Thomas,
Here is the mac-security settings on the 470
pfence-rtr(config)#show mac-security config
MAC Address Security: Enabled
MAC Address Security SNMP-Locked: Disabled
Partition Port on Intrusion Detected: Disabled
DA Filtering on Intrusion Detected: Enabled
Generate SNMP Trap on Intrusion: Enabled
MAC Auto-Learning Age-Time: 60 minutes
Current Learning Mode: Disabled
Learn by Ports: NONE
port 18 mac-security (the random port I have been testing with)
pfence-rtr(config)#show mac-security port 18
Port Trunk Security Auto-Learning MAC Number
---- ----- -------- ------------- ----------
18 Enabled Disabled 2
mac-securtity table
pfence-rtr(config)#show mac-security mac-address-table
Port Allowed MAC Address Automatic
---- ------------------- ---------
Security List Allowed MAC Address Automatic
------------- ------------------- ---------
pf.log when port 18 is connected
Mar 02 13:45:55 pfsetvlan(11) INFO: up trap received on <IP> ifIndex 18
(main::handleTrap)
Mar 02 13:45:55 pfsetvlan(11) INFO: setting <IP> port 18 to MAC detection
VLAN (main::handleTrap)
Argument "noSuchInstance" isn't numeric in numeric ge (>=) at
/usr/local/pf/lib/pf/SNMP/Nortel.pm line 533 (#1)
(W numeric) The indicated string was fed as an argument to an operator
that expected a numeric value instead. If you're fortunate the message
will identify which operator was so unfortunate.
Mar 02 13:45:56 pfsetvlan(11) INFO: MAC: 00:16:cb:89:6b:50 is of status
unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Mar 02 13:45:56 pfsetvlan(11) INFO: finished (main::cleanupAfterThread)
Mar 02 13:45:57 pfsetvlan(21) INFO: secureMacAddrViolation trap on
137.143.212.20 ifIndex 18. Port Security is no longer configured on the
port. Flush the trap (main::signalHandlerTrapListQueued)
The port (18) is properly assigned vlan 102, but remains blocked due to
mac-security and pf's 'noSuchInstance' error seen above.
As mentioned in the ticket, I snmpwalk returns
SNMPv2-SMI::enterprises.45.1.6.5.3.10.1.4 = No Such Instance currently
exists at this OID.
Doing a snmpwalk on enterpirse shows that 45.1.6.5.3.10 is missing on the
470 and 5510.
snmpwalk -v 2c -c<BLAH> <IP> enterprise
...
SNMPv2-SMI::enterprises.45.1.6.5.3.7.0 = INTEGER: 448
SNMPv2-SMI::enterprises.45.1.6.5.3.8.0 = INTEGER: 0
SNMPv2-SMI::enterprises.45.1.6.5.3.9.0 = INTEGER: 0
SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.1.1.1.0.0.0.0.0.0 = INTEGER: 1
SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.2.1.1.0.0.0.0.0.0 = INTEGER: 1
SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.3.1.1.0.0.0.0.0.0 = Hex-STRING: 00
00 00 00 00 00
SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.4.1.1.0.0.0.0.0.0 = INTEGER: 1
SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.5.1.1.0.0.0.0.0.0 = INTEGER: 5
SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.6.1.1.0.0.0.0.0.0 = INTEGER: 1
SNMPv2-SMI::enterprises.45.1.6.5.3.12.1.1.1.1 = INTEGER: 1
SNMPv2-SMI::enterprises.45.1.6.5.3.12.1.1.1.2 = INTEGER: 1
...
Have I misconfigured / overlooked something?
-Ron
>
> Ron and Ereli,
>
> I tested PacketFence with Nortel 425s, 470s and 5510s. They all worked.
> Right now we only have our wireless networks using PacketFence. Over the
> summer I plan on configuring the Nortel edge switches located in our Dorms
> to use MAC Security with PacketFence.
>
> Are you sure you PF installation is fully functional? I don't remember
> having to do much to my switches other than follow the Admin Guide and
> edit the switches config. PacketFence was already confgured and working
> with my wireless network when I setup the Nortel switches.
>
> I'd be happy to share my Nortel or PF configs.
>
> Regards,
>
> Thomas
>
>
> Thomas Woody
> Computer Systems Support Analyst
> Loyola University New Orleans
> Office: 504.865.2792
> Mobile: 504.258.9920
>
>
> ------------------------------------------------------------------------------
> Free Software Download: Index, Search & Analyze Logs and other IT data in
> Real-Time with Splunk. Collect, index and harness all the fast moving IT
> data
> generated by your applications, servers and devices whether physical,
> virtual
> or in the cloud. Deliver compliance at lower cost and gain new business
> insights. http://p.sf.net/sfu/splunk-dev2dev
> _______________________________________________
> Packetfence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in
Real-Time with Splunk. Collect, index and harness all the fast moving IT data
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business
insights. http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
