[c-nsp] Packetfence integrage with cisco AP without WLC
Namjil
namjil at icn.mn
Mon Jan 30 00:09:53 EST 2017
Hello Everyone
Does anyone know about Packetfence?
I installed Packetfence-6_4_0 on VMware and tried to integrate with Cisco
AIR-AP1242G. I've not any Wireless Controller.
I set cisco AP by this guide:
https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.
html.
This URL is my network diagram: https://i.imgsafe.org/ad79256af9.jpg.
I'm tring to connect to SSID but following LOGs on AP and Packetfence
(PFence and Radius installed in same server):
Cisco AP:
*Jan 25 11:27:57.635: %RADIUS-4-RADIUS_DEAD: RADIUS server
192.168.140.1:1812,1813 is not responding.
*Jan 25 11:27:57.636: %RADIUS-4-RADIUS_ALIVE: RADIUS server
192.168.140.1:1812,1813 is being marked alive.
*Jan 25 11:28:07.075: %DOT11-7-AUTH_FAILED: Station 344d.f74a.dc5f
Authentication failed
### Packetfence LOGs:
# more /usr/local/pf/logs/packetfence.log
Jan 29 05:13:17 httpd.aaa(15634) INFO: [mac:34:4d:f7:4a:dc:5f] handling
radius autz request: from switch_ip => (10.0.0.2), connection_type =>
Wireless-802.11-NoEAP,switch_mac => (00:3a:98:1e:c6:20), mac =>
[34:4d:f7:4a:dc:5f], port => 722, username => "344df74adc5f", ssid =>
PacketFence-Public (pf::radius::authorize)
Jan 29 05:13:17 httpd.aaa(15634) INFO: [mac:34:4d:f7:4a:dc:5f] Instantiate
profile default (pf::Portal::ProfileFactory::_from_profile)
Jan 29 05:13:17 httpd.aaa(15634) INFO: [mac:34:4d:f7:4a:dc:5f] is of status
unreg; belongs into registration VLAN (pf::role::getRegistrationRole)
Jan 29 05:13:17 httpd.aaa(15634) INFO: [mac:34:4d:f7:4a:dc:5f] (10.0.0.2)
Added VLAN 130 to the returned RADIUS Access-Accept
(pf::Switch::returnRadiusAccessAccept)
Jan 29 05:13:20 pfsetvlan(3) INFO: nb of items in queue: 1; nb of threads
running: 0 (main::startTrapHandlers)
Jan 29 05:13:20 pfsetvlan(3) INFO: doWeActOnThisTrap returns false. Stop
dot11Deauthentication handling (main::handleTrap)
Jan 29 05:13:20 pfsetvlan(3) INFO: finished (main::cleanupAfterThread)
Jan 29 05:13:20 pfsetvlan(5) INFO: nb of items in queue: 1; nb of threads
running: 0 (main::startTrapHandlers)
Jan 29 05:13:20 pfsetvlan(5) INFO: doWeActOnThisTrap returns false. Stop
dot11Deauthentication handling (main::handleTrap)
Jan 29 05:13:20 pfsetvlan(5) INFO: finished (main::cleanupAfterThread)
# more /usr/local/pf/logs/radius.log
Sun Jan 29 05:13:17 2017 : Info: rlm_rest (rest): Closing connection (37):
Hit idle_timeout, was idle for 3244 seconds
Sun Jan 29 05:13:17 2017 : Info: rlm_rest (rest): Closing connection (38):
Hit idle_timeout, was idle for 3244 seconds
Sun Jan 29 05:13:17 2017 : Info: rlm_rest (rest): Opening additional
connection (39), 1 of 64 pending slots used
Sun Jan 29 05:13:17 2017 : Info: rlm_rest (rest): Need 2 more connections to
reach 10 spares
Sun Jan 29 05:13:17 2017 : Info: rlm_rest (rest): Opening additional
connection (40), 1 of 63 pending slots used
Sun Jan 29 05:13:17 2017 : Info: rlm_sql (sql): Closing connection (38): Hit
idle_timeout, was idle for 3244 seconds
Sun Jan 29 05:13:17 2017 : Info: rlm_sql (sql): Closing connection (39): Hit
idle_timeout, was idle for 3244 seconds
Sun Jan 29 05:13:17 2017 : Info: rlm_sql (sql): Opening additional
connection (40), 1 of 64 pending slots used
Sun Jan 29 05:13:17 2017 : Info: rlm_sql (sql): Need 2 more connections to
reach 10 spares
Sun Jan 29 05:13:17 2017 : Info: rlm_sql (sql): Opening additional
connection (41), 1 of 63 pending slots used
Sun Jan 29 05:13:17 2017 : [mac:34:4d:f7:4a:dc:5f] Accepted user: and
returned VLAN 130
Sun Jan 29 05:13:17 2017 : Auth: (17) Login OK: [344df74adc5f] (from client
10.0.0.2 port 722 cli 34:4d:f7:4a:dc:5f)
Regards,
Namjil
More information about the cisco-nsp
mailing list