Menu
▾
▴
Re: [PacketFence-users] Error in parsing of RADIUS VLAN entry
|
From: Guntharp, J. W. <jwg...@ic...> - 2015-07-15 21:54:35
|
I took the switch down to the most basic config possible with only mac authentication via dot1x method. The best I can get is a MAC authentication failed message from the switch side. All the packetfence logs look as they did earlier. I suppose at this point, I could ping my Brocade SE. Here is my basic config to test registration:
Current configuration:
!
ver 08.0.10c1T313
!
stack unit 1
module 1 icx6450-48p-poe-port-management-module
module 2 icx6450-sfp-plus-4port-40g-module
!
vlan 1 name DEFAULT-VLAN by port
vlan 100 name macDetection by port
vlan 101 name registration by port
vlan 301 name route by port
tagged ethe 1/1/1
router-interface ve 301
! !
aaa authentication dot1x default radius
ip route 0.0.0.0/0 172.21.255.1
radius-server host 172.21.31.252 auth-port 1812 acct-port 1813 default
radius-server key 2 $LW5kVW5v
mac-authentication enable
mac-authentication mac-vlan-dyn-activation
!
interface ethernet 1/1/13
mac-authentication enable
mac-authentication enable-dynamic-vlan
!
interface ve 301
ip address 172.21.255.2 255.255.255.192
!
!
!
end
From: Louis Munro [mailto:lm...@in...]
Sent: Wednesday, July 15, 2015 1:45 PM
To: pac...@li...
Subject: Re: [PacketFence-users] Error in parsing of RADIUS VLAN entry
On Jul 15, 2015, at 14:40 , Guntharp, Jason W. <jwg...@ic...<mailto:jwg...@ic...>> wrote:
Sending Access-Accept of id 94 to 172.21.255.2 port 1137
Tunnel-Private-Group-Id:0 = "101"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
This looks like a perfectly valid radius reply to me.
The problem is more likely to be on the switch's side.
Are you sure it is correctly configured?
--
Louis Munro
lm...@in...<mailto:lm...@in...> :: www.inverse.ca<http://www.inverse.ca>
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and PacketFence (www.packetfence.org<http://www.packetfence.org>)
|
