jrouzierinverse
commented
5 years ago Which version of PacketFence? Also, is this setup running in a cluster?
Open apkt opened 5 years ago
jrouzierinverse
commented
5 years ago Which version of PacketFence? Also, is this setup running in a cluster?
apkt
commented
5 years ago Hi James,
We are running 9.0.0 and is a standalone server.
If needed I can run pf-maint after taking a VMWare snapshot of the server.
Regards
Andrew
From: James Rouzier notifications@github.com Sent: 15 August 2019 17:08 To: inverse-inc/packetfence packetfence@noreply.github.com Cc: Torry, Andrew andrew.torry@fxplus.ac.uk; Author author@noreply.github.com Subject: Re: [inverse-inc/packetfence] Member of switch group inherits VLAN for Role from 'default' group rather than it's parent (#4722)
Which version of PacketFence? Also, is this setup running in a cluster?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/inverse-inc/packetfence/issues/4722?email_source=notifications&email_token=AETSHVOEJC5TN25UUHGO2XTQEV5NLA5CNFSM4IL4PUBKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4MHSGI#issuecomment-521697561, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AETSHVOT6DIPDNU53ER4FWTQEV5NLANCNFSM4IL4PUBA.
Andrew Torry
Senior Infrastructure Engineer
Tel: 01326 370760
Email: andrew.torry@fxplus.ac.uk
[cid:image9da6a0.PNG@f0779d8b.41b501f2] [Falmouth Exeter Plus] [cid:image349de1.PNG@95164385.4d90cf1d]
[Twitter] <https://twitter.com/falmouthexeter> [Facebook] <https://www.facebook.com/falmouthexeter> [Instagram] <https://www.instagram.com/falmouthexeterplus/> [YouTube] <https://www.youtube.com/channel/UC5-Jq4vTOhWgYoJJDYrZHWw>[cid:image31856c.PNG@9b82e591.4a914b52]
[Falmouth University]
Falmouth Exeter Plus is an exempt charity established by Falmouth University and the University of Exeter to deliver their shared Higher Education services in Cornwall.
When a switch is created as a member of a switch group the VLAN that is assigned to a role on that switch is inherited directly from the default group and not from the parent group.
[default] type=Cisco::Catalyst_2960 registrationVlan=820 isolationVlan=999 voiceVlan=22 cliTransport=SSH cliUser=XXX cliPwd=XXX cliEnablePwd=XXX SNMPVersion=2c SNMPCommunityRead=XXX SNMPCommunityWrite=XXX SNMPVersionTrap=2c SNMPCommunityTrap=XXX radiusSecret=XXX StudentVlan=2 StaffVlan=2 Falmouth_GuestVlan=2 IT_StaffVlan=5 guestVlan=2 UoE_GuestVlan=2 always_trigger=1 Eduroam-userVlan=2 UOE-UserVlan=2 coaPort=1700 deauthMethod=RADIUS VoIPEnabled=Y
[group Switchgroup] description=Switches located in specific location StudentVlan=160 gamingVlan=2 IT_StaffVlan=70
[10.252.252.10] description=Specific Switch in specific location group=Switchgroup
Extract from packetfence.log file:- Aug 13 13:15:31 PacketFence-ZEN auth[6845]: [mac:10:7d:1a:18:71:33] Accepted user: and returned VLAN 5 <---------- THIS SHOULD BE 70 Aug 13 13:15:31 PacketFence-ZEN auth[6845]: (30) Login OK: [107d1a187133] (from client 10.252.252.10 port 50347 cli 10:7d:1a:18:71:33)
Set the IT_StaffVlan to 70 manually on the switch (10.252.252.10) and the log shows:- Aug 13 13:15:06 PacketFence-ZEN auth[6845]: [mac:10:7d:1a:18:71:33] Accepted user: and returned VLAN 70 <----------THIS IS CORRECT Aug 13 13:15:06 PacketFence-ZEN auth[6845]: (27) Login OK: [107d1a187133] (from client 10.252.252.10 port 50347 cli 10:7d:1a:18:71:33)
Affects any device (Windows/Androis/iOS)
Expected behavior A device registering on the 10.252.252.10 switch receives the correct VLAN from the switch's parent group (VLAN 70) and not from the 'default' group (VLAN 5).
The VLAN assigned to the Role is correctly displayed on the GUI but is not implimented in reality.