I figured it out... snmp 3 was on for procurve manager and not allowing write
access to snmp1. Oh well now to the registration process. Thanks for all the
help!!! I did end up putting an interface in the switch management vlan which
works well.
David
From: Francois Gaudreault [mailto:[email protected]]
Sent: Wednesday, May 25, 2011 10:29 AM
To: [email protected]
Subject: Re: [Packetfence-users] Switch not changing VLANs
David,
Well, the best way to know it is to try it ;) That raise another question, why
the isolation VLAN is able to talk with your switches.... You should look at
this as well ;)
On 11-05-25 10:25 AM, Palmer, David W. wrote:
That could be it, Packetfence is in the same vlan as our servers not the switch
management vlan. Should I just create a eth0.302 (switch management vlan) or
move packetfence into that vlan?
David
From: Francois Gaudreault [mailto:[email protected]]
Sent: Wednesday, May 25, 2011 10:19 AM
To:
[email protected]<mailto:[email protected]>
Subject: Re: [Packetfence-users] Switch not changing VLANs
That's possible.
I think you need to access the SNMP from the management vlan of the switch,
otherwise it wont let you in. Does packetfence have an interface in that VLAN?
You should also check the default gateway of PF, and make sure it's the right
one.
On 11-05-25 10:13 AM, Palmer, David W. wrote:
The public has unrestricted access to the switch
SNMP Communities
Community Name : public
MIB View : Manager Write Access : Unrestricted
However, when I telnet into the switch from my packet fence server it shows a
connection from eth0.1011 (10.28.5.2) instead of eth0 (172.31.1.201). Could
this be what is causing this errer: " W 01/01/90 00:02:18 snmp: SNMP Security
access violation from 10.28.5.2"and therefore not changing vlans?
David
From: Francois Gaudreault [mailto:[email protected]]
Sent: Wednesday, May 25, 2011 9:48 AM
To:
[email protected]<mailto:[email protected]>
Subject: Re: [Packetfence-users] Switch not changing VLANs
Hi,
Those seems to be the SNMP Trap settings, you need to check the SNMP read-write
settings.
On 11-05-25 9:42 AM, Palmer, David W. wrote:
I added it the switch, here is my show snmp-server:
Trap Receivers
Link-Change Traps Enabled on Ports [All] : 27-52
Send Authentication Traps [No] : No
Address Community Events Sent Notify Type Retry Timeout
--------------------- --------------- ----------- ----------- ----- -------
172.31.1.201 public Not-INFO trap 3 15
From: Francois Gaudreault [mailto:[email protected]]
Sent: Wednesday, May 25, 2011 9:38 AM
To:
[email protected]<mailto:[email protected]>
Subject: Re: [Packetfence-users] Switch not changing VLANs
Hi,
It looks more like an SNMP access problem from PF to your switch. Make sure
the settings on the switch are properly configured, and that the SNMP
informations in the switches.conf file is correct.
May 25 05:10:54 pfsetvlan(1) ERROR: error creating SNMP v1 write connection to
172.30.2.79: No response from remote host '172.30.2.79' (pf::SNMP::connectWrite)
On 11-05-25 9:33 AM, Palmer, David W. wrote:
Hello All,
So I think that I am getting close to having packetfence work. I am now just
experiencing an issue getting the switch to change the vlan when a host is
plugged into the switch. It looks like the switch is talking to Packetfence on
the isolation network address (10.28.5.0) instead of the management interface
(172.31.1.201 ). Here is my configs / logs:
Switch: Procurve 2610
Normal Vlan 284, Registration Vlan 1010, Isolation Vlan 1011
Switch Log:
--------------------------------------------------------------------------------------
---- Reverse event Log listing: Events Since Boot ----
W 01/01/90 00:02:25 snmp: SNMP Security access violation from 10.28.5.2
W 01/01/90 00:02:23 snmp: SNMP Security access violation from 10.28.5.2
W 01/01/90 00:02:20 snmp: SNMP Security access violation from 10.28.5.2
W 01/01/90 00:02:18 snmp: SNMP Security access violation from 10.28.5.2
W 01/01/90 00:02:08 FFI: port 5 - Security Violation
I 01/01/90 00:01:45 ports: port 5 is now on-line
I 01/01/90 00:01:40 ports: port 5 is now off-line
I 01/01/90 00:01:14 mgr: SME TELNET from 172.28.4.32 - MANAGER Mode
I 01/01/90 00:00:37 ip: SwitchMGT: network enabled on 172.30.2.79
I 01/01/90 00:00:36 vlan: Isolation virtual LAN enabled
I 01/01/90 00:00:36 vlan: Registration virtual LAN enabled
I 01/01/90 00:00:36 vlan: SwitchMGT virtual LAN enabled
I 01/01/90 00:00:36 vlan: DEFAULT_VLAN virtual LAN enabled
I 01/01/90 00:00:36 ports: port 48 is now on-line
W 01/01/90 00:00:36 FFI: port 5 - Security Violation
I 01/01/90 00:00:36 vlan: HubbardAdmin virtual LAN enabled
I 01/01/90 00:00:36 ports: port 5 is now on-line
I 01/01/90 00:00:33 lldp: LLDP - enabled
I 01/01/90 00:00:33 cdp: CDP enabled
I 01/01/90 00:00:33 system: System Booted.
I 01/01/90 00:00:33 tftp: Enable succeeded
I 01/01/90 00:00:33 stack: Stack Protocol enabled
I 01/01/90 00:00:33 udpf: DHCP relay agent feature enabled
--------------------------------------------------------------------------------
Packetfence.log
---------------------------------------------------------------------------------
May 25 05:09:44 pfsetvlan(21) INFO: ignoring unknown trap:
2011-05-25|09:09:40|UDP: [172.30.2.79]:161|172.30.2.79|BEGIN TYPE 0 END TYPE
BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS END VARIABLEBINDING$
May 25 05:09:59 pfdhcplistener(6923) INFO: DHCPINFORM from 00:24:8c:dc:1f:71
(172.31.90.4) (main::listen_dhcp)
May 25 05:10:44 pfsetvlan(22) INFO: ignoring unknown trap:
2011-05-25|09:10:40|UDP: [172.30.2.79]:161|172.30.2.79|BEGIN TYPE 6 END TYPE
BEGIN SUBTYPE .5 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.4.1.11.2.1$
May 25 05:10:46 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads
running: 0 (main::startTrapHandlers)
May 25 05:10:46 pfsetvlan(1) INFO: secureMacAddrViolation trap received on
172.30.2.79 ifIndex 5 for 00:22:41:21:e7:49 (main::handleTrap)
May 25 05:10:46 pfsetvlan(1) INFO: Will try to check on this node's previous
switch if secured entry needs to be removed. Old Switch IP: 172.30.2.79
(main::do_port_security)
May 25 05:10:47 pfsetvlan(1) INFO: MAC not found on node's previous switch
secure table or switch inaccessible. (main::do_port_security)
May 25 05:10:50 pfsetvlan(1) INFO: MAC: 00:22:41:21:e7:49 is of status unreg;
belongs into registration VLAN (pf::vlan::getRegistrationVlan)
May 25 05:10:50 pfsetvlan(1) INFO: authorizing 00:22:41:21:e7:49 at new
location 172.30.2.79 ifIndex 5 (main::handleTrap)
May 25 05:10:52 pfsetvlan(24) INFO: ignoring unknown trap:
2011-05-25|09:10:50|UDP: [172.30.2.79]:161|172.30.2.79|BEGIN TYPE 6 END TYPE
BEGIN SUBTYPE .2 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.16.9.1$
May 25 05:10:54 pfsetvlan(1) ERROR: error creating SNMP v1 write connection to
172.30.2.79: No response from remote host '172.30.2.79' (pf::SNMP::connectWrite)
May 25 05:10:54 pfsetvlan(25) INFO: ignoring unknown trap:
2011-05-25|09:10:52|UDP: [172.30.2.79]:161|172.30.2.79|BEGIN TYPE 6 END TYPE
BEGIN SUBTYPE .2 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.16.9.1$
May 25 05:10:58 pfsetvlan(21) INFO: ignoring unknown trap:
2011-05-25|09:10:56|UDP: [172.30.2.79]:161|172.30.2.79|BEGIN TYPE 6 END TYPE
BEGIN SUBTYPE .2 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.16.9.1$
May 25 05:11:00 pfsetvlan(1) ERROR: error creating SNMP v1 write connection to
172.30.2.79: No response from remote host '172.30.2.79' (pf::SNMP::connectWrite)
May 25 05:11:00 pfsetvlan(1) INFO: finished (main::cleanupAfterThread)
May 25 05:11:00 pfsetvlan(22) INFO: ignoring unknown trap:
2011-05-25|09:10:58|UDP: [172.30.2.79]:161|172.30.2.79|BEGIN TYPE 6 END TYPE
BEGIN SUBTYPE .2 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.16.9.1$
----------------------------------------------------------------------------
Thanks,
David
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
Packetfence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
[email protected]<mailto:[email protected]> :: +1.514.447.4918
(x130) :: www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
Packetfence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
[email protected]<mailto:[email protected]> :: +1.514.447.4918
(x130) :: www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
Packetfence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
[email protected]<mailto:[email protected]> :: +1.514.447.4918
(x130) :: www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
Packetfence-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
[email protected]<mailto:[email protected]> :: +1.514.447.4918
(x130) :: www.inverse.ca<http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (www.sogo.nu<http://www.sogo.nu>) and
PacketFence (www.packetfence.org<http://www.packetfence.org>)
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
