any1?
On Tue, Jul 12, 2011 at 4:54 PM, Paulo Maia <[email protected]> wrote:
> Updating ,
>
> I update the switch configuration refering to the guide in Documentation
> guide at the website
>
> switch configuraiton
>
> interface FastEthernet0/15
> switchport mode access
> switchport port-security maximum 1 vlan access
> switchport port-security
> switchport port-security violation restrict
> switchport port-security mac-address 0200.0001.0015
> snmp trap mac-notification added
>
> snmp-server enable traps port-security
> snmp-server enable traps port-security trap-rate 1
> snmp-server host 172.20.0.190 version 2c 1np@net_ro port-security
>
>
>
> tcpdump -i eth0 host 172.20.0.11
>
> 12:01:37.006396 IP 172.20.0.11.52527 > 172.20.0.190.snmptrap:
> C=1np@net_roV2Trap(139) system.sysUpTime.0=65838428 [|snmp]
> 12:01:38.013022 IP 172.20.0.11.52527 > 172.20.0.190.snmptrap:
> C=1np@net_roV2Trap(139) system.sysUpTime.0=65838529 [|snmp]
> 12:01:39.019618 IP 172.20.0.11.52527 > 172.20.0.190.snmptrap:
> C=1np@net_roV2Trap(139) system.sysUpTime.0=65838629 [|snmp]
> 12:01:40.999211 IP 172.20.0.11.52527 > 172.20.0.190.snmptrap:
> C=1np@net_roV2Trap(139) system.sysUpTime.0=65838827 [|snmp]
> 12:01:42.005930 IP 172.20.0.11.52527 > 172.20.0.190.snmptrap:
> C=1np@net_roV2Trap(139) system.sysUpTime.0=65838928 [|snmp]
> 12:01:43.012548 IP 172.20.0.11.52527 > 172.20.0.190.snmptrap:
> C=1np@net_roV2Trap(139) system.sysUpTime.0=65839029 [|snmp]
> 12:01:44.019088 IP 172.20.0.11.52527 > 172.20.0.190.snmptrap:
> C=1np@net_roV2Trap(139) system.sysUpTime.0=65839129 [|snmp]
> 12:01:45.998813 IP 172.20.0.11.52527 > 172.20.0.190.snmptrap:
> C=1np@net_roV2Trap(139) system.sysUpTime.0=65839327 [|snmp]
> 12:01:47.005536 IP 172.20.0.11.52527 > 172.20.0.190.snmptrap:
> C=1np@net_roV2Trap(139) system.sysUpTime.0=65839428 [|snmp]
>
> At this point i have the mac-address registed in packetfence the interface
> is connected but no conectivity . no ip address
>
> I dont know if im missing configuration in PacketFence idk if i have to
> set a violation rule to block the unknow mac-addresses
>
> Thanks ,
>
>
>
> On Tue, Jul 12, 2011 at 2:40 PM, Paulo Maia <[email protected]> wrote:
>
>> Hello Everyone on the list ,
>> This is my first post , So im trying to authenticate (allow) only the
>> mac-addresses i have registered in packetfence database i added then in
>> NODES
>> Im dont use dynamic vlan assigment so its static vlans , basicly i work
>> with class b adresses so i have 172.16 to 172.31 vlans and no guest vlan .
>> So i added a swich for testing in CONFIGURATION -> SWITCH , i have
>> configured the snmp comunity read key , and SNMP Trap Community key as well
>> . IP address 172.20.0.11
>>
>> cisco 2960
>> ....
>> .....
>> .....
>> #snmp-server enables traps
>> #snmp-server host 172.20.0.190 1np@net_ro
>>
>> 172.20.0.190 is my PacketFence address .
>>
>> This is the output of tcpdump -i eth0 host 172.20.0.11 (switch)
>> 10:34:10.510621 IP 172.20.0.11.51414 > 172.20.0.190.snmptrap:
>> C=1np@net_ro Trap(263) E:cisco.9.41.2 172.20.0.11 enterpriseSpecific s=1
>> 65313768[|snmp]
>> 10:34:20.161398 IP 172.20.0.11.51414 > 172.20.0.190.snmptrap:
>> C=1np@net_ro Trap(74) 17 172.20.0.11 enterpriseSpecific s=2 65314735
>> [|snmp]
>> 10:34:21.163528 IP 172.20.0.11.51414 > 172.20.0.190.snmptrap:
>> C=1np@net_ro Trap(122) E:cisco.1.694 172.20.0.11 linkDown 65314835
>> [|snmp]
>> 10:34:22.157971 IP 172.20.0.11.51414 > 172.20.0.190.snmptrap:
>> C=1np@net_ro Trap(201) E:cisco.9.41.2 172.20.0.11 enterpriseSpecific s=1
>> 65314935 [|snmp]
>> 10:34:29.455876 IP 172.20.0.11.51414 > 172.20.0.190.snmptrap:
>> C=1np@net_ro Trap(199) E:cisco.9.41.2 172.20.0.11 enterpriseSpecific s=1
>> 65315664 [|snmp]
>> 10:34:30.462501 IP 172.20.0.11.51414 > 172.20.0.190.snmptrap:
>> C=1np@net_ro Trap(122) E:cisco.1.694 172.20.0.11 linkUp 65315765 [|snmp]
>> 10:34:57.473365 IP 172.20.0.11.51414 > 172.20.0.190.snmptrap:
>> C=1np@net_ro Trap(74) 17 172.20.0.11 enterpriseSpecific s=2 65318466
>> [|snmp]
>> 10:35:10.534309 IP 172.20.0.11.51414 > 172.20.0.190.snmptrap:
>> C=1np@net_ro Trap(263) E:cisco.9.41.2 172.20.0.11 enterpriseSpecific s=1
>> 65319772[|snmp]
>> 10:36:10.562140 IP 172.20.0.11.51414 > 172.20.0.190.snmptrap:
>> C=1np@net_ro Trap(263) E:cisco.9.41.2 172.20.0.11 enterpriseSpecific s=1
>> 65325775[|snmp]
>> 10:37:10.598366 IP 172.20.0.11.51414 > 172.20.0.190.snmptrap:
>> C=1np@net_ro Trap(263) E:cisco.9.41.2 172.20.0.11 enterpriseSpecific s=1
>> 65331779[|snmp]
>> 10:37:25.802362 IP 172.20.0.11.51414 > 172.20.0.190.snmptrap:
>> C=1np@net_ro Trap(51) E:cisco.1.694 172.20.0.11
>> *authenticationFailure*65333299 [|snmp]
>> 10:37:26.808989 IP 172.20.0.11.51414 > 172.20.0.190.snmptrap:
>> C=1np@net_ro Trap(51) E:cisco.1.694 172.20.0.11 authenticationFailure
>> 65333400 [|snmp]
>> 10:37:27.803041 IP 172.20.0.11.51414 > 172.20.0.190.snmptrap:
>> C=1np@net_ro Trap(51) E:cisco.1.694 172.20.0.11 authenticationFailure
>> 65333499 [|snmp]
>> 10:37:28.801649 IP 172.20.0.11.51414 > 172.20.0.190.snmptrap:
>> C=1np@net_ro Trap(51) E:cisco.1.694 172.20.0.11 authenticationFailure
>> 65333599 [|snmp]
>> 10:37:29.807865 IP 172.20.0.11.51414 > 172.20.0.190.snmptrap:
>> C=1np@net_ro Trap(51) E:cisco.1.694 172.20.0.11 authenticationFailure
>> 65333700 [|snmp]
>> 10:37:30.806099 IP 172.20.0.11.51414 > 172.20.0.190.snmptrap:
>> C=1np@net_ro Trap(51) E:cisco.1.694 172.20.0.11 authenticationFailure
>> 65333800 [|snmp]
>> 10:38:10.626237 IP 172.20.0.11.51414 > 172.20.0.190.snmptrap:
>> C=1np@net_ro Trap(263) E:cisco.9.41.2 172.20.0.11 enterpriseSpecific s=1
>> 65337782[|snmp]
>> 10:38:55.066754 arp who-has 172.20.0.11 tell 172.20.0.99
>> 10:39:10.666726 IP 172.20.0.11.51414 > 172.20.0.190.snmptrap:
>> C=1np@net_ro Trap(263) E:cisco.9.41.2 172.20.0.11 enterpriseSpecific s=1
>> 65343785[|snmp]
>>
>>
>> This set of packets are coming when a plug the network cable , altough
>> this machine does not have the mac-address in packetfence database and still
>> this computer is allowed into the network .
>>
>> I have search a lot in mailarchives and foruns , but i could not find
>> anything .
>>
>> So i came to you guys . Can anyone help me ? Where im going wrong ?
>>
>> Thanks for your help .
>> Paulo
>>
>
>
------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric
Ries, the creator of the Lean Startup Methodology on "Lean Startup
Secrets Revealed." This video shows you how to validate your ideas,
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
