d:07:a1:16 requested
an IP with the following informations: last_dhcp = 2015-10-15
15:43:30,computername = ZALMAN,dhcp_fingerprint =
1,15,3,6,44,46,47,31,33,121,249,252,43,dhcp_vendor = MSFT 5.0
(main::listen_dhcp)
Oct 15 15:43:31 pfdhcplistener(2008) INFO: DHCPACK from 192.168.0.1
(f8:d1:11:af:83:24) to host 00:1d:7d:07:a1:16 (192.168.0.103) for 7200
seconds (main::parse_dhcp_ack)
Oct 15 15:43:31 pfdhcplistener(2008) INFO: Matched MAC
'00:1d:7d:07:a1:16' to IP address '192.168.0.103' using SQL 'iplog'
table (pf::iplog::mac2ip)
Oct 15 15:43:31 pfdhcplistener(2008) INFO: Matched IP '192.168.0.103'
to MAC address '00:1d:7d:07:a1:16' using SQL 'iplog' table
(pf::iplog::ip2mac)
eth0 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:243373 errors:0 dropped:0 overruns:0 frame:0
TX packets:163313 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:66422609 (63.3 MiB) TX bytes:40397839 (38.5 MiB)
eth0.2 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)
eth0.3 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)
eth0.4 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)
eth0.10 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:334900 errors:0 dropped:0 overruns:0 frame:0
TX packets:334900 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:64297397 (61.3 MiB) TX bytes:64297397 (61.3 MiB)
RoleMap=Y
mode=testing
macSearchesMaxNb=30
macSearchesSleepInterval=2
uplink=dynamic
#
# Command Line Interface
#
# cliTransport could be: Telnet, SSH or Serial
cliTransport=Telnet
cliUser=
cliPwd=
cliEnablePwd=
#
# SNMP section
#
# PacketFence -> Switch
SNMPVersion=1
SNMPCommunityRead=public
SNMPCommunityWrite=private
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
# Switch -> PacketFence
SNMPVersionTrap=1
SNMPCommunityTrap=public
#SNMPAuthProtocolTrap = MD5
#SNMPAuthPasswordTrap = authpwdread
#SNMPPrivProtocolTrap = DES
#SNMPPrivPasswordTrap = privpwdread
#
# Web Services Interface
#
# wsTransport could be: http or https
wsTransport=http
wsUser=
wsPwd=
#
# RADIUS NAS Client config
#
# RADIUS shared secret with switch
radiusSecret=
[192.168.0.3]
mode=production
deauthMethod=RADIUS
AccessListMap=N
description=2610
SNMPVersionTrap=1
type=HP::Procurve_2600
VoIPEnabled=N
radiusSecret="PASSWD"
uplink_dynamic=0
uplink=23,24
; J9086A Configuration Editor; Created on release #R.11.60
hostname "ProCurveSwitch"
time timezone 180
no telnet-server
interface 23
name "pfserver"
exit
trunk 23 Trk1 Trunk
timesync sntp
vlan 1
name "Default"
untagged 1-2,4-22,24-28,Trk1
ip address 192.168.0.3 255.255.255.0
no untagged 3
exit
vlan 2
name "Registration"
untagged 3
ip address 192.168.2.1 255.255.255.0
tagged Trk1
exit
vlan 3
name "Isolation"
ip address 192.168.3.1 255.255.255.0
tagged Trk1
exit
vlan 10
name "Normal"
ip address 192.168.1.1 255.255.255.0
tagged Trk1
exit
radius-server host 192.168.0.10 key Parole321
aaa server-group radius "packetfence" host 192.168.0.10
aaa authentication port-access eap-radius server-group "packetfence"
aaa authentication mac-based chap-radius server-group "packetfence"
port-security 1 learn-mode port-access action send-alarm
port-security 2 learn-mode port-access action send-alarm
port-security 3 learn-mode port-access action send-alarm
port-security 4 learn-mode port-access action send-alarm
port-security 5 learn-mode port-access action send-alarm
port-security 6 learn-mode port-access action send-alarm
port-security 7 learn-mode port-access action send-alarm
port-security 8 learn-mode port-access action send-alarm
port-security 9 learn-mode port-access action send-alarm
port-security 10 learn-mode port-access action send-alarm
port-security 11 learn-mode port-access action send-alarm
port-security 12 learn-mode port-access action send-alarm
port-security 13 learn-mode port-access action send-alarm
port-security 14 learn-mode port-access action send-alarm
port-security 15 learn-mode port-access action send-alarm
port-security 16 learn-mode port-access action send-alarm
port-security 17 learn-mode port-access action send-alarm
port-security 18 learn-mode port-access action send-alarm
port-security 19 learn-mode port-access action send-alarm
port-security 20 learn-mode port-access action send-alarm
port-security 21 learn-mode port-access action send-alarm
port-security 22 learn-mode port-access action send-alarm
snmp-server host 192.168.0.10 community "public" informs trap-level Not-INFO
no snmp-server enable traps link-change 1-22
sntp unicast
sntp server 129.6.15.30
aaa port-access authenticator 1-22
aaa port-access authenticator 1 client-limit 1
aaa port-access authenticator 2 client-limit 1
aaa port-access authenticator 3 client-limit 1
aaa port-access authenticator 4 client-limit 1
aaa port-access authenticator 5 client-limit 1
aaa port-access authenticator 6 client-limit 1
aaa port-access authenticator 7 client-limit 1
aaa port-access authenticator 8 client-limit 1
aaa port-access authenticator 9 client-limit 1
aaa port-access authenticator 10 client-limit 1
aaa port-access authenticator 11 client-limit 1
aaa port-access authenticator 12 client-limit 1
aaa port-access authenticator 13 client-limit 1
aaa port-access authenticator 14 client-limit 1
aaa port-access authenticator 15 client-limit 1
aaa port-access authenticator 16 client-limit 1
aaa port-access authenticator 17 client-limit 1
aaa port-access authenticator 18 client-limit 1
aaa port-access authenticator 19 client-limit 1
aaa port-access authenticator 20 client-limit 1
aaa port-access authenticator 21 client-limit 1
aaa port-access authenticator 22 client-limit 1
aaa port-access authenticator active
aaa port-access mac-based 1-22
aaa port-access mac-based 1 addr-moves
aaa port-access mac-based 1 reauth-period 14400
aaa port-access mac-based 2 addr-moves
aaa port-access mac-based 2 reauth-period 14400
aaa port-access mac-based 3 addr-moves
aaa port-access mac-based 3 reauth-period 14400
aaa port-access mac-based 4 addr-moves
aaa port-access mac-based 4 reauth-period 14400
aaa port-access mac-based 5 addr-moves
aaa port-access mac-based 5 reauth-period 14400
aaa port-access mac-based 6 addr-moves
aaa port-access mac-based 6 reauth-period 14400
aaa port-access mac-based 7 addr-moves
aaa port-access mac-based 7 reauth-period 14400
aaa port-access mac-based 8 addr-moves
aaa port-access mac-based 8 reauth-period 14400
aaa port-access mac-based 9 addr-moves
aaa port-access mac-based 9 reauth-period 14400
aaa port-access mac-based 10 addr-moves
aaa port-access mac-based 10 reauth-period 14400
aaa port-access mac-based 11 addr-moves
aaa port-access mac-based 11 reauth-period 14400
aaa port-access mac-based 12 addr-moves
aaa port-access mac-based 12 reauth-period 14400
aaa port-access mac-based 13 addr-moves
aaa port-access mac-based 13 reauth-period 14400
aaa port-access mac-based 14 addr-moves
aaa port-access mac-based 14 reauth-period 14400
aaa port-access mac-based 15 addr-moves
aaa port-access mac-based 15 reauth-period 14400
aaa port-access mac-based 16 addr-moves
aaa port-access mac-based 16 reauth-period 14400
aaa port-access mac-based 17 addr-moves
aaa port-access mac-based 17 reauth-period 14400
aaa port-access mac-based 18 addr-moves
aaa port-access mac-based 18 reauth-period 14400
aaa port-access mac-based 19 addr-moves
aaa port-access mac-based 19 reauth-period 14400
aaa port-access mac-based 20 addr-moves
aaa port-access mac-based 20 reauth-period 14400
aaa port-access mac-based 21 addr-moves
aaa port-access mac-based 21 reauth-period 14400
aaa port-access mac-based 22 addr-moves
aaa port-access mac-based 22 reauth-period 14400
aaa port-access 1 controlled-direction in
aaa port-access 2 controlled-direction in
aaa port-access 3 controlled-direction in
aaa port-access 4 controlled-direction in
aaa port-access 5 controlled-direction in
aaa port-access 6 controlled-direction in
aaa port-access 7 controlled-direction in
aaa port-access 8 controlled-direction in
aaa port-access 9 controlled-direction in
aaa port-access 10 controlled-direction in
aaa port-access 11 controlled-direction in
aaa port-access 12 controlled-direction in
aaa port-access 13 controlled-direction in
aaa port-access 14 controlled-direction in
aaa port-access 15 controlled-direction in
aaa port-access 16 controlled-direction in
aaa port-access 17 controlled-direction in
aaa port-access 18 controlled-direction in
aaa port-access 19 controlled-direction in
aaa port-access 20 controlled-direction in
aaa port-access 21 controlled-direction in
aaa port-access 22 controlled-direction in
spanning-tree Trk1 priority 4
ip ssh
password manager
password operator
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Kristaps Dambergs

2015-10-17 09:54:08 UTC

Permalink

Thank you for your reply! I am new to switch configuration, bet seems like
i have tagged VLAN 2 on switch ports 2-3.
Here is info about vlan2:

ProCurveSwitch# show vlan 2

Status and Counters - VLAN Information - Ports - VLAN 2

VLAN ID : 2
Name : Registration
Status : Port-based
Voice : No
Jumbo : No

Port Information Mode Unknown VLAN Status
---------------- -------- ------------ ----------
2 MACAUTH Learn Up
3 Tagged Learn Down
Trk1 Tagged Learn Up

Overridden Port VLAN configuration

Port Mode
---- ------------
2 Tagged

ProCurveSwitch# show vlans

Status and Counters - VLAN Information

Maximum VLANs to support : 8
Primary VLAN : Default
Management VLAN :

VLAN ID Name | Status Voice Jumbo
------- -------------------------------- + ---------- ----- -----
1 Default | Port-based No No
2 Registration | Port-based No No
3 Isolation | Port-based No No
10 Normal | Port-based No No

Post by Kristaps Dambergs
Hello,
you issue is on the eth0 interface, it looks that the vlan 2 is not tagged
on the switch port.
If you check all the vlan interfaces there is no RX packets.
Regards
Fabrice
Hello,
I am using PF 5.3 802.1x + MAC auth. When I plug a device in the switch
port ehich is set on VLAN 2 (reg) nothin happens after. Unable to get IP
address from DHCP. No access to authorization portal. I posted my config
below.
Any help would be much appreciated.
Thanks
Oct 15 15:57:26 httpd.aaa(1948) INFO: [e8:9a:8f:ec:cb:bf] handling radius
autz request: from switch_ip => (192.168.0.3), connection_type =>
WIRED_MAC_AUTH,switch_mac => (c0:91:34:64:62:f3), mac =>
[e8:9a:8f:ec:cb:bf], port => 13, username => "e89a8feccbbf"
(pf::radius::authorize)
Oct 15 15:57:26 httpd.aaa(1948) INFO: [e8:9a:8f:ec:cb:bf] is of status
unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Oct 15 15:57:26 httpd.aaa(1948) WARN: Role-based Network Access Control is
not supported on network device type pf::Switch::HP::Procurve_2600.
(pf::Switch::supportsRoleBasedEnforcement)
Oct 15 15:57:26 httpd.aaa(1948) INFO: [e8:9a:8f:ec:cb:bf] (192.168.0.3)
Returning ACCEPT with VLAN 2 and role
(pf::Switch::returnRadiusAccessAccept)
/usr/local/pf/logs/pfdhcplistener.log
Oct 15 15:43:22 pfdhcplistener(2008) INFO: Matched MAC '00:1d:7d:07:a1:16'
to IP address '192.168.0.103' using SQL 'iplog' table (pf::iplog::mac2ip)
Oct 15 15:43:22 pfdhcplistener(2008) INFO: Matched IP '192.168.0.103' to
MAC address '00:1d:7d:07:a1:16' using SQL 'iplog' table (pf::iplog::ip2mac)
Oct 15 15:43:30 pfdhcplistener(2008) INFO: 00:1d:7d:07:a1:16 requested an
IP with the following informations: last_dhcp = 2015-10-15
15:43:22,computername = ZALMAN,dhcp_fingerprint =
1,15,3,6,44,46,47,31,33,121,249,252,43,dhcp_vendor = MSFT 5.0
(main::listen_dhcp)
Oct 15 15:43:30 pfdhcplistener(2008) INFO: DHCPREQUEST from
00:1d:7d:07:a1:16 (192.168.0.103) (main::parse_dhcp_request)
Oct 15 15:43:30 pfdhcplistener(2008) INFO: Matched MAC '00:1d:7d:07:a1:16'
to IP address '192.168.0.103' using SQL 'iplog' table (pf::iplog::mac2ip)
Oct 15 15:43:30 pfdhcplistener(2008) INFO: Matched IP '192.168.0.103' to
MAC address '00:1d:7d:07:a1:16' using SQL 'iplog' table (pf::iplog::ip2mac)
Oct 15 15:43:31 pfdhcplistener(2008) INFO: 00:1d:7d:07:a1:16 requested an
IP with the following informations: last_dhcp = 2015-10-15
15:43:30,computername = ZALMAN,dhcp_fingerprint =
1,15,3,6,44,46,47,31,33,121,249,252,43,dhcp_vendor = MSFT 5.0
(main::listen_dhcp)
Oct 15 15:43:31 pfdhcplistener(2008) INFO: DHCPACK from 192.168.0.1
(f8:d1:11:af:83:24) to host 00:1d:7d:07:a1:16 (192.168.0.103) for 7200
seconds (main::parse_dhcp_ack)
Oct 15 15:43:31 pfdhcplistener(2008) INFO: Matched MAC '00:1d:7d:07:a1:16'
to IP address '192.168.0.103' using SQL 'iplog' table (pf::iplog::mac2ip)
Oct 15 15:43:31 pfdhcplistener(2008) INFO: Matched IP '192.168.0.103' to
MAC address '00:1d:7d:07:a1:16' using SQL 'iplog' table (pf::iplog::ip2mac)
eth0 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:243373 errors:0 dropped:0 overruns:0 frame:0
TX packets:163313 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:66422609 (63.3 MiB) TX bytes:40397839 (38.5 MiB)
eth0.2 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)
eth0.3 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)
eth0.4 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)
eth0.10 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:334900 errors:0 dropped:0 overruns:0 frame:0
TX packets:334900 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:64297397 (61.3 MiB) TX bytes:64297397 (61.3 MiB)
RoleMap=Y
mode=testing
macSearchesMaxNb=30
macSearchesSleepInterval=2
uplink=dynamic
#
# Command Line Interface
#
# cliTransport could be: Telnet, SSH or Serial
cliTransport=Telnet
cliUser=
cliPwd=
cliEnablePwd=
#
# SNMP section
#
# PacketFence -> Switch
SNMPVersion=1
SNMPCommunityRead=public
SNMPCommunityWrite=private
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
# Switch -> PacketFence
SNMPVersionTrap=1
SNMPCommunityTrap=public
#SNMPAuthProtocolTrap = MD5
#SNMPAuthPasswordTrap = authpwdread
#SNMPPrivProtocolTrap = DES
#SNMPPrivPasswordTrap = privpwdread
#
# Web Services Interface
#
# wsTransport could be: http or https
wsTransport=http
wsUser=
wsPwd=
#
# RADIUS NAS Client config
#
# RADIUS shared secret with switch
radiusSecret=
[192.168.0.3]
mode=production
deauthMethod=RADIUS
AccessListMap=N
description=2610
SNMPVersionTrap=1
type=HP::Procurve_2600
VoIPEnabled=N
radiusSecret="PASSWD"
uplink_dynamic=0
uplink=23,24
; J9086A Configuration Editor; Created on release #R.11.60
hostname "ProCurveSwitch"
time timezone 180
no telnet-server
interface 23
name "pfserver"
exit
trunk 23 Trk1 Trunk
timesync sntp
vlan 1
name "Default"
untagged 1-2,4-22,24-28,Trk1
ip address 192.168.0.3 255.255.255.0
no untagged 3
exit
vlan 2
name "Registration"
untagged 3
ip address 192.168.2.1 255.255.255.0
tagged Trk1
exit
vlan 3
name "Isolation"
ip address 192.168.3.1 255.255.255.0
tagged Trk1
exit
vlan 10
name "Normal"
ip address 192.168.1.1 255.255.255.0
tagged Trk1
exit
radius-server host 192.168.0.10 key Parole321
aaa server-group radius "packetfence" host 192.168.0.10
aaa authentication port-access eap-radius server-group "packetfence"
aaa authentication mac-based chap-radius server-group "packetfence"
port-security 1 learn-mode port-access action send-alarm
port-security 2 learn-mode port-access action send-alarm
port-security 3 learn-mode port-access action send-alarm
port-security 4 learn-mode port-access action send-alarm
port-security 5 learn-mode port-access action send-alarm
port-security 6 learn-mode port-access action send-alarm
port-security 7 learn-mode port-access action send-alarm
port-security 8 learn-mode port-access action send-alarm
port-security 9 learn-mode port-access action send-alarm
port-security 10 learn-mode port-access action send-alarm
port-security 11 learn-mode port-access action send-alarm
port-security 12 learn-mode port-access action send-alarm
port-security 13 learn-mode port-access action send-alarm
port-security 14 learn-mode port-access action send-alarm
port-security 15 learn-mode port-access action send-alarm
port-security 16 learn-mode port-access action send-alarm
port-security 17 learn-mode port-access action send-alarm
port-security 18 learn-mode port-access action send-alarm
port-security 19 learn-mode port-access action send-alarm
port-security 20 learn-mode port-access action send-alarm
port-security 21 learn-mode port-access action send-alarm
port-security 22 learn-mode port-access action send-alarm
snmp-server host 192.168.0.10 community "public" informs trap-level Not-INFO
no snmp-server enable traps link-change 1-22
sntp unicast
sntp server 129.6.15.30
aaa port-access authenticator 1-22
aaa port-access authenticator 1 client-limit 1
aaa port-access authenticator 2 client-limit 1
aaa port-access authenticator 3 client-limit 1
aaa port-access authenticator 4 client-limit 1
aaa port-access authenticator 5 client-limit 1
aaa port-access authenticator 6 client-limit 1
aaa port-access authenticator 7 client-limit 1
aaa port-access authenticator 8 client-limit 1
aaa port-access authenticator 9 client-limit 1
aaa port-access authenticator 10 client-limit 1
aaa port-access authenticator 11 client-limit 1
aaa port-access authenticator 12 client-limit 1
aaa port-access authenticator 13 client-limit 1
aaa port-access authenticator 14 client-limit 1
aaa port-access authenticator 15 client-limit 1
aaa port-access authenticator 16 client-limit 1
aaa port-access authenticator 17 client-limit 1
aaa port-access authenticator 18 client-limit 1
aaa port-access authenticator 19 client-limit 1
aaa port-access authenticator 20 client-limit 1
aaa port-access authenticator 21 client-limit 1
aaa port-access authenticator 22 client-limit 1
aaa port-access authenticator active
aaa port-access mac-based 1-22
aaa port-access mac-based 1 addr-moves
aaa port-access mac-based 1 reauth-period 14400
aaa port-access mac-based 2 addr-moves
aaa port-access mac-based 2 reauth-period 14400
aaa port-access mac-based 3 addr-moves
aaa port-access mac-based 3 reauth-period 14400
aaa port-access mac-based 4 addr-moves
aaa port-access mac-based 4 reauth-period 14400
aaa port-access mac-based 5 addr-moves
aaa port-access mac-based 5 reauth-period 14400
aaa port-access mac-based 6 addr-moves
aaa port-access mac-based 6 reauth-period 14400
aaa port-access mac-based 7 addr-moves
aaa port-access mac-based 7 reauth-period 14400
aaa port-access mac-based 8 addr-moves
aaa port-access mac-based 8 reauth-period 14400
aaa port-access mac-based 9 addr-moves
aaa port-access mac-based 9 reauth-period 14400
aaa port-access mac-based 10 addr-moves
aaa port-access mac-based 10 reauth-period 14400
aaa port-access mac-based 11 addr-moves
aaa port-access mac-based 11 reauth-period 14400
aaa port-access mac-based 12 addr-moves
aaa port-access mac-based 12 reauth-period 14400
aaa port-access mac-based 13 addr-moves
aaa port-access mac-based 13 reauth-period 14400
aaa port-access mac-based 14 addr-moves
aaa port-access mac-based 14 reauth-period 14400
aaa port-access mac-based 15 addr-moves
aaa port-access mac-based 15 reauth-period 14400
aaa port-access mac-based 16 addr-moves
aaa port-access mac-based 16 reauth-period 14400
aaa port-access mac-based 17 addr-moves
aaa port-access mac-based 17 reauth-period 14400
aaa port-access mac-based 18 addr-moves
aaa port-access mac-based 18 reauth-period 14400
aaa port-access mac-based 19 addr-moves
aaa port-access mac-based 19 reauth-period 14400
aaa port-access mac-based 20 addr-moves
aaa port-access mac-based 20 reauth-period 14400
aaa port-access mac-based 21 addr-moves
aaa port-access mac-based 21 reauth-period 14400
aaa port-access mac-based 22 addr-moves
aaa port-access mac-based 22 reauth-period 14400
aaa port-access 1 controlled-direction in
aaa port-access 2 controlled-direction in
aaa port-access 3 controlled-direction in
aaa port-access 4 controlled-direction in
aaa port-access 5 controlled-direction in
aaa port-access 6 controlled-direction in
aaa port-access 7 controlled-direction in
aaa port-access 8 controlled-direction in
aaa port-access 9 controlled-direction in
aaa port-access 10 controlled-direction in
aaa port-access 11 controlled-direction in
aaa port-access 12 controlled-direction in
aaa port-access 13 controlled-direction in
aaa port-access 14 controlled-direction in
aaa port-access 15 controlled-direction in
aaa port-access 16 controlled-direction in
aaa port-access 17 controlled-direction in
aaa port-access 18 controlled-direction in
aaa port-access 19 controlled-direction in
aaa port-access 20 controlled-direction in
aaa port-access 21 controlled-direction in
aaa port-access 22 controlled-direction in
spanning-tree Trk1 priority 4
ip ssh
password manager
password operator
------------------------------------------------------------------------------
_______________________________________________
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Kristaps Dambergs

2015-10-22 20:59:46 UTC

Permalink

Any thought on my issue?

Cheers,

Post by Kristaps Dambergs
Thank you for your reply! I am new to switch configuration, bet seems like
i have tagged VLAN 2 on switch ports 2-3.
ProCurveSwitch# show vlan 2
Status and Counters - VLAN Information - Ports - VLAN 2
VLAN ID : 2
Name : Registration
Status : Port-based
Voice : No
Jumbo : No
Port Information Mode Unknown VLAN Status
---------------- -------- ------------ ----------
2 MACAUTH Learn Up
3 Tagged Learn Down
Trk1 Tagged Learn Up
Overridden Port VLAN configuration
Port Mode
---- ------------
2 Tagged
ProCurveSwitch# show vlans
Status and Counters - VLAN Information
Maximum VLANs to support : 8
Primary VLAN : Default
VLAN ID Name | Status Voice Jumbo
------- -------------------------------- + ---------- ----- -----
1 Default | Port-based No No
2 Registration | Port-based No No
3 Isolation | Port-based No No
10 Normal | Port-based No No

Post by Kristaps Dambergs
Hello,
you issue is on the eth0 interface, it looks that the vlan 2 is not
tagged on the switch port.
If you check all the vlan interfaces there is no RX packets.
Regards
Fabrice
Hello,
I am using PF 5.3 802.1x + MAC auth. When I plug a device in the switch
port ehich is set on VLAN 2 (reg) nothin happens after. Unable to get IP
address from DHCP. No access to authorization portal. I posted my config
below.
Any help would be much appreciated.
Thanks
Oct 15 15:57:26 httpd.aaa(1948) INFO: [e8:9a:8f:ec:cb:bf] handling radius
autz request: from switch_ip => (192.168.0.3), connection_type =>
WIRED_MAC_AUTH,switch_mac => (c0:91:34:64:62:f3), mac =>
[e8:9a:8f:ec:cb:bf], port => 13, username => "e89a8feccbbf"
(pf::radius::authorize)
Oct 15 15:57:26 httpd.aaa(1948) INFO: [e8:9a:8f:ec:cb:bf] is of status
unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Oct 15 15:57:26 httpd.aaa(1948) WARN: Role-based Network Access Control
is not supported on network device type pf::Switch::HP::Procurve_2600.
(pf::Switch::supportsRoleBasedEnforcement)
Oct 15 15:57:26 httpd.aaa(1948) INFO: [e8:9a:8f:ec:cb:bf] (192.168.0.3)
Returning ACCEPT with VLAN 2 and role
(pf::Switch::returnRadiusAccessAccept)
/usr/local/pf/logs/pfdhcplistener.log
Oct 15 15:43:22 pfdhcplistener(2008) INFO: Matched MAC
'00:1d:7d:07:a1:16' to IP address '192.168.0.103' using SQL 'iplog' table
(pf::iplog::mac2ip)
Oct 15 15:43:22 pfdhcplistener(2008) INFO: Matched IP '192.168.0.103' to
MAC address '00:1d:7d:07:a1:16' using SQL 'iplog' table (pf::iplog::ip2mac)
Oct 15 15:43:30 pfdhcplistener(2008) INFO: 00:1d:7d:07:a1:16 requested an
IP with the following informations: last_dhcp = 2015-10-15
15:43:22,computername = ZALMAN,dhcp_fingerprint =
1,15,3,6,44,46,47,31,33,121,249,252,43,dhcp_vendor = MSFT 5.0
(main::listen_dhcp)
Oct 15 15:43:30 pfdhcplistener(2008) INFO: DHCPREQUEST from
00:1d:7d:07:a1:16 (192.168.0.103) (main::parse_dhcp_request)
Oct 15 15:43:30 pfdhcplistener(2008) INFO: Matched MAC
'00:1d:7d:07:a1:16' to IP address '192.168.0.103' using SQL 'iplog' table
(pf::iplog::mac2ip)
Oct 15 15:43:30 pfdhcplistener(2008) INFO: Matched IP '192.168.0.103' to
MAC address '00:1d:7d:07:a1:16' using SQL 'iplog' table (pf::iplog::ip2mac)
Oct 15 15:43:31 pfdhcplistener(2008) INFO: 00:1d:7d:07:a1:16 requested an
IP with the following informations: last_dhcp = 2015-10-15
15:43:30,computername = ZALMAN,dhcp_fingerprint =
1,15,3,6,44,46,47,31,33,121,249,252,43,dhcp_vendor = MSFT 5.0
(main::listen_dhcp)
Oct 15 15:43:31 pfdhcplistener(2008) INFO: DHCPACK from 192.168.0.1
(f8:d1:11:af:83:24) to host 00:1d:7d:07:a1:16 (192.168.0.103) for 7200
seconds (main::parse_dhcp_ack)
Oct 15 15:43:31 pfdhcplistener(2008) INFO: Matched MAC
'00:1d:7d:07:a1:16' to IP address '192.168.0.103' using SQL 'iplog' table
(pf::iplog::mac2ip)
Oct 15 15:43:31 pfdhcplistener(2008) INFO: Matched IP '192.168.0.103' to
MAC address '00:1d:7d:07:a1:16' using SQL 'iplog' table (pf::iplog::ip2mac)
eth0 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:243373 errors:0 dropped:0 overruns:0 frame:0
TX packets:163313 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:66422609 (63.3 MiB) TX bytes:40397839 (38.5 MiB)
eth0.2 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)
eth0.3 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)
eth0.4 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)
eth0.10 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:334900 errors:0 dropped:0 overruns:0 frame:0
TX packets:334900 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:64297397 (61.3 MiB) TX bytes:64297397 (61.3 MiB)
RoleMap=Y
mode=testing
macSearchesMaxNb=30
macSearchesSleepInterval=2
uplink=dynamic
#
# Command Line Interface
#
# cliTransport could be: Telnet, SSH or Serial
cliTransport=Telnet
cliUser=
cliPwd=
cliEnablePwd=
#
# SNMP section
#
# PacketFence -> Switch
SNMPVersion=1
SNMPCommunityRead=public
SNMPCommunityWrite=private
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
# Switch -> PacketFence
SNMPVersionTrap=1
SNMPCommunityTrap=public
#SNMPAuthProtocolTrap = MD5
#SNMPAuthPasswordTrap = authpwdread
#SNMPPrivProtocolTrap = DES
#SNMPPrivPasswordTrap = privpwdread
#
# Web Services Interface
#
# wsTransport could be: http or https
wsTransport=http
wsUser=
wsPwd=
#
# RADIUS NAS Client config
#
# RADIUS shared secret with switch
radiusSecret=
[192.168.0.3]
mode=production
deauthMethod=RADIUS
AccessListMap=N
description=2610
SNMPVersionTrap=1
type=HP::Procurve_2600
VoIPEnabled=N
radiusSecret="PASSWD"
uplink_dynamic=0
uplink=23,24
; J9086A Configuration Editor; Created on release #R.11.60
hostname "ProCurveSwitch"
time timezone 180
no telnet-server
interface 23
name "pfserver"
exit
trunk 23 Trk1 Trunk
timesync sntp
vlan 1
name "Default"
untagged 1-2,4-22,24-28,Trk1
ip address 192.168.0.3 255.255.255.0
no untagged 3
exit
vlan 2
name "Registration"
untagged 3
ip address 192.168.2.1 255.255.255.0
tagged Trk1
exit
vlan 3
name "Isolation"
ip address 192.168.3.1 255.255.255.0
tagged Trk1
exit
vlan 10
name "Normal"
ip address 192.168.1.1 255.255.255.0
tagged Trk1
exit
radius-server host 192.168.0.10 key Parole321
aaa server-group radius "packetfence" host 192.168.0.10
aaa authentication port-access eap-radius server-group "packetfence"
aaa authentication mac-based chap-radius server-group "packetfence"
port-security 1 learn-mode port-access action send-alarm
port-security 2 learn-mode port-access action send-alarm
port-security 3 learn-mode port-access action send-alarm
port-security 4 learn-mode port-access action send-alarm
port-security 5 learn-mode port-access action send-alarm
port-security 6 learn-mode port-access action send-alarm
port-security 7 learn-mode port-access action send-alarm
port-security 8 learn-mode port-access action send-alarm
port-security 9 learn-mode port-access action send-alarm
port-security 10 learn-mode port-access action send-alarm
port-security 11 learn-mode port-access action send-alarm
port-security 12 learn-mode port-access action send-alarm
port-security 13 learn-mode port-access action send-alarm
port-security 14 learn-mode port-access action send-alarm
port-security 15 learn-mode port-access action send-alarm
port-security 16 learn-mode port-access action send-alarm
port-security 17 learn-mode port-access action send-alarm
port-security 18 learn-mode port-access action send-alarm
port-security 19 learn-mode port-access action send-alarm
port-security 20 learn-mode port-access action send-alarm
port-security 21 learn-mode port-access action send-alarm
port-security 22 learn-mode port-access action send-alarm
snmp-server host 192.168.0.10 community "public" informs trap-level Not-INFO
no snmp-server enable traps link-change 1-22
sntp unicast
sntp server 129.6.15.30
aaa port-access authenticator 1-22
aaa port-access authenticator 1 client-limit 1
aaa port-access authenticator 2 client-limit 1
aaa port-access authenticator 3 client-limit 1
aaa port-access authenticator 4 client-limit 1
aaa port-access authenticator 5 client-limit 1
aaa port-access authenticator 6 client-limit 1
aaa port-access authenticator 7 client-limit 1
aaa port-access authenticator 8 client-limit 1
aaa port-access authenticator 9 client-limit 1
aaa port-access authenticator 10 client-limit 1
aaa port-access authenticator 11 client-limit 1
aaa port-access authenticator 12 client-limit 1
aaa port-access authenticator 13 client-limit 1
aaa port-access authenticator 14 client-limit 1
aaa port-access authenticator 15 client-limit 1
aaa port-access authenticator 16 client-limit 1
aaa port-access authenticator 17 client-limit 1
aaa port-access authenticator 18 client-limit 1
aaa port-access authenticator 19 client-limit 1
aaa port-access authenticator 20 client-limit 1
aaa port-access authenticator 21 client-limit 1
aaa port-access authenticator 22 client-limit 1
aaa port-access authenticator active
aaa port-access mac-based 1-22
aaa port-access mac-based 1 addr-moves
aaa port-access mac-based 1 reauth-period 14400
aaa port-access mac-based 2 addr-moves
aaa port-access mac-based 2 reauth-period 14400
aaa port-access mac-based 3 addr-moves
aaa port-access mac-based 3 reauth-period 14400
aaa port-access mac-based 4 addr-moves
aaa port-access mac-based 4 reauth-period 14400
aaa port-access mac-based 5 addr-moves
aaa port-access mac-based 5 reauth-period 14400
aaa port-access mac-based 6 addr-moves
aaa port-access mac-based 6 reauth-period 14400
aaa port-access mac-based 7 addr-moves
aaa port-access mac-based 7 reauth-period 14400
aaa port-access mac-based 8 addr-moves
aaa port-access mac-based 8 reauth-period 14400
aaa port-access mac-based 9 addr-moves
aaa port-access mac-based 9 reauth-period 14400
aaa port-access mac-based 10 addr-moves
aaa port-access mac-based 10 reauth-period 14400
aaa port-access mac-based 11 addr-moves
aaa port-access mac-based 11 reauth-period 14400
aaa port-access mac-based 12 addr-moves
aaa port-access mac-based 12 reauth-period 14400
aaa port-access mac-based 13 addr-moves
aaa port-access mac-based 13 reauth-period 14400
aaa port-access mac-based 14 addr-moves
aaa port-access mac-based 14 reauth-period 14400
aaa port-access mac-based 15 addr-moves
aaa port-access mac-based 15 reauth-period 14400
aaa port-access mac-based 16 addr-moves
aaa port-access mac-based 16 reauth-period 14400
aaa port-access mac-based 17 addr-moves
aaa port-access mac-based 17 reauth-period 14400
aaa port-access mac-based 18 addr-moves
aaa port-access mac-based 18 reauth-period 14400
aaa port-access mac-based 19 addr-moves
aaa port-access mac-based 19 reauth-period 14400
aaa port-access mac-based 20 addr-moves
aaa port-access mac-based 20 reauth-period 14400
aaa port-access mac-based 21 addr-moves
aaa port-access mac-based 21 reauth-period 14400
aaa port-access mac-based 22 addr-moves
aaa port-access mac-based 22 reauth-period 14400
aaa port-access 1 controlled-direction in
aaa port-access 2 controlled-direction in
aaa port-access 3 controlled-direction in
aaa port-access 4 controlled-direction in
aaa port-access 5 controlled-direction in
aaa port-access 6 controlled-direction in
aaa port-access 7 controlled-direction in
aaa port-access 8 controlled-direction in
aaa port-access 9 controlled-direction in
aaa port-access 10 controlled-direction in
aaa port-access 11 controlled-direction in
aaa port-access 12 controlled-direction in
aaa port-access 13 controlled-direction in
aaa port-access 14 controlled-direction in
aaa port-access 15 controlled-direction in
aaa port-access 16 controlled-direction in
aaa port-access 17 controlled-direction in
aaa port-access 18 controlled-direction in
aaa port-access 19 controlled-direction in
aaa port-access 20 controlled-direction in
aaa port-access 21 controlled-direction in
aaa port-access 22 controlled-direction in
spanning-tree Trk1 priority 4
ip ssh
password manager
password operator
------------------------------------------------------------------------------
_______________________________________________
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Durand fabrice

2015-10-22 22:44:23 UTC

Permalink

Hello,
First stop packetfence, then configure a switch port access in the vlan
2, plug a laptop in and assign the ip address 192.168.2.2, then try to
ping 192.168.2.1.
Until you have a ping reply you have to configure your switch.

Regards
Fabrice

Post by Kristaps Dambergs
Any thought on my issue?
Cheers,
2015-10-17 12:54 GMT+03:00 Kristaps Dambergs
Thank you for your reply! I am new to switch configuration, bet
seems like i have tagged VLAN 2 on switch ports 2-3.
ProCurveSwitch# show vlan 2
Status and Counters - VLAN Information - Ports - VLAN 2
VLAN ID : 2
Name : Registration
Status : Port-based
Voice : No
Jumbo : No
Port Information Mode Unknown VLAN Status
---------------- -------- ------------ ----------
2 MACAUTH Learn Up
3 Tagged Learn Down
Trk1 Tagged Learn Up
Overridden Port VLAN configuration
Port Mode
---- ------------
2 Tagged
ProCurveSwitch# show vlans
Status and Counters - VLAN Information
Maximum VLANs to support : 8
Primary VLAN : Default
VLAN ID Name | Status Voice Jumbo
------- -------------------------------- + ---------- ----- -----
1 Default | Port-based No No
2 Registration | Port-based No No
3 Isolation | Port-based No No
10 Normal | Port-based No No
Hello,
you issue is on the eth0 interface, it looks that the vlan 2
is not tagged on the switch port.
If you check all the vlan interfaces there is no RX packets.
Regards
Fabrice

Post by Kristaps Dambergs
Hello,
I am using PF 5.3 802.1x + MAC auth. When I plug a device in
the switch port ehich is set on VLAN 2 (reg) nothin happens
after. Unable to get IP address from DHCP. No access to
authorization portal. I posted my config below.
Any help would be much appreciated.
Thanks
/usr/local/pf/logs/packetfence.log
Oct 15 15:57:26 httpd.aaa(1948) INFO: [e8:9a:8f:ec:cb:bf]
handling radius autz request: from switch_ip =>
(192.168.0.3), connection_type => WIRED_MAC_AUTH,switch_mac
=> (c0:91:34:64:62:f3), mac => [e8:9a:8f:ec:cb:bf], port =>
13, username => "e89a8feccbbf" (pf::radius::authorize)
Oct 15 15:57:26 httpd.aaa(1948) INFO: [e8:9a:8f:ec:cb:bf] is
of status unreg; belongs into registration VLAN
(pf::vlan::getRegistrationVlan)
Oct 15 15:57:26 httpd.aaa(1948) WARN: Role-based Network
Access Control is not supported on network device type
pf::Switch::HP::Procurve_2600.
(pf::Switch::supportsRoleBasedEnforcement)
Oct 15 15:57:26 httpd.aaa(1948) INFO: [e8:9a:8f:ec:cb:bf]
(192.168.0.3) Returning ACCEPT with VLAN 2 and role
(pf::Switch::returnRadiusAccessAccept)
/usr/local/pf/logs/pfdhcplistener.log
Oct 15 15:43:22 pfdhcplistener(2008) INFO: Matched MAC
'00:1d:7d:07:a1:16' to IP address '192.168.0.103' using SQL
'iplog' table (pf::iplog::mac2ip)
Oct 15 15:43:22 pfdhcplistener(2008) INFO: Matched IP
'192.168.0.103' to MAC address '00:1d:7d:07:a1:16' using SQL
'iplog' table (pf::iplog::ip2mac)
Oct 15 15:43:30 pfdhcplistener(2008) INFO: 00:1d:7d:07:a1:16
requested an IP with the following informations: last_dhcp =
2015-10-15 15:43:22,computername = ZALMAN,dhcp_fingerprint =
1,15,3,6,44,46,47,31,33,121,249,252,43,dhcp_vendor = MSFT 5.0
(main::listen_dhcp)
Oct 15 15:43:30 pfdhcplistener(2008) INFO: DHCPREQUEST from
00:1d:7d:07:a1:16 (192.168.0.103) (main::parse_dhcp_request)
Oct 15 15:43:30 pfdhcplistener(2008) INFO: Matched MAC
'00:1d:7d:07:a1:16' to IP address '192.168.0.103' using SQL
'iplog' table (pf::iplog::mac2ip)
Oct 15 15:43:30 pfdhcplistener(2008) INFO: Matched IP
'192.168.0.103' to MAC address '00:1d:7d:07:a1:16' using SQL
'iplog' table (pf::iplog::ip2mac)
Oct 15 15:43:31 pfdhcplistener(2008) INFO: 00:1d:7d:07:a1:16
requested an IP with the following informations: last_dhcp =
2015-10-15 15:43:30,computername = ZALMAN,dhcp_fingerprint =
1,15,3,6,44,46,47,31,33,121,249,252,43,dhcp_vendor = MSFT 5.0
(main::listen_dhcp)
Oct 15 15:43:31 pfdhcplistener(2008) INFO: DHCPACK from
192.168.0.1 (f8:d1:11:af:83:24) to host 00:1d:7d:07:a1:16
(192.168.0.103) for 7200 seconds (main::parse_dhcp_ack)
Oct 15 15:43:31 pfdhcplistener(2008) INFO: Matched MAC
'00:1d:7d:07:a1:16' to IP address '192.168.0.103' using SQL
'iplog' table (pf::iplog::mac2ip)
Oct 15 15:43:31 pfdhcplistener(2008) INFO: Matched IP
'192.168.0.103' to MAC address '00:1d:7d:07:a1:16' using SQL
'iplog' table (pf::iplog::ip2mac)
eth0 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.0.10 Bcast:192.168.0.255
Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:243373 errors:0 dropped:0 overruns:0 frame:0
TX packets:163313 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:66422609 (63.3 MiB) TX bytes:40397839 (38.5 MiB)
eth0.2 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.2.1 Bcast:192.168.2.255
Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)
eth0.3 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.3.1 Bcast:192.168.3.255
Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)
eth0.4 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.4.1 Bcast:192.168.4.255
Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)
eth0.10 Link encap:Ethernet HWaddr 00:0C:29:BA:D6:CB
inet addr:192.168.1.1 Bcast:192.168.1.255
Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feba:d6cb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:636 (636.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:334900 errors:0 dropped:0 overruns:0 frame:0
TX packets:334900 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:64297397 (61.3 MiB) TX bytes:64297397 (61.3 MiB)
/usr/local/pf/conf/switches.conf
RoleMap=Y
mode=testing
macSearchesMaxNb=30
macSearchesSleepInterval=2
uplink=dynamic
#
# Command Line Interface
#
# cliTransport could be: Telnet, SSH or Serial
cliTransport=Telnet
cliUser=
cliPwd=
cliEnablePwd=
#
# SNMP section
#
# PacketFence -> Switch
SNMPVersion=1
SNMPCommunityRead=public
SNMPCommunityWrite=private
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
# Switch -> PacketFence
SNMPVersionTrap=1
SNMPCommunityTrap=public
#SNMPAuthProtocolTrap = MD5
#SNMPAuthPasswordTrap = authpwdread
#SNMPPrivProtocolTrap = DES
#SNMPPrivPasswordTrap = privpwdread
#
# Web Services Interface
#
# wsTransport could be: http or https
wsTransport=http
wsUser=
wsPwd=
#
# RADIUS NAS Client config
#
# RADIUS shared secret with switch
radiusSecret=
[192.168.0.3]
mode=production
deauthMethod=RADIUS
AccessListMap=N
description=2610
SNMPVersionTrap=1
type=HP::Procurve_2600
VoIPEnabled=N
radiusSecret="PASSWD"
uplink_dynamic=0
uplink=23,24
; J9086A Configuration Editor; Created on release #R.11.60
hostname "ProCurveSwitch"
time timezone 180
no telnet-server
interface 23
name "pfserver"
exit
trunk 23 Trk1 Trunk
timesync sntp
vlan 1
name "Default"
untagged 1-2,4-22,24-28,Trk1
ip address 192.168.0.3 255.255.255.0
no untagged 3
exit
vlan 2
name "Registration"
untagged 3
ip address 192.168.2.1 255.255.255.0
tagged Trk1
exit
vlan 3
name "Isolation"
ip address 192.168.3.1 255.255.255.0
tagged Trk1
exit
vlan 10
name "Normal"
ip address 192.168.1.1 255.255.255.0
tagged Trk1
exit
radius-server host 192.168.0.10 key Parole321
aaa server-group radius "packetfence" host 192.168.0.10
aaa authentication port-access eap-radius server-group "packetfence"
aaa authentication mac-based chap-radius server-group
"packetfence"
port-security 1 learn-mode port-access action send-alarm
port-security 2 learn-mode port-access action send-alarm
port-security 3 learn-mode port-access action send-alarm
port-security 4 learn-mode port-access action send-alarm
port-security 5 learn-mode port-access action send-alarm
port-security 6 learn-mode port-access action send-alarm
port-security 7 learn-mode port-access action send-alarm
port-security 8 learn-mode port-access action send-alarm
port-security 9 learn-mode port-access action send-alarm
port-security 10 learn-mode port-access action send-alarm
port-security 11 learn-mode port-access action send-alarm
port-security 12 learn-mode port-access action send-alarm
port-security 13 learn-mode port-access action send-alarm
port-security 14 learn-mode port-access action send-alarm
port-security 15 learn-mode port-access action send-alarm
port-security 16 learn-mode port-access action send-alarm
port-security 17 learn-mode port-access action send-alarm
port-security 18 learn-mode port-access action send-alarm
port-security 19 learn-mode port-access action send-alarm
port-security 20 learn-mode port-access action send-alarm
port-security 21 learn-mode port-access action send-alarm
port-security 22 learn-mode port-access action send-alarm
snmp-server host 192.168.0.10 community "public" informs
trap-level Not-INFO
no snmp-server enable traps link-change 1-22
sntp unicast
sntp server 129.6.15.30
aaa port-access authenticator 1-22
aaa port-access authenticator 1 client-limit 1
aaa port-access authenticator 2 client-limit 1
aaa port-access authenticator 3 client-limit 1
aaa port-access authenticator 4 client-limit 1
aaa port-access authenticator 5 client-limit 1
aaa port-access authenticator 6 client-limit 1
aaa port-access authenticator 7 client-limit 1
aaa port-access authenticator 8 client-limit 1
aaa port-access authenticator 9 client-limit 1
aaa port-access authenticator 10 client-limit 1
aaa port-access authenticator 11 client-limit 1
aaa port-access authenticator 12 client-limit 1
aaa port-access authenticator 13 client-limit 1
aaa port-access authenticator 14 client-limit 1
aaa port-access authenticator 15 client-limit 1
aaa port-access authenticator 16 client-limit 1
aaa port-access authenticator 17 client-limit 1
aaa port-access authenticator 18 client-limit 1
aaa port-access authenticator 19 client-limit 1
aaa port-access authenticator 20 client-limit 1
aaa port-access authenticator 21 client-limit 1
aaa port-access authenticator 22 client-limit 1
aaa port-access authenticator active
aaa port-access mac-based 1-22
aaa port-access mac-based 1 addr-moves
aaa port-access mac-based 1 reauth-period 14400
aaa port-access mac-based 2 addr-moves
aaa port-access mac-based 2 reauth-period 14400
aaa port-access mac-based 3 addr-moves
aaa port-access mac-based 3 reauth-period 14400
aaa port-access mac-based 4 addr-moves
aaa port-access mac-based 4 reauth-period 14400
aaa port-access mac-based 5 addr-moves
aaa port-access mac-based 5 reauth-period 14400
aaa port-access mac-based 6 addr-moves
aaa port-access mac-based 6 reauth-period 14400
aaa port-access mac-based 7 addr-moves
aaa port-access mac-based 7 reauth-period 14400
aaa port-access mac-based 8 addr-moves
aaa port-access mac-based 8 reauth-period 14400
aaa port-access mac-based 9 addr-moves
aaa port-access mac-based 9 reauth-period 14400
aaa port-access mac-based 10 addr-moves
aaa port-access mac-based 10 reauth-period 14400
aaa port-access mac-based 11 addr-moves
aaa port-access mac-based 11 reauth-period 14400
aaa port-access mac-based 12 addr-moves
aaa port-access mac-based 12 reauth-period 14400
aaa port-access mac-based 13 addr-moves
aaa port-access mac-based 13 reauth-period 14400
aaa port-access mac-based 14 addr-moves
aaa port-access mac-based 14 reauth-period 14400
aaa port-access mac-based 15 addr-moves
aaa port-access mac-based 15 reauth-period 14400
aaa port-access mac-based 16 addr-moves
aaa port-access mac-based 16 reauth-period 14400
aaa port-access mac-based 17 addr-moves
aaa port-access mac-based 17 reauth-period 14400
aaa port-access mac-based 18 addr-moves
aaa port-access mac-based 18 reauth-period 14400
aaa port-access mac-based 19 addr-moves
aaa port-access mac-based 19 reauth-period 14400
aaa port-access mac-based 20 addr-moves
aaa port-access mac-based 20 reauth-period 14400
aaa port-access mac-based 21 addr-moves
aaa port-access mac-based 21 reauth-period 14400
aaa port-access mac-based 22 addr-moves
aaa port-access mac-based 22 reauth-period 14400
aaa port-access 1 controlled-direction in
aaa port-access 2 controlled-direction in
aaa port-access 3 controlled-direction in
aaa port-access 4 controlled-direction in
aaa port-access 5 controlled-direction in
aaa port-access 6 controlled-direction in
aaa port-access 7 controlled-direction in
aaa port-access 8 controlled-direction in
aaa port-access 9 controlled-direction in
aaa port-access 10 controlled-direction in
aaa port-access 11 controlled-direction in
aaa port-access 12 controlled-direction in
aaa port-access 13 controlled-direction in
aaa port-access 14 controlled-direction in
aaa port-access 15 controlled-direction in
aaa port-access 16 controlled-direction in
aaa port-access 17 controlled-direction in
aaa port-access 18 controlled-direction in
aaa port-access 19 controlled-direction in
aaa port-access 20 controlled-direction in
aaa port-access 21 controlled-direction in
aaa port-access 22 controlled-direction in
spanning-tree Trk1 priority 4
ip ssh
password manager
password operator
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
https://lists.sourceforge.net/lists/listinfo/packetfence-users