Menu
▾
▴
Re: [PacketFence-users] PF + CIsco 2960 deathentication scenario
|
From: Fabrice D. <fd...@in...> - 2017-04-28 12:36:17
|
Hello Mikhail, follow the guide section 4.8.6 (https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html) and be sure that you configured dynamic-author. Then on the PacketFence side in your switch config select Radius as deauth method. Also have a look at pfqueue.log to see error messages related to the deauth. Regards Fabrice Le 2017-04-28 à 07:12, Mikhail Pissarenko a écrit : > Hi there again, > > Thanks for the previous advice. We've given it to our dev department. > > One thing that's bothering us upon deployment is the fact that changes > on packetfence (a registration, change of VLAN) are not applied until > the switch asks radius to authenticate the mac address again, so > usually user support would advice the user to reconnect their device > or restart their computer to gain access and etc. We can counter this > by lowering the authentication timers on our ports but we fear we'll > create too much junk traffic thus saturating our network. > > I'm not sure if I've got my config right, but isnt't packetfence > supposed to report changes to the switch using SNMP? > > Thanks in advice again. > > 2017-03-30 2:09 GMT+02:00 Durand fabrice <fd...@in... > <mailto:fd...@in...>>: > > Hello Mikhail, > > it can probably done with radius accounting, when PacketFence > receive an accounting stop then unreg the device. > > Btw it need a little bit of code. (lib/pf/radius.pm > <http://radius.pm>) > > Regards > > Fabrice > > > Le 2017-03-29 à 11:02, Mikhail Pissarenko a écrit : >> Hi, good afternoon. >> >> My name is Mikhail and I'm an intern of the STIT department >> servicing our local town hall, located in Reus, Spain. >> >> We're currently testing PacketFence with Cisco 2960 mainly as a >> way to assign the right VLAN to the right device on our >> production networks, along with other projects. >> >> I'm a bit on a tight deadline at this point, and while I got most >> of the functionality working (traps, VLAN assignment, captive >> portal behaviour, etc.) I've had a request I can't seem to figure >> out. >> >> We want all endpoints (mostly desktop and laptop PCs) to >> deauthenticate/return to the registration VLAN (in our case it's >> the default 2) as soon as the device gets unplugged from the >> switch or gets disconnected. >> >> I'm not asking for a "cookbook" style guide, I'd just like to >> know where should I be poking at. I'll figure the rest out. I hope. >> >> Thanks in advice. >> >> PS: I might be mailing more stuff here as more requests come up >> from my staff. >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> >> _______________________________________________ >> PacketFence-users mailing list >> Pac...@li... >> <mailto:Pac...@li...> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ PacketFence-users > mailing list Pac...@li... > <mailto:Pac...@li...> > https://lists.sourceforge.net/lists/listinfo/packetfence-users > <https://lists.sourceforge.net/lists/listinfo/packetfence-users> > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > _______________________________________________ > PacketFence-users mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand fd...@in... :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) |
