Hey Francois, Thanks for the help. I can use pfcmd_vlan and it will assign the vlan fine for me....it says when i try and set as the default one (#1) this: [user@pf-001 bin]$ ./pfcmd_vlan -setVlan -vlan 1 -ifIndex 2 -switch 192.168.23.51 -verbose 3 DEBUG - instantiating new SwitchFactory object DEBUG - reading config file /usr/local/pf/conf/switches.conf DEBUG - creating new pf::SNMP::Dlink::DGS_3100 object DEBUG - start handling 'setVlan' command WARN - new VLAN 1 is not defined on switch 192.168.23.51 -> replacing VLAN 1 with MAC detection VLAN 400 DEBUG - Database statements not prepared, preparing... DEBUG - Preparing pf::locationlog database queries DEBUG - function pf::db::get_db_handle is calling db_connect DEBUG - checking handle DEBUG - (Re)Connecting to MySQL (thread id: 0) DEBUG - connected DEBUG - latest locationlog entry is still accurate DEBUG - Database statements not prepared, preparing... DEBUG - Preparing pf::node database queries new VLAN: 200 DEBUG - finished handling 'setVlan' command [user@pf-001 bin]$
>From packetfence.log when a user logs in and registers: Jul 12 10:41:39 pfcmd(0) INFO: pfcmd calling node_modify for 00:1e:37:8a:40:7C (main::command_param) Jul 12 10:41:39 pfcmd(0) INFO: VLAN isolation is enabled and node_modify is part of adjustswitchportvlanreasons (main::vlan_reevaluation) Jul 12 10:41:39 pfcmd(0) INFO: 00:1e:37:8a:40:7C is currentlog connected at 192.168.23.51 ifIndex 2 in VLAN 400 (main::vlan_reevaluation) Jul 12 10:41:39 pfcmd(0) INFO: MAC: 00:1e:37:8a:40:7C is of status unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan) Jul 12 10:41:39 pfcmd(0) INFO: calling /usr/local/pf/bin/flip.pl for node 00:1e:37:8a:40:7C (current VLAN = 400 but should be in VLAN 200) (main::vlan_reevaluation) Jul 12 10:41:39 flip.pl(0) INFO: flip.pl called with 00:1e:37:8a:40:7C (main::) Jul 12 10:41:39 flip.pl(0) INFO: switch port for 00:1e:37:8a:40:7C is 192.168.23.51 ifIndex 2 connection type: Wired SNMP (main::) Jul 12 10:41:41 pfsetvlan(23) INFO: local (127.0.0.1) trap for switch 192.168.23.51 (main::parseTrap) Jul 12 10:41:41 pfsetvlan(15) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Jul 12 10:41:41 pfsetvlan(15) INFO: reAssignVlan trap received on 192.168.23.51 ifIndex 2 (main::handleTrap) Jul 12 10:41:41 pfsetvlan(15) INFO: no security traps are configured on 192.168.23.51 ifIndex 2. Flipping port admin status (main::handleTrap) Weird how it says its in VLAN400 and should be in 200 but on the switch its showing it as in 200 and getting dhcp ip from registration. On Tue, Jul 12, 2011 at 2:59 PM, Francois Gaudreault <[email protected]> wrote: > Hi John, > > Remember that with MAC Auth (or 802.1X) *everything* the magic is done > by RADIUS. So do not change the port to another VLAN using SNMP, let > RADIUS decides the VLAN. However, we need SNMP to do a port bounce, > ensure that the write community string is properly setup and that the > rights for that community on the switch is correct. > > Can you jump your log settings to DEBUG (conf/log.conf), restart > packetfence, do your tests, and post your packetfence.log here? > > Thanks. > > On 11-07-12 2:46 PM, John Corps wrote: >> Thank you Francois. I have got it working now beautifully. The only >> issue I seem to be having is when in the registration VLAN, the user >> registers etc and they are not put into the normal vlan...looking at >> the packetfence.log file, it states that no security traps are >> configured on the switch. Manually running the pfcmd to put the port >> into a different vlan works fine, but if I tell it to put it in the >> default vlan #1 it says that this vlan is not defined. Any ideas? >> >> Thanks >> >> On Mon, Jul 11, 2011 at 3:55 PM, Francois Gaudreault >> <[email protected]> wrote: >>> Hi John, >>> >>> Dlink 3100 module is only working (tested) using MAC Authentication or >>> 802.1X running the latest available software. You need the latest to >>> benefits from the Dynamic VLAN assignments. >>> You should look in the DLINK configuration guide how to do it. In fact, >>> the 3100 appears to be configured for MAC Auth using a variation of the >>> 802.1X. Something like MAC Based authentication instead of port-based. >>> >>> >>> On 11-07-11 3:27 PM, John Corps wrote: >>>> Hello, >>>> >>>> Does anyone have examples on how to configure the 4 VLANS on a DLINK >>>> 3100 switch? I am sure i am over thinking this but I can't seem to >>>> wrap my head around on what exactly needs to be done on the switch >>>> itself. I have created the 4 vlans i need, 2 - registration, 3 - >>>> isolation, 4 - mac detect and 5 - guest. I am not to sure what else >>>> has to be done now on the switch.....if anyone has some insight, that >>>> would be great. >>>> >>>> ------------------------------------------------------------------------------ >>>> All of the data generated in your IT infrastructure is seriously valuable. >>>> Why? It contains a definitive record of application performance, security >>>> threats, fraudulent activity, and more. Splunk takes this data and makes >>>> sense of it. IT sense. And common sense. >>>> http://p.sf.net/sfu/splunk-d2d-c2 >>>> _______________________________________________ >>>> Packetfence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>> >>> -- >>> Francois Gaudreault, ing. jr >>> [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence >>> (www.packetfence.org) >>> >>> >>> ------------------------------------------------------------------------------ >>> All of the data generated in your IT infrastructure is seriously valuable. >>> Why? It contains a definitive record of application performance, security >>> threats, fraudulent activity, and more. Splunk takes this data and makes >>> sense of it. IT sense. And common sense. >>> http://p.sf.net/sfu/splunk-d2d-c2 >>> _______________________________________________ >>> Packetfence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> ------------------------------------------------------------------------------ >> AppSumo Presents a FREE Video for the SourceForge Community by Eric >> Ries, the creator of the Lean Startup Methodology on "Lean Startup >> Secrets Revealed." This video shows you how to validate your ideas, >> optimize your ideas and identify your business strategy. >> http://p.sf.net/sfu/appsumosfdev2dev >> _______________________________________________ >> Packetfence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > > > -- > Francois Gaudreault, ing. jr > [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > > ------------------------------------------------------------------------------ > AppSumo Presents a FREE Video for the SourceForge Community by Eric > Ries, the creator of the Lean Startup Methodology on "Lean Startup > Secrets Revealed." This video shows you how to validate your ideas, > optimize your ideas and identify your business strategy. > http://p.sf.net/sfu/appsumosfdev2dev > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on "Lean Startup Secrets Revealed." This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
