Hi! Thanks for your hint,
i guess my configuration is nearly the same: interface FastEthernet0/4 switchport access vlan 4 switchport mode access switchport port-security maximum 1 vlan access switchport port-security switchport port-security violation restrict switchport port-security mac-address 0200.0001.0004 ... snmp-server enable traps port-security snmp-server enable traps port-security trap-rate 1 snmp-server host 192.168.61.1 version 2c public port-security But on the packetfence Server the Logs show: [r...@localhost conf]# tail -f /usr/local/pf/logs/snmptrapd.log 2011-01-06|09:21:24|UDP: [192.168.61.11]:61977|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (329158) 0:54:51.58|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10 = Wrong Type (should be INTEGER): Gauge32: 10|.1.3.6.1.2.1.31.1.1.1.1.10 = STRING: FastEthernet0/10|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10 = Hex-STRING: 00 23 54 0F 10 3F END VARIABLEBINDINGS [r...@localhost pf]# tail -f /usr/local/pf/logs/packetfence.log Jan 06 10:21:56 pfsetvlan(25) INFO: secureMacAddrViolation trap on 192.168.61.11 ifIndex 10. Port Security is no longer configured on the port. Flush the trap (main::signalHandlerTrapListQueued) Jan 06 10:22:08 pfsetvlan(21) INFO: secureMacAddrViolation trap on 192.168.61.11 ifIndex 10. Port Security is no longer configured on the port. Flush the trap (main::signalHandlerTrapListQueued) ... and the Port does not get switched. What am i doing wrong? Any more hints? Regards Martin Söntgenrath Am Mittwoch 05 Januar 2011 18:20:55 schrieb Melcher, Kerry: > Hi Martin, > I just did some testing on a Cisco 3550-PWR 24 port switch using port > security. I started with IOS 12.2(35)SE5 and ran into some issues. After > upgrading to 12.2(44)SE6 it worked. > > Also if you are doing Cisco VoIP, you have to change your port > configuration on the 3550 and 3560 switches from using the older Trunk VoIP > port config used on the 3524 switches to the Access port with Voice Vlan > config. There is one note in the Cisco Switch Configuration Guide for IOS > 12.2(55)SE page 23-12 for setting up Port-Security that says "Voice VLAN is > only supported on access ports and not trunk ports, even though the > configuration is allowed". This gave me a lot of trouble testing port > security on the 3550 and 3560 when they were configured as Trunk ports. > > This is a sample config for a 3550 and 3560 switch port using port security > with VoIP. interface FastEthernet0/1 > description F0/1 PF access-voice > switchport access vlan 81 > switchport mode access > switchport voice vlan 181 > switchport port-security maximum 2 > switchport port-security maximum 1 vlan access > switchport port-security maximum 1 vlan voice > switchport port-security > switchport port-security violation restrict > switchport port-security mac-address 0200.0000.0001 > priority-queue out > spanning-tree portfast > > This is a sample config for an older 3524 switch port using Mac Detection > with VoIP. The 3524 would not work with the Access port and Voice VLAN > config above. interface FastEthernet0/1 > description F0/1 PF MAC DOT1Q port to IP Phone > switchport trunk encapsulation dot1q > switchport trunk native vlan 4 > switchport mode trunk > switchport voice vlan 181 > switchport priority extend cos 0 > snmp trap mac-notification added > snmp trap mac-notification removed > spanning-tree portfast > > > Thank You, > Kerry Melcher > > > -----Original Message----- > From: Martin Soentgenrath [mailto:[email protected]] > Sent: Wednesday, January 05, 2011 4:52 AM > To: [email protected] > Subject: [Packetfence-users] IOS Version Cisco 3550 > > Hi there, > > which is the preferred supported IOS Version for the Cisco Catalyst 3550 > Switch? I would like to test this Switch with Port Security Traps, and was > not able to find Information regarding the IOS Version on > http://www.packetfence.org/documentation/pod/SNMP/Cisco/Catalyst_3550.html. > > Regards, > > Martin Söntgenrath > -- > tarent Gesellschaft für Softwareentwicklung und IT-Beratung mbH > Geschäftsführer: Boris Esser, Elmar Geese HRB AG Bonn 5168 - USt-ID (VAT): > DE122264941 > > Heilsbachstraße 24, 53123 Bonn, Telefon: +49 228 52675-0 > Thiemannstraße 36 a, 12059 Berlin, Telefon: +49 30 5682943-30 > Internet: http://www.tarent.de/ * Telefax: +49 228 52675-25 > > --------------------------------------------------------------------------- >--- Learn how Oracle Real Application Clusters (RAC) One Node allows > customers to consolidate database storage, standardize their database > environment, and, should the need arise, upgrade to a full multi-node > Oracle RAC database without downtime or disruption > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > --------------------------------------------------------------------------- >--- Learn how Oracle Real Application Clusters (RAC) One Node allows > customers to consolidate database storage, standardize their database > environment, and, should the need arise, upgrade to a full multi-node > Oracle RAC database without downtime or disruption > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- tarent Gesellschaft für Softwareentwicklung und IT-Beratung mbH Geschäftsführer: Boris Esser, Elmar Geese HRB AG Bonn 5168 - USt-ID (VAT): DE122264941 Heilsbachstraße 24, 53123 Bonn, Telefon: +49 228 52675-0 Thiemannstraße 36 a, 12059 Berlin, Telefon: +49 30 5682943-30 Internet: http://www.tarent.de/ • Telefax: +49 228 52675-25 ------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
