[Packetfence-users] FP does not flip VLAN

jgrau Thu, 04 Nov 2010 06:19:47 -0700

We are using PF 1.9.1 in testing environment with a CISCO 3560 switch with 
latest IOS (C3560-IPBASEK9-M), Version 12.2(55)SE, RELEASE SOFTWARE (fc2))


After registering a node, it does not change to regular VLAN. We have 
inspected the code, and we think the problem was in 
sendLocalReAssignVlanTrap in package pf::SNMP::PacketFence;

Our logs are:

1) When calling directly flip command:
/usr/local/pf/bin/flip.pl 00:24:aa:28:71:dc
Nov 04 12:51:26 flip.pl(0) INFO: flip.pl called with 00:24:aa:28:71:dc 
(main::)
Nov 04 12:51:26 flip.pl(0) INFO: switch port for 00:24:aa:28:71:dc is 
192.168.51.5 ifIndex 10001 (main::)
Nov 04 12:51:26 flip.pl(0) INFO: creating new pf::SNMP::PacketFence object 
(pf::SwitchFactory::instantiate)

2) When registering via captive portal:
Nov 04 13:20:44 register.cgi(0) INFO: resolved 192.168.52.251 to mac 
(00:24:e8:28:71:dc) in ARP table (pf::iplog::ip2macinarp)
Nov 04 13:20:44 register.cgi(0) INFO: 192.168.52.251 - 00:24:e8:28:71:dc 
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_cgi_2dbin_register_2ecgi::handler)
Nov 04 13:20:44 register.cgi(0) INFO: calling /usr/local/pf/bin/pfcmd 
'manage register 00:24:e8:28:71:dc "jaume" pid="1",user_agent="Mozilla 5.0 
 Windows; U; Windows NT 5.1; ca; rv:1.8.1.13  Gecko 20080311 Firefox 
2.0.0.13  .NET CLR 3.5.30729 ",vlan="501"' (pf::web::web_node_register)
Nov 04 13:20:45 pfcmd(0) INFO: person jaume already exists 
(pf::node::node_register)
Nov 04 13:20:45 pfcmd(0) INFO: VLAN isolation is enabled and 
manage_register is part of adjustswitchportvlanreasons 
(main::generate_switchport_vlan_assignment)
Nov 04 13:20:45 pfcmd(0) INFO: 00:24:e8:28:71:dc is currentlog connected 
at 192.168.51.5 ifIndex 10001 in VLAN 502 
(main::generate_switchport_vlan_assignment)
Nov 04 13:20:45 pfcmd(0) INFO: creating new pf::SNMP::Cisco::Catalyst_3560 
object (pf::SwitchFactory::instantiate)
Nov 04 13:20:45 pfcmd(0) INFO: MAC: 00:24:e8:28:71:dc, PID: jaume, Status: 
reg, Category:  VLAN: 501 (pf::vlan::vlan_determine_for_node)
Nov 04 13:20:45 pfcmd(0) INFO: Jaume: 00:24:e8:28:71:dc, 
pf::SNMP::Cisco::Catalyst_3560=HASH(0xac5b3d0), 10001, 501, 502 
(main::generate_switchport_vlan_assignment)
Nov 04 13:20:45 pfcmd(0) INFO: new correct VLAN for 00:24:e8:28:71:dc is 
501 (main::generate_switchport_vlan_assignment)
Nov 04 13:20:45 pfcmd(0) INFO: calling /usr/local/pf/bin/flip.pl for node 
00:24:e8:28:71:dc (current VLAN = 502 but should be in VLAN 501) 
(main::generate_switchport_vlan_assignment)
Nov 04 13:20:45 pfcmd(0) INFO: /usr/local/pf/bin/flip.pl 00:24:e8:28:71:dc 
(main::generate_switchport_vlan_assignment)
Nov 04 13:20:45 flip.pl(0) INFO: flip.pl called with 00:24:e8:28:71:dc 
(main::)
Nov 04 13:20:45 flip.pl(0) INFO: switch port for 00:24:e8:28:71:dc is 
192.168.51.5 ifIndex 10001 (main::)
Nov 04 13:20:45 flip.pl(0) INFO: creating new pf::SNMP::PacketFence object 
(pf::SwitchFactory::instantiate)

3) When registering via web admin interface:
Nov 04 13:23:47 pfcmd(0) INFO: pfcmd calling node_modify for 
00:24:e8:28:71:dc (main::command_param)
Nov 04 13:23:47 pfcmd(0) INFO: VLAN isolation is enabled and node_modify 
is part of adjustswitchportvlanreasons 
(main::generate_switchport_vlan_assignment)
Nov 04 13:23:48 pfcmd(0) INFO: 00:24:e8:28:71:dc is currentlog connected 
at 192.168.51.5 ifIndex 10001 in VLAN 502 
(main::generate_switchport_vlan_assignment)
Nov 04 13:23:48 pfcmd(0) INFO: creating new pf::SNMP::Cisco::Catalyst_3560 
object (pf::SwitchFactory::instantiate)
Nov 04 13:23:48 pfcmd(0) INFO: MAC: 00:24:e8:28:71:dc, PID: 1, Status: 
reg, Category: 240 VLAN: 240 (pf::vlan::vlan_determine_for_node)
Nov 04 13:23:48 pfcmd(0) INFO: Jaume: 00:24:e8:28:71:dc, 
pf::SNMP::Cisco::Catalyst_3560=HASH(0xa8fcb08), 10001, 240, 502 
(main::generate_switchport_vlan_assignment)
Nov 04 13:23:48 pfcmd(0) INFO: new correct VLAN for 00:24:e8:28:71:dc is 
240 (main::generate_switchport_vlan_assignment)
Nov 04 13:23:48 pfcmd(0) INFO: calling /usr/local/pf/bin/flip.pl for node 
00:24:e8:28:71:dc (current VLAN = 502 but should be in VLAN 240) 
(main::generate_switchport_vlan_assignment)
Nov 04 13:23:48 pfcmd(0) INFO: /usr/local/pf/bin/flip.pl 00:24:e8:28:71:dc 
(main::generate_switchport_vlan_assignment)
Nov 04 13:23:49 flip.pl(0) INFO: flip.pl called with 00:24:e8:28:71:dc 
(main::)
Nov 04 13:23:49 flip.pl(0) INFO: switch port for 00:24:e8:28:71:dc is 
192.168.51.5 ifIndex 10001 (main::)
Nov 04 13:23:49 flip.pl(0) INFO: creating new pf::SNMP::PacketFence object 
(pf::SwitchFactory::instantiate)


But if we use pfcmd_vlan command, it's works, we could change the vlan:
[r...@paquetfence logs]# pfcmd_vlan -setvlan -switch 192.168.51.5 -vlan 
240 -ifindex 10001 -verbose 4
2010/11/04 12:55:21 (255) pf::SwitchFactory::new
    instantiating new SwitchFactory object
2010/11/04 12:55:21 (255) pf::SwitchFactory::readConfig
    reading config file /usr/local/pf/conf/switches.conf
2010/11/04 12:55:21 (354) pf::SwitchFactory::instantiate
    creating new pf::SNMP::Cisco::Catalyst_3560 object
2010/11/04 12:55:21 (354) pf::SwitchFactory::instantiate
    creating new pf::SNMP::Cisco::Catalyst_3560 object
2010/11/04 12:55:21 (356) main::
    start handling 'setVlan' command
2010/11/04 12:55:21 (358) pf::SNMP::connectRead
    opening SNMP v3 read connection to 192.168.51.5
2010/11/04 12:55:21 (391) pf::SNMP::connectRead
    SNMP get_request for sysLocation: 1.3.6.1.2.1.1.6.0
2010/11/04 12:55:21 (405) pf::SNMP::Cisco::getVlan
    SNMP get_request for vmVlan: 1.3.6.1.4.1.9.9.68.1.2.2.1.2.10001
2010/11/04 12:55:21 (416) pf::SNMP::_getMacAtIfIndex
    Jaume: dins
2010/11/04 12:55:21 (416) pf::SNMP::Cisco::getMacBridgePortHash
    SNMP get_table for ifPhysAddress: 1.3.6.1.2.1.2.2.1.6
2010/11/04 12:55:21 (457) pf::SNMP::Cisco::getMacBridgePortHash
    SNMP v3 get_table for dot1dBasePortIfIndex: 1.3.6.1.2.1.17.1.4.1.2
2010/11/04 12:55:26 (4987) pf::SNMP::Cisco::getMacBridgePortHash
    SNMP v3 get_table for dot1dTpFdbPort: 1.3.6.1.2.1.17.4.3.1.2
2010/11/04 12:55:30 (9431) pf::SNMP::_getMacAtIfIndex
    couldn't get MAC at ifIndex 10001. This is a problem.
2010/11/04 12:55:30 (9432) pf::db::db_query_execute
    attempt #0 to run query locationlog_view_open_switchport_no_VoIP_sql 
from module locationlog
2010/11/04 12:55:30 (9432) pf::db::db_query_execute
    Database statements not prepared, preparing...
2010/11/04 12:55:30 (9433) pf::locationlog::locationlog_db_prepare
    Preparing pf::locationlog database queries
2010/11/04 12:55:30 (9433) pf::db::db_connect
    function pf::db::get_db_handle is calling db_connect
2010/11/04 12:55:30 (9433) pf::db::db_connect
    checking handle
2010/11/04 12:55:30 (9434) pf::db::db_connect
    (Re)Connecting to MySQL (thread id: 0)
2010/11/04 12:55:30 (9453) pf::db::db_connect
    connected
2010/11/04 12:55:30 (9456) pf::SNMP::setVlan
    updating locationlog for 192.168.51.5 ifIndex 10001
2010/11/04 12:55:30 (9456) pf::db::db_query_execute
    attempt #0 to run query locationlog_update_end_switchport_no_VoIP_sql 
from module locationlog
2010/11/04 12:55:30 (9465) pf::db::db_query_execute
    attempt #0 to run query locationlog_insert_start_no_mac_sql from 
module locationlog
2010/11/04 12:55:30 (9474) pf::SNMP::setVlan
    setting VLAN at 192.168.51.5 ifIndex 10001 from 504 to 240
2010/11/04 12:55:30 (9474) pf::SNMP::connectWrite
    opening SNMP v3 write connection to 192.168.51.5
2010/11/04 12:55:30 (9474) pf::SNMP::connectWrite
    opening SNMP v3 write connection to 192.168.51.5
2010/11/04 12:55:31 (9495) pf::SNMP::connectWrite
    SNMP get_request for sysLocation: 1.3.6.1.2.1.1.6.0
2010/11/04 12:55:31 (9510) pf::SNMP::connectWrite
    SNMP set_request for sysLocation: 1.3.6.1.2.1.1.6.0 to
2010/11/04 12:55:31 (9520) pf::SNMP::Cisco::isRemovedTrapsEnabled
    SNMP get_request for cmnMacAddrRemovedEnable: 
1.3.6.1.4.1.9.9.215.1.2.1.1.2
2010/11/04 12:55:35 (13981) pf::SNMP::Cisco::isTrunkPort
    SNMP get_request for vlanTrunkPortDynamicState: 
1.3.6.1.4.1.9.9.46.1.6.1.1.13
2010/11/04 12:55:40 (18489) pf::SNMP::Cisco::_setVlan
    SNMP set_request for vmVlan: 1.3.6.1.4.1.9.9.68.1.2.2.1.2
2010/11/04 12:55:40 (18542) pf::SNMP::Cisco::getVlan
    SNMP get_request for vmVlan: 1.3.6.1.4.1.9.9.68.1.2.2.1.2.10001
2010/11/04 12:55:44 (22949) pf::SNMP::Cisco::getVlan
    SNMP get_request for vlanTrunkPortNativeVlan: 
1.3.6.1.4.1.9.9.46.1.6.1.1.5.10001
Use of uninitialized value in concatenation (.) or string at
        /usr/local/pf/bin/pfcmd_vlan line 529 (#1)
    (W uninitialized) An undefined value was used as if it were already
    defined.  It was interpreted as a "" or a 0, but maybe it was a 
mistake.
    To suppress this warning assign a defined value to your variables.

    To help you figure out what was undefined, perl tells you what 
operation
    you used the undefined value in.  Note, however, that perl optimizes 
your
    program and the operation displayed in the warning may not necessarily
    appear literally in your program.  For example, "that $foo" is
    usually optimized into "that " . $foo, and the warning will refer to
    the concatenation (.) operator, even though there is no . in your
    program.

new VLAN:
2010/11/04 12:55:48 (27267) main::
    finished handling 'setVlan' command



We thnik that the OIDs that is using in sendLocalReAssignVlanTrap in 
package pf::SNMP::PacketFence are wrong, is it possible?

sub sendLocalReAssignVlanTrap {
    my ( $this, $switch_ip, $ifIndex ) = @_;
    my $logger = Log::Log4perl::get_logger( ref($this) );
    if ( !$this->connectWrite() ) {
        return 0;
    }
    $logger->error ("Jaume: Net::SNMP::ENTERPRISE_SPECIFIC");
    my $result = $this->{_sessionWrite}->trap(
        -genericTrap => Net::SNMP::ENTERPRISE_SPECIFIC,
        -agentaddr   => $switch_ip,
        -varbindlist => [
            '1.3.6.1.6.3.1.1.4.1.0', Net::SNMP::OBJECT_IDENTIFIER,
            '1.3.6.1.4.1.29464.1.1', "1.3.6.1.2.1.2.2.1.1.$ifIndex",
            Net::SNMP::INTEGER,      $ifIndex,
        ]
    );
    if ( !$result ) {
        $logger->error(
            "error sending SNMP trap: " . $this->{_sessionWrite}->error() 
);
    }
    return 1;
}

Thanks in advance.

--

Jaume Grau Amenós
Departament de Insfraestructura Tecnològica
Servei de Tecnologies de la Informació i Telecomunicacions
Ajuntament de Reus

------------------------------------------------------------------------------
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a 
Billion" shares his insights and actions to help propel your 
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev

_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[Packetfence-users] FP does not flip VLAN

Reply via email to