Hi all. Can anyone give me any insight as to what I may have missed? Does this
use CLI in addition to SNMP to configure a port in this scenario?
I have defined a floating network device by MAC and have configured it to
create a trunk port, but what is happening is no trunk port is created and the
dummy mac and the line "switchport port-security violation restrict" are being
removed from the port config when this device is plugged in. When the device is
removed and another device plugged in the original port configuration does not
return leaving a port that does not configured properly to accept a different
device.
Thanks again
PF Version 2.0.1
Switch - Catalyst 3560 IOS version 12.2(53)
<START>
<Port configuration>
interface FastEthernet0/24
switchport access vlan 101
switchport mode access
switchport voice vlan 200
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address 0200.0001.0024 vlan access
spanning-tree portfast
<floating_network_device.conf>
[ac:67:06:15:30:30]
ip=1.2.3.4
trunkPort=yes
pvid=1
taggedVlan=
<PLUG IN FLOATING DEVICE>
2w3d: %ILPOWER-7-DETECT: Interface Fa0/24: Power Device detected: IEEE PD
2w3d: %ILPOWER-5-POWER_GRANTED: Interface Fa0/24: Power granted
2w3d: %LINK-3-UPDOWN: Interface FastEthernet0/24, changed state to up
2w3d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed
state to up
2w3d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed
state to down
2w3d: %LINK-3-UPDOWN: Interface FastEthernet0/24, changed state to down
2w3d: %LINK-3-UPDOWN: Interface FastEthernet0/24, changed state to up
2w3d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed
state to up
2w3d: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by
MAC address ac67.0615.3030 on port FastEthernet0/24.
2w3d: %SYS-5-CONFIG_I: Configured from 192.168.6.3 by snmp
<port config is now> <I would have expected a trunk port to be configured and
linkdown traps enables as per documentation>
interface FastEthernet0/24
switchport access vlan 101
switchport mode access
switchport voice vlan 200
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
spanning-tree portfast
<I would have expected a trunk port to be configured and linkdown traps enables
as per documentation>
<plug in any different device to FA0/24>
2w3d: %LINK-3-UPDOWN: Interface FastEthernet0/24, changed state to up
2w3d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed
state to up
Because port security was not returned to the port no traps are sent to PF to
know that it should change the port settings. Port config is left as is.
interface FastEthernet0/24
switchport access vlan 101
switchport mode access
switchport voice vlan 200
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
spanning-tree portfast
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
