<Starting port config> interface FastEthernet0/15 switchport access vlan 101 switchport mode access switchport voice vlan 200 switchport port-security maximum 2 switchport port-security maximum 1 vlan access switchport port-security switchport port-security violation restrict switchport port-security mac-address 0200.0001.0015 vlan access spanning-tree portfast
<Here is the log. It appears that the problem first of all was that I did not have any 'tagged vlans' defined because I don't want to tag any traffic from this device.> Feb 02 15:Feb 02 15:58:35 pfsetvlan(1) DEBUG: upLink: 10001 (pf::SNMP::Cisco::getUpLinks) Feb 02 15:58:35 pfsetvlan(1) INFO: secureMacAddrViolation trap received on 192.168.10.228 ifIndex 10015 for ac:67:06:15:30:30 (main::handleTrap) Feb 02 15:58:35 pfsetvlan(1) INFO: The floating network device ac:67:06:15:30:30 has just plugged into 192.168.10.228 port 10015. Enabling floating network device configuration on the port. (main::handleTrap) Feb 02 15:58:35 pfsetvlan(1) INFO: Disabling port-security on port 10015 (pf::floatingdevice::enablePortConfig) Feb 02 15:58:35 pfsetvlan(1) DEBUG: opening SNMP v2c write connection to 192.168.10.228 (pf::SNMP::connectWrite) Feb 02 15:58:35 pfsetvlan(1) INFO: Setting port 10015 as trunk. (pf::SNMP::Cisco::Catalyst_2950::enablePortConfigAsTrunk) Feb 02 15:58:35 pfsetvlan(1) INFO: Allowing tagged Vlans on port 10015 (pf::SNMP::Cisco::Catalyst_2950::enablePortConfigAsTrunk) Feb 02 15:58:35 pfsetvlan(1) ERROR: Tagged Vlan list is empty. Cannot set the tagged Vlans on trunk port 10015 (pf::SNMP::Cisco::Catalyst_2950::setTaggedVlan) Feb 02 15:58:35 pfsetvlan(1) ERROR: An error occured while allowing tagged Vlans on trunk port 10015 (pf::SNMP::Cisco::Catalyst_2950::enablePortConfigAsTrunk) Feb 02 15:58:35 pfsetvlan(1) INFO: An error occured while enabling floating network device configuration on port 10015. It may not work! (main::handleTrap) Feb 02 15:58:35 pfsetvlan(1) INFO: finished (main::cleanupAfterThread) Feb 02 15:58:35 pfsetvlan(1) DEBUG: closing SNMP v2c read connection to 192.168.10.228 (pf::SNMP::disconnectRead) Feb 02 15:58:35 pfsetvlan(1) DEBUG: closing SNMP v2c write connection to 192.168.10.228 (pf::SNMP::disconnectWrite) <So I added VLAN 200 as a tagged vlan, reset the port config and tried again and tried again.> Feb 03 09:13:28 pfsetvlan(17) INFO: secureMacAddrViolation trap received on 192.168.10.228 ifIndex 10015 for ac:67:06:15:30:30 (main::handleTrap) Feb 03 09:13:28 pfsetvlan(17) INFO: The floating network device ac:67:06:15:30:30 has just plugged into 192.168.10.228 port 10015. Enabling floating network device configuration on the port. (main::handleTrap) Feb 03 09:13:28 pfsetvlan(17) INFO: Disabling port-security on port 10015 (pf::floatingdevice::enablePortConfig) Feb 03 09:13:28 pfsetvlan(17) DEBUG: opening SNMP v2c write connection to 192.168.10.228 (pf::SNMP::connectWrite) Feb 03 09:13:28 pfsetvlan(17) INFO: Setting port 10015 as trunk. (pf::SNMP::Cisco::Catalyst_2950::enablePortConfigAsTrunk) Feb 03 09:13:28 pfsetvlan(17) ERROR: An error occured while enabling port 10015 as multi-vlan (trunk) (pf::SNMP::Cisco::Catalyst_2950::enablePortConfigAsTrunk) Feb 03 09:13:28 pfsetvlan(17) INFO: An error occured while enabling floating network device configuration on port 10015. It may not work! (main::handleTrap) Feb 03 09:13:28 pfsetvlan(17) INFO: finished (main::cleanupAfterThread) Feb 03 09:13:28 pfsetvlan(17) DEBUG: closing SNMP v2c read connection to 192.168.10.228 (pf::SNMP::disconnectRead) Feb 03 09:13:28 pfsetvlan(17) DEBUG: closing SNMP v2c write connection to 192.168.10.228 (pf::SNMP::disconnectWrite) Feb 03 09:13:28 pfsetvlan(18) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Feb 03 09:13:28 pfsetvlan(18) DEBUG: opening SNMP v2c read connection to 192.168.10.228 (pf::SNMP::connectRead) Feb 03 09:13:28 pfsetvlan(18) INFO: secureMacAddrViolation trap received on 192.168.10.228 ifIndex 10015 for ac:67:06:15:30:30 (main::handleTrap) Feb 03 09:13:28 pfsetvlan(18) INFO: The floating network device ac:67:06:15:30:30 has just plugged into 192.168.10.228 port 10015. Enabling floating network device configuration on the port. (main::handleTrap) Feb 03 09:13:28 pfsetvlan(18) INFO: Disabling port-security on port 10015 (pf::floatingdevice::enablePortConfig) Feb 03 09:13:28 pfsetvlan(18) DEBUG: opening SNMP v2c write connection to 192.168.10.228 (pf::SNMP::connectWrite) Feb 03 09:13:28 pfsetvlan(18) INFO: Setting port 10015 as trunk. (pf::SNMP::Cisco::Catalyst_2950::enablePortConfigAsTrunk) Feb 03 09:13:28 pfsetvlan(18) ERROR: An error occured while enabling port 10015 as multi-vlan (trunk) (pf::SNMP::Cisco::Catalyst_2950::enablePortConfigAsTrunk) Feb 03 09:13:28 pfsetvlan(18) INFO: An error occured while enabling floating network device configuration on port 10015. It may not work! (main::handleTrap) Feb 03 09:13:28 pfsetvlan(18) INFO: finished (main::cleanupAfterThread) Feb 03 09:13:28 pfsetvlan(18) DEBUG: closing SNMP v2c read connection to 192.168.10.228 (pf::SNMP::disconnectRead) Feb 03 09:13:28 pfsetvlan(18) DEBUG: closing SNMP v2c write connection to 192.168.10.228 (pf::SNMP::disconnectWrite) <resulting port config> interface FastEthernet0/15 switchport access vlan 101 switchport mode access switchport voice vlan 200 switchport port-security maximum 2 switchport port-security maximum 1 vlan access spanning-tree portfast end -----Original Message----- From: Olivier Bilodeau [mailto:[email protected]] Sent: Wednesday, February 02, 2011 1:06 PM To: [email protected] Subject: Re: [Packetfence-users] Floating Network Device port not configuring correctly Hi Kurtis, > Hi all. Can anyone give me any insight as to what I may have missed? > Does this use CLI in addition to SNMP to configure a port in this scenario? If you have VoIP I think CLI is required because there is no way to set a maximum MACs on the data VLAN using SNMP. Otherwise if you don't have VoIP, maybe we have a problem with the 3560's and floating network devices. > > I have defined a floating network device by MAC and have configured it > to create a trunk port, but what is happening is no trunk port is > created and the dummy mac and the line "switchport port-security > violation restrict" are being removed from the port config when this > device is plugged in. When the device is removed and another device > plugged in the original port configuration does not return leaving a > port that does not configured properly to accept a different device. > Sounds like there's an issue trying to setup a trunk port on your switch. My gut feeling is that the SNMP interface to do so varies between the 2950 (which was our original floating device target) and the 3560. First, can you send the output of logs/packetfence.log? Extract only the portion where you do a floating device test. We should see failures related to setting trunk and I'll be able to troubleshoot further. If you don't see anything useful, crank up the verbosity of the log in conf/log.conf by replacing: log4perl.category.pf.SNMP = WARN with log4perl.category.pf.SNMP = DEBUG Thanks, -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
