Menu
▾
▴
Re: [PacketFence-users] RADIUS De-Auth on Cisco WLC5508 [SOLVED]
|
From: Morris, A. <am...@ca...> - 2014-03-11 11:55:15
|
Oh damn, I think this might be affecting me. I'm having trouble getting my wireless clients to transition between my isolation network and my production, and vice-versa. I'm seeing the following in the packetfence.log WARN: Unable to perform RADIUS Disconnect-Request. Disconnect-NAK received with Error-Cause: Session-Context-Not-Found. (pf::SNMP::radiusDisconnect) This is on a Cisco 5508 running 7.4.110.0 Cheers, Andi From: Sallee, Stephen (Jake) [mailto:Jak...@um...] Sent: 22 November 2013 19:46 To: pac...@li... Subject: Re: [PacketFence-users] RADIUS De-Auth on Cisco WLC5508 [SOLVED] That is terrible! Did TAC give any info on when they expect the bug to be closed? Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton TX. 76513 Fone: 254-295-4658 Phax: 254-295-4221 HTTP://WWW.UMHB.EDU From: Thomas Tsai [mailto:tt...@ca...] Sent: Thursday, November 21, 2013 1:19 PM To: pac...@li...<mailto:pac...@li...> Subject: Re: [PacketFence-users] RADIUS De-Auth on Cisco WLC5508 [SOLVED] FYI - I realize this is an older thread, but as a heads up to anyone looking to do rfc3576 (radius deauth) on the WLC. Bug CSCud14147 is now rolled into mainstream 7.5.102.0 code. (released 7/31/2013) Confirmed with Cisco TAC today. From: Derek Wuelfrath [mailto:dwu...@in...] Sent: Wednesday, August 07, 2013 8:26 AM To: pac...@li...<mailto:pac...@li...> Subject: Re: [PacketFence-users] RADIUS De-Auth on Cisco WLC5508 [SOLVED] Jake! Your tha man! Exactly what I thought ;) Glad that you are now on the good side of the matrix ;) Anything else ? :) Cheers! dw. -- Derek Wuelfrath dwu...@in...<mailto:dwu...@in...> :: +1.514.447.4918 (x110) :: www.inverse.ca<http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu/>) and PacketFence (www.packetfence.org<http://www.packetfence.org/>) On 2013-08-07, at 10:56 AM, "Sallee, Stephen (Jake)" <Jak...@um...<mailto:Jak...@um...>> wrote: Derek: I beat you to it buddy! The problem was that PF is using one interface for RADIUS and another for the RADIUS-CoA. Once I configured both interfaces as RADIUS servers on the WLC it started working. I had three debug sessions on separate pieces of hardware going at once, watching text fly by ... felt like I was in The Matrix. http://images.wikia.com/anythingeverything/images/5/5c/The_Matrix.gif and then http://images5.fanpop.com/image/photos/31800000/The-Matrix-the-matrix-31832109-500-211.gif and then http://4.bp.blogspot.com/-Bz80e6kWy-g/USUbvD8_B-I/AAAAAAAAKw8/hau1V82mSFQ/s1600/the-one.gif Sorry for the link storm, I'm just so relieved to get this working and pictures relay emotion so much better. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton TX. 76513 Fone: 254-295-4658 Phax: 254-295-4221 HTTP://WWW.UMHB.EDU From: Derek Wuelfrath [mailto:dwu...@in...<http://inverse.ca>] Sent: Wednesday, August 07, 2013 9:08 AM To: pac...@li...<mailto:pac...@li...> Subject: Re: [PacketFence-users] RADIUS De-Auth on Cisco WLC5508 Can you send me the two following pcap please. 1. A PCAP containing a RADIUS Access-Request from the controller to the PacketFence server 2. A PCAP containing the CoA from the PacketFence server to the controller. I think I know what is the problem :) Derek -- Derek Wuelfrath dwu...@in...<mailto:dwu...@in...> :: +1.514.447.4918 (x110) :: www.inverse.ca<http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu/>) and PacketFence (www.packetfence.org<http://www.packetfence.org/>) On 2013-08-06, at 2:13 PM, "Sallee, Stephen (Jake)" <Jak...@um...<mailto:Jak...@um...>> wrote: Yes and it is set to enabled. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton TX. 76513 Fone: 254-295-4658 Phax: 254-295-4221 HTTP://WWW.UMHB.EDU From: Derek Wuelfrath [mailto:dwu...@in...<http://inverse.ca>] Sent: Tuesday, August 06, 2013 12:31 PM To: pac...@li...<mailto:pac...@li...> Subject: Re: [PacketFence-users] RADIUS De-Auth on Cisco WLC5508 Jake, Is there any place in the RADIUS server configuration on the WLC mentionning RFC3576 ? Derek -- Derek Wuelfrath dwu...@in...<mailto:dwu...@in...> :: +1.514.447.4918 (x110) :: www.inverse.ca<http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu/>) and PacketFence (www.packetfence.org<http://www.packetfence.org/>) On 2013-08-05, at 6:21 PM, "Sallee, Stephen (Jake)" <Jak...@um...<mailto:Jak...@um...>> wrote: Hello all! I am having a bit of trouble configuring my PF box to do RADIUS-CoA de-auth to my Cisco WLC 5508. I THINK I have everything configured right but I keep getting this error in the logs: Aug 05 16:58:27 pfsetvlan(1) WARN: Unable to perform RADIUS Disconnect-Request: Timeout waiting for a reply from 10.2.1.35 on port 3799 at /usr/local/pf/lib/pf/util/radius.pm line 160. (pf::SNMP::__ANON__) Aug 05 16:58:27 pfsetvlan(1) ERROR: Wrong RADIUS secret or unreachable network device... (pf::SNMP::__ANON__) Aug 05 16:58:27 pfsetvlan(1) INFO: finished (main::cleanupAfterThread) Now, that says I have the wrong RADIUS secret but I have quadruple checked to make sure the secret is correct. I have rebooted both boxes to make sure the changes persist and they do. I have checked the config guide but it doesn't mention anything I need to do on the WLC as far as RADIUS-CoA is concerned. As always, any help is appreciated. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton TX. 76513 Fone: 254-295-4658 Phax: 254-295-4221 HTTP://WWW.UMHB.EDU ------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk_______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk_______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk_______________________________________________ PacketFence-users mailing list Pac...@li...<mailto:Pac...@li...> https://lists.sourceforge.net/lists/listinfo/packetfence-users ********************************************** Email Disclaimer: This email, including attachments, may contain proprietary, confidential or privileged information. If you are not the intended recipient, please (i) do not use, disclose, save or retransmit this message or any attachments, (ii) alert the sender by reply email and (iii) destroy or delete this message and any attachments. Delivery of this email to a person other than the intended recipient(s) shall not constitute a waiver of privilege or confidentiality. CP Investments, member FINRA and SIPC, serves as placement agent for investment products advised by Canyon Capital Advisors LLC. This email is not intended to be an offer to sell or a solicitation of an offer to buy any security in any jurisdiction. We review and retain electronic communications traveling through our network. ********************************************** |
