Looks like PF tries to determine if the connected device is a VoIP
before the devices is added to the PF DB
...
Mar 04 09:34:22 pfsetvlan(5) INFO: creating new
pf::SNMP::Nortel::BayStack470 object (pf::SwitchFactory::instantiate)
Mar 04 09:34:22 pfsetvlan(5) INFO: $VAR1 = {
'type' => 'Nortel::BayStack470',
'mode' => 'production',
'uplink' => '1',
'voiceVlan' => '5',
'VoIPEnabled' => 'yes'
};
(pf::SwitchFactory::instantiate)
Mar 04 09:34:22 pfsetvlan(5) INFO: secureMacAddrViolation trap received
on <IP> ifIndex 18 for 00:0e:08:d8:96:1a (main::handleTrap)
Mar 04 09:34:22 pfsetvlan(5) INFO: isVoipEnabled = 1
(pf::SNMP::Nortel::isVoIPEnabled)
Mar 04 09:34:22 pfsetvlan(5) INFO: determining DHCP fingerprint info for
00:0e:08:d8:96:1a (pf::SNMP::isPhoneAtIfIndex)
Mar 04 09:34:22 pfsetvlan(5) INFO: isVoipEnabled = 1
(pf::SNMP::Nortel::isVoIPEnabled)
Mar 04 09:34:22 pfsetvlan(5) INFO: isVoipEnabled = 1
(pf::SNMP::Nortel::isVoIPEnabled)
Mar 04 09:34:22 pfsetvlan(5) INFO: node 00:0e:08:d8:96:1a does not yet
exist in PF database. Adding it now (main::node_update_PF)
...
Mar 04 09:25:21 pfdhcplistener(29846) DEBUG: violation not added, no
trigger found for os::3 or violation is disabled
(pf::violation::violation_trigger)
Mar 04 09:25:21 pfdhcplistener(29846) INFO: 00:0e:08:d8:96:1a requested
an IP. DHCP Fingerprint: OS::308 (Sipura VoIP Adaptor). Modifying node
with last_dhcp = 2011-03-04 09:25:21,computername =
SipuraSPA,dhcp_fingerprint = 1,3,42,6,7,15,58,59,44,66 (main::listen_dhcp)
...
Mar 04 09:34:30 pfsetvlan(7) INFO: determining through discovery
protocols if <IP> ifIndex 18 has VoIP phone connected
(pf::SNMP::hasPhoneAtIfIndex)
Mar 04 09:34:30 pfsetvlan(7) INFO: isVoipEnabled = 1
(pf::SNMP::Nortel::isVoIPEnabled)
Mar 04 09:34:30 pfsetvlan(7) INFO: isVoipEnabled = 1
(pf::SNMP::Nortel::isVoIPEnabled)
Mar 04 09:34:30 pfsetvlan(7) INFO: MAC: 00:0e:08:d8:96:1a, PID: 1,
Status: reg. Returned VLAN: 11 (pf::vlan::fetchVlanForNode)
Mar 04 09:34:31 pfsetvlan(7) INFO: setting VLAN at <IP> ifIndex 18 from
102 to 11 (pf::SNMP::setVlan)
Running a watered down node_view_with_fingerprint_sql reveals that this
is a VoIP Phone:
mysql> SELECT node.mac, node.pid, node.voip, node.bypass_vlan,
node.status, IFNULL(os_class.description, ' ') as dhcp_fingerprint
FROM node LEFT JOIN dhcp_fingerprint ON
node.dhcp_fingerprint=dhcp_fingerprint.fingerprint JOIN os_mapping ON
dhcp_fingerprint.os_id=os_mapping.os_type LEFT JOIN os_class
ON os_mapping.os_class=os_class.class_id GROUP BY node.mac
HAVING node.mac='00:0e:08:d8:96:1a';
+-------------------+-----+------+-------------+--------+----------------------+
| mac | pid | voip | bypass_vlan | status |
dhcp_fingerprint |
+-------------------+-----+------+-------------+--------+----------------------+
| 00:0e:08:d8:96:1a | 1 | no | | reg | VoIP
Phones/Adapters |
+-------------------+-----+------+-------------+--------+----------------------+
1 row in set (0.00 sec)
Also looks like I need check into LLDP on this 470
-Ron
On 3/3/2011 5:03 PM, Ronald J. Yacketta wrote:
> Hello all!
>
> Currently attempting setup PF to autoreg VoIP phones based on DHCP
> Fingerprinting. The VoIP is auto registered, but is not seen as a VoIP
> device and thus put into the incorrect VLAN.
>
> Using BayStack 470-48T
>
> updated violations.conf
> [1200003]
> desc=Auto-registered Device
> priority=1
> trigger=OS::308
> actions=log,autoreg,email
> disable=N
>
> pf.log
>
> Mar 03 16:42:45 pfsetvlan(4) INFO: secureMacAddrViolation trap received
> on 137.143.212.20 ifIndex 18 for 00:0e:08:d8:96:1a (main::handl
> eTrap)
> Mar 03 16:42:45 pfsetvlan(4) INFO: node 00:0e:08:d8:96:1a does not yet
> exist in PF database. Adding it now (main::node_update_PF)
> Mar 03 16:42:45 pfsetvlan(4) WARN: unable to fetch first board index.
> Will assume it's 1 (pf::SNMP::Nortel::getFirstBoardIndex)
> Mar 03 16:42:45 pfsetvlan(4) WARN: unable to fetch first board index.
> Will assume it's 1 (pf::SNMP::Nortel::getFirstBoardIndex)
> Mar 03 16:42:45 pfsetvlan(4) INFO: MAC: 00:0e:08:d8:96:1a is of status
> unreg; belongs into registration VLAN (pf::vlan::getRegistration
> Vlan)
> Mar 03 16:42:45 pfsetvlan(4) INFO: authorizing 00:0e:08:d8:96:1a at new
> location 137.143.212.20 ifIndex 18 (main::handleTrap)
> Mar 03 16:42:45 pfsetvlan(4) WARN: unable to fetch first board index.
> Will assume it's 1 (pf::SNMP::Nortel::getFirstBoardIndex)
> Mar 03 16:42:45 pfsetvlan(4) INFO: finished (main::cleanupAfterThread)
> Mar 03 16:42:45 pfsetvlan(5) INFO: nb of items in queue: 1; nb of
> threads running: 0 (main::startTrapHandlers)
> Mar 03 16:42:45 pfsetvlan(5) INFO: up trap received on 137.143.212.20
> ifIndex 18 (main::handleTrap)
> Mar 03 16:42:45 pfsetvlan(5) WARN: unable to fetch first board index.
> Will assume it's 1 (pf::SNMP::Nortel::getFirstBoardIndex)
> Mar 03 16:42:45 pfsetvlan(5) INFO: security traps are configured on this
> switch port. Stopping UP trap handling here (main::handleTrap)
> Mar 03 16:42:45 pfsetvlan(5) INFO: finished (main::cleanupAfterThread)
> Mar 03 16:42:48 pfdhcplistener(18579) INFO: calling
> '/usr/local/pf/bin/pfcmd violation add
> vid=1200003,mac=00:0e:08:d8:96:1a' (trigger
> os::308) (pf::violation::violation_trigger)
> Mar 03 16:42:48 pfcmd(0) INFO: pfcmd calling violation_add for
> 00:0e:08:d8:96:1a (main::command_param)
> Mar 03 16:42:48 pfcmd(0) INFO: grace expired on violation 1200003 for
> node 00:0e:08:d8:96:1a (pf::violation::violation_add)
> Mar 03 16:42:48 pfcmd(0) INFO: violation 1200003 added for
> 00:0e:08:d8:96:1a (pf::violation::violation_add)
> Mar 03 16:42:48 pfcmd(0) INFO: executing action 'autoreg' on class
> 1200003 (pf::action::action_execute)
> Mar 03 16:42:48 pfcmd(0) INFO: executing action 'email' on class 1200003
> (pf::action::action_execute)
> Mar 03 16:42:49 pfcmd(0) INFO: email regarding 'PF Alert:
> Auto-registered Device detection on 00:0e:08:d8:96:1a' sent to
> yacketrj@potsd
> am.edu (pf::util::pfmailer)
> Mar 03 16:42:49 pfcmd(0) INFO: executing action 'log' on class 1200003
> (pf::action::action_execute)
> Mar 03 16:42:49 pfcmd(0) WARN: unable to resolve 00:0e:08:d8:96:1a to ip
> (pf::iplog::mac2ip)
> Mar 03 16:42:49 pfcmd(0) INFO: /usr/local/pf/logs/violation.log
> 2011-03-03 16:42:49: Auto-registered Device (1200003) detected on node
> 00:0e:08:d8:96:1a (0) (pf::action::action_log)
> Mar 03 16:42:49 pfcmd(0) INFO: this is a non-trap violation, closing
> violation entry now (pf::action::action_execute)
> Mar 03 16:42:49 pfcmd(0) INFO: violation 1200003 force-closed for
> 00:0e:08:d8:96:1a (pf::violation::violation_force_close)
> Mar 03 16:42:49 pfcmd(0) INFO: VLAN isolation is enabled and
> violation_add is part of adjustswitchportvlanreasons (main::vlan_reevaluat
> ion)
> Mar 03 16:42:49 pfcmd(0) INFO: 00:0e:08:d8:96:1a is currentlog connected
> at 137.143.212.20 ifIndex 18 in VLAN 102 (main::vlan_reevaluat
> ion)
> Mar 03 16:42:49 pfcmd(0) INFO: MAC: 00:0e:08:d8:96:1a, PID: 1, Status:
> reg. Returned VLAN: 11 (pf::vlan::fetchVlanForNode)
> Mar 03 16:42:49 pfcmd(0) INFO: calling /usr/local/pf/bin/flip.pl for
> node 00:0e:08:d8:96:1a (current VLAN = 102 but should be in VLAN 1
> 1) (main::vlan_reevaluation)
> Mar 03 16:42:50 flip.pl(0) INFO: flip.pl called with 00:0e:08:d8:96:1a
> (main::)
> Mar 03 16:42:50 flip.pl(0) INFO: switch port for 00:0e:08:d8:96:1a is
> 137.143.212.20 ifIndex 18 connection type: Wired SNMP (main::)
> Mar 03 16:42:50 pfdhcplistener(18579) INFO: 00:0e:08:d8:96:1a requested
> an IP. DHCP Fingerprint: OS::308 (Sipura VoIP Adaptor). Modifyi
> ng node with last_dhcp = 2011-03-03 16:42:50,computername =
> SipuraSPA,dhcp_fingerprint = 1,3,42,6,7,15,58,59,44,66 (main::listen_dhcp)
> Mar 03 16:42:50 pfdhcplistener(18579) INFO: DHCPOFFER from 10.102.1.254
> (52:54:00:cf:9a:c2) to host 00:0e:08:d8:96:1a (10.102.1.199) (m
> ain::listen_dhcp)
> Mar 03 16:42:50 pfdhcplistener(18579) INFO: 118 grace remaining on
> violation 1200003 (trigger os::308) for node 00:0e:08:d8:96:1a. Not
> adding violation. (pf::violation::violation_trigger)
> Mar 03 16:42:50 pfdhcplistener(18579) INFO: 00:0e:08:d8:96:1a requested
> an IP. DHCP Fingerprint: OS::308 (Sipura VoIP Adaptor). Modifyi
> ng node with last_dhcp = 2011-03-03 16:42:50,computername =
> SipuraSPA,dhcp_fingerprint = 1,3,42,6,7,15,58,59,44,66 (main::listen_dhcp)
> Mar 03 16:42:50 pfdhcplistener(18579) INFO: DHCPOFFER from 10.102.1.254
> (52:54:00:cf:9a:c2) to host 00:0e:08:d8:96:1a (10.102.1.199) (m
> ain::listen_dhcp)
> Mar 03 16:42:53 pfsetvlan(25) INFO: local (127.0.0.1) trap for switch
> 137.143.212.20 (main::parseTrap)
> Mar 03 16:42:53 pfsetvlan(7) INFO: nb of items in queue: 1; nb of
> threads running: 0 (main::startTrapHandlers)
> Mar 03 16:42:54 pfdhcplistener(18579) INFO: 114 grace remaining on
> violation 1200003 (trigger os::308) for node 00:0e:08:d8:96:1a. Not
> adding violation. (pf::violation::violation_trigger)
> Mar 03 16:42:54 pfsetvlan(7) INFO: reAssignVlan trap received on
> 137.143.212.20 ifIndex 18 (main::handleTrap)
> Mar 03 16:42:54 pfsetvlan(7) WARN: unable to fetch first board index.
> Will assume it's 1 (pf::SNMP::Nortel::getFirstBoardIndex)
> Mar 03 16:42:54 pfsetvlan(7) INFO: security traps are configured on
> 137.143.212.20 ifIndex 18. Re-assigning VLAN for 00:0e:08:d8:96:1a
> (main::handleTrap)
> Mar 03 16:42:54 pfdhcplistener(18579) INFO: 00:0e:08:d8:96:1a requested
> an IP. DHCP Fingerprint: OS::308 (Sipura VoIP Adaptor). Modifyi
> ng node with last_dhcp = 2011-03-03 16:42:54,computername =
> SipuraSPA,dhcp_fingerprint = 1,3,42,6,7,15,58,59,44,66 (main::listen_dhcp)
> Mar 03 16:42:54 pfdhcplistener(18579) INFO: DHCPOFFER from 10.102.1.254
> (52:54:00:cf:9a:c2) to host 00:0e:08:d8:96:1a (10.102.1.199) (m
> ain::listen_dhcp)
> Mar 03 16:42:54 pfsetvlan(7) WARN: couldn't get MAC at ifIndex 18. This
> is a problem. (pf::SNMP::_getMacAtIfIndex)
> Mar 03 16:42:54 pfsetvlan(7) INFO: MAC: 00:0e:08:d8:96:1a, PID: 1,
> Status: reg. Returned VLAN: 11 (pf::vlan::fetchVlanForNode)
> Mar 03 16:42:55 pfsetvlan(7) INFO: no VoIP phone is currently connected
> at 137.143.212.20 ifIndex 18. Flipping port admin status (main:
> :handleTrap)
>
>
> ------------------------------------------------------------------------------
> What You Don't Know About Data Connectivity CAN Hurt You
> This paper provides an overview of data connectivity, details
> its effect on application quality, and explores various alternative
> solutions. http://p.sf.net/sfu/progress-d2d
> _______________________________________________
> Packetfence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
