'Re: [PacketFence-users] Creating simple vlan enforcement'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       packetfence-users
Subject:    Re: [PacketFence-users] Creating simple vlan enforcement
From:       Mehmet Ucpinar via PacketFence-users <packetfence-users () lists ! sourceforge ! net>
Date:       2023-07-26 9:36:09
Message-ID: DC32488C-2C36-4E3C-BA1D-97C023E4F84E () gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hello Ugur,

This is not related with pf.  Its just about ip dhcp-relay configuration on forti. \
You need to check dhcp-relay config on forti.

Kindly,


> On 25 Jul 2023, at 14:32, Uğur Aygün via PacketFence-users \
> <packetfence-users@lists.sourceforge.net> wrote: 
> 
> Hello guys i am new to nac environment and i am trying a simple thing;
> 
> I have a ssid named testwifi on fortigate. it's vlan id is 51 and the fortigate is \
> the dhcp of it. 
> In fortigate side i created radius for testwifi and connection is okay i can see \
> radius server connected from fortiside.   
> On packetfence side i created management interface and added another vlan with id \
> of 51 and gave it a ip from range of vlan 51. And added active directory accounts \
> also and it works.Also i crated  authentication source, connection profiles etc \
> according to the documents. 
> I simply want users get ip from vlan51 when they connected to testwifi .
> 
> 
> I managed to connect testwifi with my credentials and i can see the log in auditing \
> tab on packetfence. Here is the interesting thing. 
> When i connect i get ip address  but that ip address is not from vlan51. Instead of \
> it is getting ip from my original personal-wifi ip addresses which is on vlan 200. \
> I even did not enter vlanid  200 into packetfence. Also packetfence interface ip is \
> not in vlan 200 it is vlan80. I am completely lost how can i get ip from 200 even \
> if it is not on packetfence. 
> A help would be amazing if more information is necessary i can send.
> 
> <image.png>
> 
> 
> here is the config of interfaces.
> 
> Thank you all.
> 
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users


[Attachment #5 (text/html)]

<html><head><meta http-equiv="content-type" content="text/html; \
charset=utf-8"></head><body dir="auto">Hello Ugur,<div><br></div><div>This is not \
related with pf. &nbsp;Its just about ip dhcp-relay configuration on forti. You need \
to check dhcp-relay config on forti.</div><div><br></div><div>Kindly,<br><br><div \
dir="ltr"><br><blockquote type="cite">On 25 Jul 2023, at 14:32, Uğur Aygün via \
PacketFence-users &lt;packetfence-users@lists.sourceforge.net&gt; \
wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div \
dir="ltr"><font style="vertical-align:inherit"><font \
style="vertical-align:inherit">Hello guys i am new to nac environment and i am trying \
a simple thing;</font></font><div><br></div><div><font \
style="vertical-align:inherit"><font style="vertical-align:inherit">I have a ssid \
named testwifi on fortigate. </font></font><font style="vertical-align:inherit"><font \
style="vertical-align:inherit">it's</font></font><font \
style="vertical-align:inherit"><font style="vertical-align:inherit"> vlan id is 51 \
and the fortigate is the dhcp of it.</font></font></div><div><br></div><div><font \
style="vertical-align:inherit"><font style="vertical-align:inherit">In \
fortigate</font></font><font style="vertical-align:inherit"><font \
style="vertical-align:inherit"> side </font></font><font \
style="vertical-align:inherit"><font style="vertical-align:inherit">i created \
</font></font> <font style="vertical-align:inherit"><font \
style="vertical-align:inherit">radius</font></font><font \
style="vertical-align:inherit"><font style="vertical-align:inherit"> for \
</font></font><font style="vertical-align:inherit"><font \
style="vertical-align:inherit">testwifi </font></font> <font \
style="vertical-align:inherit"><font style="vertical-align:inherit">and \
connection</font></font><font style="vertical-align:inherit"><font \
style="vertical-align:inherit"> is </font></font><font \
style="vertical-align:inherit"><font style="vertical-align:inherit">okay i can \
</font></font> <font style="vertical-align:inherit"><font \
style="vertical-align:inherit">see radius</font></font><font \
style="vertical-align:inherit"><font style="vertical-align:inherit"> server connected \
from fortiside.&nbsp;&nbsp;</font></font><br></div><div><br></div><div><font \
style="vertical-align:inherit"><font style="vertical-align:inherit">On \
packetfence</font></font><font style="vertical-align:inherit"><font \
style="vertical-align:inherit"> side </font></font><font \
style="vertical-align:inherit"><font style="vertical-align:inherit">i created \
</font></font> <font style="vertical-align:inherit"><font \
style="vertical-align:inherit">management</font></font><font \
style="vertical-align:inherit"><font style="vertical-align:inherit"> interface and \
added another vlan with id of 51 and gave it </font></font><font \
style="vertical-align:inherit"><font style="vertical-align:inherit">a \
ip</font></font><font style="vertical-align:inherit"><font \
style="vertical-align:inherit"> from range of vlan 51. And added active directory \
accounts also and it works.Also i </font></font><font \
style="vertical-align:inherit"><font \
style="vertical-align:inherit">crated</font></font><font \
style="vertical-align:inherit"><font style="vertical-align:inherit"> \
&nbsp;authentication source, connection profiles etc according to the \
documents.</font></font></div><div><br></div><div><font \
style="vertical-align:inherit"><font style="vertical-align:inherit">I simply want \
</font></font><font style="vertical-align:inherit"><font \
style="vertical-align:inherit">users get</font></font><font \
style="vertical-align:inherit"><font style="vertical-align:inherit"> ip from vlan51 \
when they </font></font><font style="vertical-align:inherit"><font \
style="vertical-align:inherit">connected</font></font><font \
style="vertical-align:inherit"><font style="vertical-align:inherit"> to \
</font></font><font style="vertical-align:inherit"><font \
style="vertical-align:inherit">testwifi</font></font><font \
style="vertical-align:inherit"><font style="vertical-align:inherit"> \
.</font></font></div><div><br></div><div><br></div><div><font \
style="vertical-align:inherit"><font style="vertical-align:inherit">I managed to \
connect testwifi with my credentials and </font></font><font \
style="vertical-align:inherit"><font style="vertical-align:inherit">i \
can</font></font><font style="vertical-align:inherit"><font \
style="vertical-align:inherit"> see the log in auditing tab on packetfence. \
</font><font style="vertical-align:inherit">Here is the interesting \
thing.</font></font></div><div><br></div><div><font \
style="vertical-align:inherit"><font style="vertical-align:inherit">When \
</font></font><font style="vertical-align:inherit"><font \
style="vertical-align:inherit">i connect </font></font> <font \
style="vertical-align:inherit"><font style="vertical-align:inherit">i get \
</font></font> <font style="vertical-align:inherit"><font \
style="vertical-align:inherit">ip address</font></font><font \
style="vertical-align:inherit"><font style="vertical-align:inherit"> &nbsp;but that \
ip address is not from vlan51. </font></font><font \
style="vertical-align:inherit"><font style="vertical-align:inherit">Instead of \
it</font></font><font style="vertical-align:inherit"><font \
style="vertical-align:inherit"> is getting ip from my original personal-wifi ip \
</font></font><font style="vertical-align:inherit"><font \
style="vertical-align:inherit">addresses</font></font><font \
style="vertical-align:inherit"><font style="vertical-align:inherit"> which is on vlan \
200. I even did not enter </font></font><font style="vertical-align:inherit"><font \
style="vertical-align:inherit">vlanid</font></font><font \
style="vertical-align:inherit"><font style="vertical-align:inherit"> &nbsp;200 into \
packetfence. </font><font style="vertical-align:inherit">Also packetfence interface \
ip is not in vlan 200 it is vlan80. </font><font style="vertical-align:inherit">I am \
completely </font></font><font style="vertical-align:inherit"><font \
style="vertical-align:inherit">lost how</font></font><font \
style="vertical-align:inherit"><font style="vertical-align:inherit"> can \
</font></font><font style="vertical-align:inherit"><font \
style="vertical-align:inherit">i get</font></font><font \
style="vertical-align:inherit"><font style="vertical-align:inherit"> ip from 200 even \
if it is not on packetfence.</font></font></div><div><br></div><div><font \
style="vertical-align:inherit"><font style="vertical-align:inherit">A help would be \
amazing if more information is necessary i can \
send.</font></font></div><div><br></div><div><div>&lt;image.png&gt;</div><br></div><div><br></div><div><font \
style="vertical-align:inherit"><font style="vertical-align:inherit">here is the \
config of interfaces.</font></font></div><div><font \
style="vertical-align:inherit"><font \
style="vertical-align:inherit"><br></font></font></div><div><font \
style="vertical-align:inherit"><font style="vertical-align:inherit">Thank you \
all.</font></font></div><div><br></div></div> \
<span>_______________________________________________</span><br><span>PacketFence-users \
mailing list</span><br><span>PacketFence-users@lists.sourceforge.net</span><br><span>h \
ttps://lists.sourceforge.net/lists/listinfo/packetfence-users</span><br></div></blockquote></div></body></html>






_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic