Hi Nicolas, > I figured it out... 12.2(44)SE6 version of IOS on the 2960 has bugs in > port-security, I upgraded the switch to 12.2(55)SE1 and the problem went > away completely. When collecting debug information as per your request, > I did a capture and found the switch was not emitting port-security > traps when it should....PacketFence can't react when the switch doesn't > send the traps ;)
Thanks for reporting. The picture around what IOS to use on the 2960 is getting blurrier. Here's the current documentation (http://www.packetfence.org/documentation/pod/SNMP/Cisco/Catalyst_2960.html) Firmwares - Recommended firmware is 12.2(55)SE1 - The absolute minimum required firmware version is 12.2(25)SEE2. - Port-security + VoIP mode works with firmware 12.2(44) and later. Earlier IOS were not explicitly tested. Known buggy firmwares - Port-Security - 12.2(55)SE is known to be broken, 12.2(55)SE1 is apparently fine - 12.2(44)SE6 is known to be buggy: not sending traps under certain circumstances - 12.2(50) is known to be problematic - Port-security + VoIP support doesn't work with IOS version 12.2(25r). See issue #1020 for details. - SNMPv3 - 12.2(52) doesn't work in SNMPv3 > Apr 21 13:37:09 pfsetvlan(11) WARN: new VLAN is not a managed VLAN -> > replacing VLAN with MAC detection VLAN 321 (pf::SNMP::setVlan) > Apr 21 13:37:09 pfsetvlan(11) INFO: finished (main::cleanupAfterThread) I saw that you solved your problem but just a quick hint: you can see that there are two spaces after "new VLAN" so the VLAN returned by getNormalVlan was probably an empty string (or undef). -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
