Can you give us some more lines in your packetfence.log? One line won't help. Maybe you should turn on debug logging as well.
Otherwise, it will be hard to help. I am testing a Cisco 2960 with port-security and PF 2.1, and something > is happening that I think is not correct, so I will describe it below: > > > > 1) Cisco 2960 switch, running C2960-LANBASEK9-M 12.2(44)SE6 > > a. Configured with port-security per port > > i. > Global port-security settings: > > 1. snmp-server enable traps port-security > > 2. snmp-server enable traps port-security trap-rate 1 > > 3. mac address-table aging-time 3600 > > ii. > Interface level port-security settings: > > 1. switchport access vlan 321 > > 2. switchport mode access > > 3. switchport port-security maximum 1 vlan access > > 4. switchport port-security violation restrict > > 5. switchport port-security mac-address 0200.0001.0003 > > 6. spanning-tree portfast > > b. Vlan 321 is the isolation and mac-detection vlan. > > > > 2) When I connected an unregistered device to the port, the > packetfence log shows a port-security trap from the switch, and > packetfence added the MAC address to the database as an unregistered > device. > > 3) I edited the entry for the MAC address via the packetfence webUI > and set the entry to registered. > > 4) This entry then shows up in the packetfence log: > > a. pfcmd(0) WARN: Can't change VLAN for mac 34:15:9e:10:72:06 > because no open locationlog entry was found (main::vlan_reevaluation) > > 5) I disconnected the device, and reconnected it to the same port. > > 6) The packetfence log shows no port-security trap when the port > link comes up, but does show the dhcp requests that the device is making > > 7) The switchport the device is connected to is not changed to the > VLAN specified in packetfence > > 8) a "show run" on the switch shows the the interface level > settings have not changed at all > > 9) a "show port-security interface" on the switch for the port > shows: > > a. Port Security : Disabled > > b. Port Status : Secure-down > > c. Violation Mode : Restrict > > d. Aging Time : 0 mins > > e. Aging Type : Absolute > > f. SecureStatic Address Aging : Disabled > > g. Maximum MAC Addresses : 1 > > h. Total MAC Addresses : 1 > > i. Configured MAC Addresses : 1 > > j. Sticky MAC Addresses : 0 > > k. Last Source Address:Vlan : 0000.0000.0000:0 > > l. Security Violation Count : 0 > > > > So I have several questions: > > > > 1) After connecting the device the first time, packetfence did as > it should: learn the MAC address, set it to unreg, leave the port in the > unreg vlan. By why did it not go to the switch and set the vlan to the > registered devices vlan after I registered the device? > > 2) Why are subsequent clean connections by the same device to the > same port on the switch not generating any traps at all? > > > > I had expect to see a flow of operation such that when the device > connected, it would remain isolated, PF would learn the MAC, an admin > user in PF would set the device to registered, PF would then reconfigure > the switch port to reflect the registered state. > > > > What am I doing and/or understanding incorrectly? I am not using captive > portal, just PF admin manual reg state changes in the PF WebUI. > > > > ------------------------------------------------------------------------------ > Benefiting from Server Virtualization: Beyond Initial Workload > Consolidation -- Increasing the use of server virtualization is a top > priority.Virtualization can reduce costs, simplify management, and improve > application availability and disaster protection. Learn more about > boosting > the value of server virtualization. > http://p.sf.net/sfu/vmware-sfdev2dev_______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ Benefiting from Server Virtualization: Beyond Initial Workload Consolidation -- Increasing the use of server virtualization is a top priority.Virtualization can reduce costs, simplify management, and improve application availability and disaster protection. Learn more about boosting the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
