Hi Olivier, Ok, I understand.
I will test with Telnet out of curiosity, but I am not sure about using it in production. My concern with telnet is that there will be a large load if the switch is rebooted and a lot of clients connect at the same time? Presumably telnet/ssh does not need to be enabled if I use the linkup/linkdown snmp traps rather than port security mode? >Do you have a lot of these? If you do, I would recommend telling your network >vendor about PacketFence and telling >them to get in touch with us to improve >their product's support in PacketFence. I have a few of these and also some 3Com 5500G and 4800G - the software on those is very similar to the 4200G so I am hoping to get it to work with all of them. Sadly, HP bought 3Com out last year and I suspect these will go end-of-life shortly, if they haven't already - so I doubt HP will be of much help. Regards, Mark -----Original Message----- From: Olivier Bilodeau [mailto:[email protected]] Sent: 22 February 2011 13:31 To: [email protected] Subject: Re: [Packetfence-users] 3Com 4200G, VLAN assignment and DHCP WAS (VLAN assignment and DHCP) Hi Mark, Looking at the 3Com code I realize that it is using only Telnet. Most likely a limitation of our module that could be fixed. The quality of this module is sub-standard and the port-security is identified as not-tested according to our source code history. Do you have a lot of these? If you do, I would recommend telling your network vendor about PacketFence and telling them to get in touch with us to improve their product's support in PacketFence. I believe we could support port-security over SNMP with these (fastest and safest technique). For now, can you try with Telnet instead of SSH? Checking the port-status would help us to see if it is a port-security problem or a trunk/DHCPd one. On the 4200G > system-view ] dis current-configuration interface GigabitEthernet 1/0/1 and we are interested in the mac-address static ... entry Also looking at the packetfence logs in /usr/local/pf/logs/packetfence.log is pretty important for troubleshooting pf. Make sure you try that. Thanks, On 22/02/11 4:16 AM, Mark Holmes wrote: > Jake, > > Thanks for the reply. > > It is seeing the port up/down. I'm about to do a packet cap to make sure > that it's sending DHCPREQUEST, but I have no reason to suspect it isn't - I > think that it sends the request but dhcpd on the PF box never see's it. > > Regards, > > Mark > > > > > -----Original Message----- > From: Sallee, Stephen (Jake) [mailto:[email protected]] > Sent: 21 February 2011 19:40 > To: [email protected] > Subject: Re: [Packetfence-users] Fwd: VLAN assignment and DHCP > > Check to make sure the client is seeing the port go down, I have seen in > windows if the port goes down and comes back too fast the client will not > notice the change and will not arp for a new dhcp address. > > Jake Sallee > Godfather Of Bandwidth > Network Engineer > > Fone: 254-295-4658 > Phax: 254-295-4221 > > > -----Original Message----- > From: Mark Holmes [mailto:[email protected]] > Sent: Monday, February 21, 2011 10:20 AM > To: [email protected] > Subject: Re: [Packetfence-users] Fwd: VLAN assignment and DHCP > > Yes, my production DHCP server will handle IP addresses for the production > network. > > There is no overlapping of scopes at all. > > Reg and Iso vlans are handled by dhcpd on pf box > > Production networks are handled by dhcp on a separate server. I have > interfaces with a dhcplistener running on them so pf can 'see' the dhcp > traffic on the production nets as per the manual. > > As I said, dhcpd is configured correctly as if I put a port into the reg vlan > manually via the switch CLI it picks up an IP - it's just when Packetfence > puts the port into reg vlan, no dhcp request is ever receieved on the pf box > and so the client doesn't get an IP. > > Thanks, > > Mark > > > > > > > -----Original Message----- > From: Manueco, Antonio [mailto:[email protected]] > Sent: 21 February 2011 15:29 > To: [email protected] > Subject: Re: [Packetfence-users] Fwd: VLAN assignment and DHCP > > Who's leasing the IP's for your Production (Normal) VLAN? This should be a > DHCP server in your production VLAN that gives you the correct IP and DNS > information once you've registered with PF. Make sure the scopes don't > overlap with the PF DHCP ranges. > > > > > -----Original Message----- > From: Mark Holmes [mailto:[email protected]] > Sent: Monday, February 21, 2011 6:28 AM > To: [email protected] > Subject: Re: [Packetfence-users] Fwd: VLAN assignment and DHCP > > I do, yes. I'm using pf as the dhcp for the reg and iso VLANS. > > I know dhcpd is working correctly, as if I manually put a port into the > registration VLAN using the switch CLI it picks up an IP in the registration > range. > > Thanks, > > Mark > > > > > -----Original Message----- > From: Manueco, Antonio [mailto:[email protected]] > Sent: 21 February 2011 03:05 > To: [email protected] > Subject: Re: [Packetfence-users] Fwd: VLAN assignment and DHCP > > Do you have a DHCP server listening on that VLAN? > > -Antonio Manueco > > Sent via Mobile. > > On Feb 20, 2011, at 7:04 PM, Mark Holmes<[email protected]> > wrote: > >> >> Anyone have any thoughts on this? >> >> Thanks, >> >> Mark >> >> From: Mark Holmes >> <[email protected]<mailto:[email protected]>> >> Date: 18 February 2011 09:37:11 GMT >> To: >> "'[email protected]<mailto:packetfence-users@lis >> ts.sourceforge.net>'" >> <[email protected]<mailto:packetfence-users@list >> s.sourceforge.net>> >> Subject: [Packetfence-users] VLAN assignment and DHCP >> Reply-To: >> "[email protected]<mailto:packetfence-users@list >> s.sourceforge.net>" >> <[email protected]<mailto:packetfence-users@list >> s.sourceforge.net>> >> >> Hi all, >> >> I have got Packetfence set up, it's putting ports into the various VLANS >> (registration, main network etc) correctly but then once the port has >> changed, nothing happens and the DHCP request times out. >> >> I'm using port security as that is supported with this switch (a 3Com >> 4200G) >> >> >> For example >> ----------- >> Connect new machine >> >> Port put into VLAN 50 by PF (registration VLAN) - I confirm this on >> the switch >> >> But no answer from DHCP on registration network (dhcpd running on PF) >> >> Same if I register the machine (via the admin console) and put plug it in - >> the port goes into the correct VLAN, but DHCP doesn't get an answer. >> >> Running tcpdump on the registration interface shows no dhcp request is >> received on the registration interface of the PF box. >> >> If I manually put another port into the registration VLAN and plug into >> that, it gets an IP from the reg subnet and when I then open a browser the >> registration page appears - so the dhcpd is configured correctly etc. >> >> Any ideas, anyone? >> >> Cheers, >> >> Mark >> >> >> >> >> ---------------------------------------------------------------------- >> -------- The ultimate all-in-one performance toolkit: Intel(R) >> Parallel Studio XE: >> Pinpoint memory and threading errors before they happen. >> Find and fix more than 250 security defects in the development cycle. >> Locate bottlenecks in serial and parallel code that limit performance. >> http://p.sf.net/sfu/intel-dev2devfeb >> _______________________________________________ >> Packetfence-users mailing list >> [email protected]<mailto:Packetfence-users@lists >> .sourceforge.net> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> ---------------------------------------------------------------------- >> -------- The ultimate all-in-one performance toolkit: Intel(R) >> Parallel Studio XE: >> Pinpoint memory and threading errors before they happen. >> Find and fix more than 250 security defects in the development cycle. >> Locate bottlenecks in serial and parallel code that limit performance. >> http://p.sf.net/sfu/intel-dev2devfeb >> _______________________________________________ >> Packetfence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > Pinpoint memory and threading errors before they happen. > Find and fix more than 250 security defects in the development cycle. > Locate bottlenecks in serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > Pinpoint memory and threading errors before they happen. > Find and fix more than 250 security defects in the development cycle. > Locate bottlenecks in serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > Pinpoint memory and threading errors before they happen. > Find and fix more than 250 security defects in the development cycle. > Locate bottlenecks in serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > Pinpoint memory and threading errors before they happen. > Find and fix more than 250 security defects in the development cycle. > Locate bottlenecks in serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > Pinpoint memory and threading errors before they happen. > Find and fix more than 250 security defects in the development cycle. > Locate bottlenecks in serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > Index, Search& Analyze Logs and other IT data in Real-Time with Splunk > Collect, index and harness all the fast moving IT data generated by your > applications, servers and devices whether physical, virtual or in the cloud. > Deliver compliance at lower cost and gain new business insights. > Free Software Download: http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Index, Search & Analyze Logs and other IT data in Real-Time with Splunk Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. Free Software Download: http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Index, Search & Analyze Logs and other IT data in Real-Time with Splunk Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. Free Software Download: http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
