[PacketFence-users] VLAN configuration for Enforcement

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

So I'm having a really hard time getting PacketFence setup for VLAN
Enforcement in my test network.
PF Version:  4.0.6-2
Switch:  Cisco 4506, IOS 12.2(54)SG1

I think I understand the concept; you assign your switchports to the MAC
Detection VLAN (4) and when you plug in a computer it starts sending out
DHCP requests which PF "hears" via ip-helper and configures the port to be
in a "registration" VLAN (2) at which point the user opens a web-browser
where they're met by a captive portal and they put in their
username/password.  If the u/p is accepted PF sets the port for the
"Normal" VLAN (1? Default?) and if it's not accepted the port is put into
the "Isolation" VLAN (3).

Sounds great!  Exactly what I want!

So I install PF and I select "VLAN enforcement" ("Inline" left
unselected).  I configure eth0 to be the management interface and then add
the VLANs as described above and in the admin guide, but there's no
"Normal" or "MAC Detection" VLAN options - only "Registration",
"Isolation", "Inline" and "Other".

So I configure "Isolation", "Inline", "Registration" and "Other" VLANs.

Later on, I configure Telnet for deuath and also configure SNMP on the
switch/PF per page 19 in the admin guide.  I configure the uplink via its
ifIndex (how come that isn't in the admin guide??) and put it into
"production" mode.

So here's what happens (I'm tailing packetfence.log):
- If the port is configured for the MAC Detect VLAN - nothing happens.  PF
doesn't "hear" the DHCP requests.
- If the port is configure for the Registration VLAN PF will hear the DHCP
requests and give the client an IP but that's it - no captive portal.
- If the port is configure for the default VLAN it will get an IP from my
test-DHCP server (Windows DC) and PF will add the computer to the "Nodes"
section as unregistered, but still no captive portal.

I'm still pretty certain that SNMP isn't working properly despite
reconfiguring SNMP per the guide multiple times and triple checking my
settings.  The only way I can get the switch to send traps to PF is if I
remove "port-security" from the snmp-host line.

I feel like I have it almost working but I missed a crucial step or
something and the absence of a "Normal" and "MAC Detect" VLANs still
confuses me.

Ideas?  Suggestions?