Hi Martin, If you are just testing on switch port 4, try editing your switches.conf file and make all the other ports or the ports you don't have configure for port-security as uplinks.
In the packetfence.log file the error is reporting on ifindex 10 which should be port 10 on the Cisco 3550. The ifindex numbers are shifted by 1 on the Cisco 3524. I did some SNMP debugs on one of my Cisco switches and it look like PF does what looks like an SNMP scan on all the ports and tries to manage all the ports that aren't logged as uplinks in the switches.conf file. I suspect that your switch port 10 isn't configured for port-security and isn't an uplink in the switches.conf file. Thank You, Kerry Melcher -----Original Message----- From: Martin Soentgenrath [mailto:[email protected]] Sent: Thursday, January 06, 2011 1:43 AM To: [email protected] Subject: Re: [Packetfence-users] IOS Version Cisco 3550 Hi! Thanks for your hint, i guess my configuration is nearly the same: interface FastEthernet0/4 switchport access vlan 4 switchport mode access switchport port-security maximum 1 vlan access switchport port-security switchport port-security violation restrict switchport port-security mac-address 0200.0001.0004 ... snmp-server enable traps port-security snmp-server enable traps port-security trap-rate 1 snmp-server host 192.168.61.1 version 2c public port-security But on the packetfence Server the Logs show: [r...@localhost conf]# tail -f /usr/local/pf/logs/snmptrapd.log 2011-01-06|09:21:24|UDP: [192.168.61.11]:61977|0.0.0.0|BEGIN TYPE 0 END 2011-01-06|TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (329158) 0:54:51.58|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10 = Wrong Type (should be INTEGER): Gauge32: 10|.1.3.6.1.2.1.31.1.1.1.1.10 = STRING: FastEthernet0/10|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10 = Hex-STRING: 00 23 54 0F 10 3F END VARIABLEBINDINGS [r...@localhost pf]# tail -f /usr/local/pf/logs/packetfence.log Jan 06 10:21:56 pfsetvlan(25) INFO: secureMacAddrViolation trap on 192.168.61.11 ifIndex 10. Port Security is no longer configured on the port. Flush the trap (main::signalHandlerTrapListQueued) Jan 06 10:22:08 pfsetvlan(21) INFO: secureMacAddrViolation trap on 192.168.61.11 ifIndex 10. Port Security is no longer configured on the port. Flush the trap (main::signalHandlerTrapListQueued) ... and the Port does not get switched. What am i doing wrong? Any more hints? Regards Martin Söntgenrath Am Mittwoch 05 Januar 2011 18:20:55 schrieb Melcher, Kerry: > Hi Martin, > I just did some testing on a Cisco 3550-PWR 24 port switch using port > security. I started with IOS 12.2(35)SE5 and ran into some issues. > After upgrading to 12.2(44)SE6 it worked. > > Also if you are doing Cisco VoIP, you have to change your port > configuration on the 3550 and 3560 switches from using the older Trunk > VoIP port config used on the 3524 switches to the Access port with > Voice Vlan config. There is one note in the Cisco Switch > Configuration Guide for IOS 12.2(55)SE page 23-12 for setting up > Port-Security that says "Voice VLAN is only supported on access ports > and not trunk ports, even though the configuration is allowed". This > gave me a lot of trouble testing port security on the 3550 and 3560 when they > were configured as Trunk ports. > > This is a sample config for a 3550 and 3560 switch port using port > security with VoIP. interface FastEthernet0/1 description F0/1 PF > access-voice switchport access vlan 81 switchport mode access > switchport voice vlan 181 switchport port-security maximum 2 > switchport port-security maximum 1 vlan access switchport > port-security maximum 1 vlan voice switchport port-security > switchport port-security violation restrict switchport port-security > mac-address 0200.0000.0001 priority-queue out spanning-tree portfast > > This is a sample config for an older 3524 switch port using Mac > Detection with VoIP. The 3524 would not work with the Access port and > Voice VLAN config above. interface FastEthernet0/1 description F0/1 > PF MAC DOT1Q port to IP Phone switchport trunk encapsulation dot1q > switchport trunk native vlan 4 switchport mode trunk switchport > voice vlan 181 switchport priority extend cos 0 snmp trap > mac-notification added snmp trap mac-notification removed > spanning-tree portfast > > > Thank You, > Kerry Melcher > > > -----Original Message----- > From: Martin Soentgenrath [mailto:[email protected]] > Sent: Wednesday, January 05, 2011 4:52 AM > To: [email protected] > Subject: [Packetfence-users] IOS Version Cisco 3550 > > Hi there, > > which is the preferred supported IOS Version for the Cisco Catalyst > 3550 Switch? I would like to test this Switch with Port Security > Traps, and was not able to find Information regarding the IOS Version > on http://www.packetfence.org/documentation/pod/SNMP/Cisco/Catalyst_3550.html. > > Regards, > > Martin Söntgenrath > -- > tarent Gesellschaft für Softwareentwicklung und IT-Beratung mbH > Geschäftsführer: Boris Esser, Elmar Geese HRB AG Bonn 5168 - USt-ID (VAT): > DE122264941 > > Heilsbachstraße 24, 53123 Bonn, Telefon: +49 228 52675-0 > Thiemannstraße 36 a, 12059 Berlin, Telefon: +49 30 5682943-30 > Internet: http://www.tarent.de/ * Telefax: +49 228 52675-25 > > >----------------------------------------------------------------------- >---- >--- Learn how Oracle Real Application Clusters (RAC) One Node allows >customers to consolidate database storage, standardize their database >environment, and, should the need arise, upgrade to a full multi-node >Oracle RAC database without downtime or disruption >http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > >----------------------------------------------------------------------- >---- >--- Learn how Oracle Real Application Clusters (RAC) One Node allows >customers to consolidate database storage, standardize their database >environment, and, should the need arise, upgrade to a full multi-node >Oracle RAC database without downtime or disruption >http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- tarent Gesellschaft für Softwareentwicklung und IT-Beratung mbH Geschäftsführer: Boris Esser, Elmar Geese HRB AG Bonn 5168 - USt-ID (VAT): DE122264941 Heilsbachstraße 24, 53123 Bonn, Telefon: +49 228 52675-0 Thiemannstraße 36 a, 12059 Berlin, Telefon: +49 30 5682943-30 Internet: http://www.tarent.de/ * Telefax: +49 228 52675-25 ------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
