Re: [Packetfence-users] Beginner

Wed, 13 Jul 2011 06:48:10 -0700 

That's not what I said!
I said (in other words) that you cannot have a device authorized with port-security (the switchport port-security mac-address line) on *two switchports that are on the same VLAN*. Well, technically you could, but you will not receive SNMP traps for the new port. This situation will never happen if PF is working properly, since we go de-authorize the node on the old switchport before authorize the node on the new port. 

On 11-07-13 8:57 AM, Paulo Maia wrote:

So i cannot have 2 ports on the same vlan ? is that itt ?


On Wed, Jul 13, 2011 at 9:03 AM, Francois Gaudreault 
<[email protected] <mailto:[email protected]>> wrote:


    Paulo,

    I don't see any security traps coming from the switch with the log
    you sent.  Make sure the device is NOT authorized on any other
    port of the switch on the same VLAN of port 15.  Otherwise, the
    switch will not send SNMP traps.


    On 11-07-12 8:53 PM, Paulo Maia wrote:

    any1?

    On Tue, Jul 12, 2011 at 4:54 PM, Paulo Maia <[email protected]
    <mailto:[email protected]>> wrote:

        Updating ,

        I update the switch configuration refering to the guide in
        Documentation guide at the website

        switch configuraiton

        interface FastEthernet0/15
         switchport mode access
         switchport port-security maximum 1 vlan access
         switchport port-security
         switchport port-security violation restrict
         switchport port-security mac-address 0200.0001.0015
         snmp trap mac-notification added

        snmp-server enable traps port-security
        snmp-server enable traps port-security trap-rate 1

        snmp-server host 172.20.0.190 version 2c 1np@net_ro 
        port-security




        tcpdump -i eth0 host 172.20.0.11

        12:01:37.006396 IP 172.20.0.11.52527 >

        172.20.0.190.snmptrap:  C=1np@net_ro V2Trap(139) 
        system.sysUpTime.0=65838428 [|snmp]

        12:01:38.013022 IP 172.20.0.11.52527 >

        172.20.0.190.snmptrap:  C=1np@net_ro V2Trap(139) 
        system.sysUpTime.0=65838529 [|snmp]

        12:01:39.019618 IP 172.20.0.11.52527 >

        172.20.0.190.snmptrap:  C=1np@net_ro V2Trap(139) 
        system.sysUpTime.0=65838629 [|snmp]

        12:01:40.999211 IP 172.20.0.11.52527 >

        172.20.0.190.snmptrap:  C=1np@net_ro V2Trap(139) 
        system.sysUpTime.0=65838827 [|snmp]

        12:01:42.005930 IP 172.20.0.11.52527 >

        172.20.0.190.snmptrap:  C=1np@net_ro V2Trap(139) 
        system.sysUpTime.0=65838928 [|snmp]

        12:01:43.012548 IP 172.20.0.11.52527 >

        172.20.0.190.snmptrap:  C=1np@net_ro V2Trap(139) 
        system.sysUpTime.0=65839029 [|snmp]

        12:01:44.019088 IP 172.20.0.11.52527 >

        172.20.0.190.snmptrap:  C=1np@net_ro V2Trap(139) 
        system.sysUpTime.0=65839129 [|snmp]

        12:01:45.998813 IP 172.20.0.11.52527 >

        172.20.0.190.snmptrap:  C=1np@net_ro V2Trap(139) 
        system.sysUpTime.0=65839327 [|snmp]

        12:01:47.005536 IP 172.20.0.11.52527 >

        172.20.0.190.snmptrap:  C=1np@net_ro V2Trap(139) 
        system.sysUpTime.0=65839428 [|snmp]


        At this point i have the mac-address registed in packetfence
        the interface is connected but no conectivity . no ip address

        I dont know if im missing configuration in PacketFence  idk
        if i have to set a violation rule to block the unknow
        mac-addresses

        Thanks ,



        On Tue, Jul 12, 2011 at 2:40 PM, Paulo Maia
        <[email protected] <mailto:[email protected]>> wrote:

            Hello Everyone on the list ,
            This is my first post , So im trying to authenticate
            (allow) only the mac-addresses i have registered in
            packetfence database i added then in NODES
            Im dont use dynamic vlan assigment so its static vlans ,
            basicly i work with class b adresses so i have 172.16 to
            172.31 vlans and no guest vlan .
            So i added a swich for testing in CONFIGURATION -> SWITCH
            , i have configured the snmp comunity read key , and SNMP
            Trap Community key as well . IP address 172.20.0.11

            cisco 2960
            ....
            .....
            .....
            #snmp-server enables traps
            #snmp-server host 172.20.0.190 1np@net_ro

            172.20.0.190 is my PacketFence address .

            This is the output of tcpdump -i eth0 host 172.20.0.11
            (switch)
            10:34:10.510621 IP 172.20.0.11.51414 >

            172.20.0.190.snmptrap:  C=1np@net_ro Trap(263) 
            E:cisco.9.41.2 172.20.0.11 enterpriseSpecific s=1

            65313768[|snmp]
            10:34:20.161398 IP 172.20.0.11.51414 >
            172.20.0.190.snmptrap:  C=1np@net_ro Trap(74)  17
            172.20.0.11 enterpriseSpecific s=2 65314735 [|snmp]
            10:34:21.163528 IP 172.20.0.11.51414 >

            172.20.0.190.snmptrap:  C=1np@net_ro Trap(122) 
            E:cisco.1.694 172.20.0.11 linkDown 65314835 [|snmp]

            10:34:22.157971 IP 172.20.0.11.51414 >

            172.20.0.190.snmptrap:  C=1np@net_ro Trap(201) 
            E:cisco.9.41.2 172.20.0.11 enterpriseSpecific s=1

            65314935 [|snmp]
            10:34:29.455876 IP 172.20.0.11.51414 >

            172.20.0.190.snmptrap:  C=1np@net_ro Trap(199) 
            E:cisco.9.41.2 172.20.0.11 enterpriseSpecific s=1

            65315664 [|snmp]
            10:34:30.462501 IP 172.20.0.11.51414 >

            172.20.0.190.snmptrap:  C=1np@net_ro Trap(122) 
            E:cisco.1.694 172.20.0.11 linkUp 65315765 [|snmp]

            10:34:57.473365 IP 172.20.0.11.51414 >
            172.20.0.190.snmptrap:  C=1np@net_ro Trap(74)  17
            172.20.0.11 enterpriseSpecific s=2 65318466 [|snmp]
            10:35:10.534309 IP 172.20.0.11.51414 >

            172.20.0.190.snmptrap:  C=1np@net_ro Trap(263) 
            E:cisco.9.41.2 172.20.0.11 enterpriseSpecific s=1

            65319772[|snmp]
            10:36:10.562140 IP 172.20.0.11.51414 >

            172.20.0.190.snmptrap:  C=1np@net_ro Trap(263) 
            E:cisco.9.41.2 172.20.0.11 enterpriseSpecific s=1

            65325775[|snmp]
            10:37:10.598366 IP 172.20.0.11.51414 >

            172.20.0.190.snmptrap:  C=1np@net_ro Trap(263) 
            E:cisco.9.41.2 172.20.0.11 enterpriseSpecific s=1

            65331779[|snmp]
            10:37:25.802362 IP 172.20.0.11.51414 >

            172.20.0.190.snmptrap:  C=1np@net_ro Trap(51) 
            E:cisco.1.694 172.20.0.11 *authenticationFailure*

            65333299 [|snmp]
            10:37:26.808989 IP 172.20.0.11.51414 >

            172.20.0.190.snmptrap:  C=1np@net_ro Trap(51) 
            E:cisco.1.694 172.20.0.11 authenticationFailure 65333400

            [|snmp]
            10:37:27.803041 IP 172.20.0.11.51414 >

            172.20.0.190.snmptrap:  C=1np@net_ro Trap(51) 
            E:cisco.1.694 172.20.0.11 authenticationFailure 65333499

            [|snmp]
            10:37:28.801649 IP 172.20.0.11.51414 >

            172.20.0.190.snmptrap:  C=1np@net_ro Trap(51) 
            E:cisco.1.694 172.20.0.11 authenticationFailure 65333599

            [|snmp]
            10:37:29.807865 IP 172.20.0.11.51414 >

            172.20.0.190.snmptrap:  C=1np@net_ro Trap(51) 
            E:cisco.1.694 172.20.0.11 authenticationFailure 65333700

            [|snmp]
            10:37:30.806099 IP 172.20.0.11.51414 >

            172.20.0.190.snmptrap:  C=1np@net_ro Trap(51) 
            E:cisco.1.694 172.20.0.11 authenticationFailure 65333800

            [|snmp]
            10:38:10.626237 IP 172.20.0.11.51414 >

            172.20.0.190.snmptrap:  C=1np@net_ro Trap(263) 
            E:cisco.9.41.2 172.20.0.11 enterpriseSpecific s=1

            65337782[|snmp]
            10:38:55.066754 arp who-has 172.20.0.11 tell 172.20.0.99
            10:39:10.666726 IP 172.20.0.11.51414 >

            172.20.0.190.snmptrap:  C=1np@net_ro Trap(263) 
            E:cisco.9.41.2 172.20.0.11 enterpriseSpecific s=1

            65343785[|snmp]


            This set of packets are coming when a plug the network
            cable , altough this machine does not have the
            mac-address in packetfence database and still this
            computer is allowed into the network .

            I have search a lot in mailarchives and foruns , but i
            could not find anything .

            So i came to you guys . Can anyone help me ? Where im
            going wrong ?

            Thanks for your help .
            Paulo




    
------------------------------------------------------------------------------
    AppSumo Presents a FREE Video for the SourceForge Community by Eric
    Ries, the creator of the Lean Startup Methodology on "Lean Startup
    Secrets Revealed." This video shows you how to validate your ideas,
    optimize your ideas and identify your business strategy.
    http://p.sf.net/sfu/appsumosfdev2dev


    _______________________________________________
    Packetfence-users mailing list
    [email protected]  
<mailto:[email protected]>
    https://lists.sourceforge.net/lists/listinfo/packetfence-users




    -- 
    Francois Gaudreault, ing. jr

    [email protected]  <mailto:[email protected]>   ::  +1.514.447.4918 
(x130) ::www.inverse.ca  <http://www.inverse.ca>
    Inverse inc. :: Leaders behind SOGo (www.sogo.nu  <http://www.sogo.nu>) and 
PacketFence (www.packetfence.org  <http://www.packetfence.org>)


    
------------------------------------------------------------------------------
    AppSumo Presents a FREE Video for the SourceForge Community by Eric
    Ries, the creator of the Lean Startup Methodology on "Lean Startup
    Secrets Revealed." This video shows you how to validate your ideas,
    optimize your ideas and identify your business strategy.
    http://p.sf.net/sfu/appsumosfdev2dev
    _______________________________________________
    Packetfence-users mailing list
    [email protected]
    <mailto:[email protected]>
    https://lists.sourceforge.net/lists/listinfo/packetfence-users



------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric
Ries, the creator of the Lean Startup Methodology on "Lean Startup
Secrets Revealed." This video shows you how to validate your ideas,
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev


_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users



--
Francois Gaudreault, ing. jr
[email protected]  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)


------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric 
Ries, the creator of the Lean Startup Methodology on "Lean Startup 
Secrets Revealed." This video shows you how to validate your ideas, 
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to