On 09/24/2012 03:39 PM, Olivier Bilodeau wrote: > In MAC-Auth we bounce the port (shut / no shut), it's the most reliable > way to get the client to re-issue DHCP, etc. > > You can emulate it with: > > ... -setIfAdminStatus -ifAdminStatus 2 -switch ... -ifIndex ...
This is working just great: ./pfcmd_vlan -setIfAdminStatus -ifAdminStatus 2 -ifIndex 22 -switch 134.104.29.11 Sep 25 09:22:59 134.104.29.11 00077 ports: port 22 is now off-line > > wait 5 seconds > > ... -setIfAdminStatus -ifAdminStatus 2 -switch ... -ifIndex ... ./pfcmd_vlan -setIfAdminStatus -ifAdminStatus 1 -ifIndex 22 -switch 134.104.29.11 Sep 25 09:23:11 134.104.29.11 00435 ports: port 22 is Blocked by STP Sep 25 09:23:13 134.104.29.11 00076 ports: port 22 is now on-line To get it online again I had to set the admin status to 1, though. > For 802.1X, you need to do -deauthenticateDot1x -ifIndex <ifIndex> and > not just -deauthenticate <mac>. > > This is mentionned in pfcmd_vlan's help: > > -deauthenticateDot1x de-authenticate a dot1x client (pass ifIndex for > wired 802.1x and mac for wireless 802.1x) This was just meant as a test to see if the hardware was supported, not as a functional test. Sorry for the misunderstanding. I configured all switch ports to the "mac registration" vlan and the switch to send traps for link up and down events. When I plug a device in Paketfence does not seem to able to decode the traps (See below). After seeing a MAC address in the "mac detection" vlan, Packetfence should move the switch port to the "registration" vlan, shouldn't it? Is this something I can configure or do I have to get a HP E2910al module from you? Cheers Jan packetfence.log: Sep 25 11:17:02 pfsetvlan(0) DEBUG: adding trapline 2012-09-25|09:16:59|UDP: [134.104.29.11]:161->[134.104.18.141]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (486714) 1:21:07.14|.1.3.6.1.6.3.1.1.4. 1.0 = OID: .1.3.6.1.6.3.1.1.5.4|.1.3.6.1.2.1.2.2.1.1.22 = INTEGER: 22|.1.3.6.1.2.1.2.2.1.7.22 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.22 = INTEGER: up(1)|.1.3.6.1.6.3.1.1.4.3.0 = OID: .1.3.6.1.4.1.11.2.3.7.11.87 END VARIABLEBINDINGS to queued trapList (main::addTrapLin eToQueue) Sep 25 11:17:02 pfsetvlan(25) DEBUG: retrieved raw trapline 2012-09-25|09:16:59|UDP: [134.104.29.11]:161->[134.104.18.141]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (486714) 1:21:07.14|.1.3.6.1.6. 3.1.1.4.1.0 = OID: .1.3.6.1.6.3.1.1.5.4|.1.3.6.1.2.1.2.2.1.1.22 = INTEGER: 22|.1.3.6.1.2.1.2.2.1.7.22 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.22 = INTEGER: up(1)|.1.3.6.1.6.3.1.1.4.3.0 = OID: .1.3.6.1.4.1.11.2.3.7.11.87 END VARIABLEBINDINGS from trapList_queued at posi tion 0 (main::signalHandlerTrapListQueued) Sep 25 11:17:02 pfsetvlan(25) DEBUG: calling parseTrap for 2012-09-25|09:16:59|UDP: [134.104.29.11]:161->[134.104.18.141]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (486714) 1:21:07.14|.1.3.6.1.6.3 .1.1.4.1.0 = OID: .1.3.6.1.6.3.1.1.5.4|.1.3.6.1.2.1.2.2.1.1.22 = INTEGER: 22|.1.3.6.1.2.1.2.2.1.7.22 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.22 = INTEGER: up(1)|.1.3.6.1.6.3.1.1.4.3.0 = OID: .1.3.6.1.4.1.11.2.3.7.11.87 END VARIABLEBINDINGS (main::signalHandlerTrapListQ ueued) Sep 25 11:17:02 pfsetvlan(25) DEBUG: parsing trap 2012-09-25|09:16:59|UDP: [134.104.29.11]:161->[134.104.18.141]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (486714) 1:21:07.14|.1.3.6.1.6.3.1.1.4.1. 0 = OID: .1.3.6.1.6.3.1.1.5.4|.1.3.6.1.2.1.2.2.1.1.22 = INTEGER: 22|.1.3.6.1.2.1.2.2.1.7.22 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.22 = INTEGER: up(1)|.1.3.6.1.6.3.1.1.4.3.0 = OID: .1.3.6.1.4.1.11.2.3.7.11.87 END VARIABLEBINDINGS (main::parseTrap) Sep 25 11:17:02 pfsetvlan(25) DEBUG: creating new pf::SNMP::HP::Procurve_2600 object (pf::SwitchFactory::instantiate) Sep 25 11:17:02 pfsetvlan(25) DEBUG: trap currently not handled (pf::SNMP::HP::parseTrap) Sep 25 11:17:02 pfsetvlan(25) INFO: ignoring unknown trap: 2012-09-25|09:16:59|UDP: [134.104.29.11]:161->[134.104.18.141]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (486714) 1:21:07.14|.1.3.6.1.6.3 .1.1.4.1.0 = OID: .1.3.6.1.6.3.1.1.5.4|.1.3.6.1.2.1.2.2.1.1.22 = INTEGER: 22|.1.3.6.1.2.1.2.2.1.7.22 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.22 = INTEGER: up(1)|.1.3.6.1.6.3.1.1.4.3.0 = OID: .1.3.6.1.4.1.11.2.3.7.11.87 END VARIABLEBINDINGS (main::parseTrap) Sep 25 11:17:02 pfsetvlan(25) DEBUG: finished parsing 0th trapList_queued entry (main::signalHandlerTrapListQueued) -- MAX-PLANCK-INSTITUT fuer Radioastronomie Jan Behrend - Rechenzentrum ---------------------------------------- Auf dem Huegel 69, D-53121 Bonn Tel: +49 (228) 525 359, Fax: +49 (228) 525 229 jbehr...@mpifr-bonn.mpg.de http://www.mpifr-bonn.mpg.de ------------------------------------------------------------------------ Die digitale Unterschrift dieser Mail kann durch das Zertifikat der DFN Global Hierarchie überprüft werden: https://ca.mpg.de/certs/root-DGP/deutsche-telekom-ca2-root-cert.der Weitere Informationen zur CA der MPG finden Sie unter: https://ca.mpg.de ------------------------------------------------------------------------
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ PacketFence-devel mailing list PacketFence-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-devel
