I am having trouble with a Cisco 4500e switch. When a new device
comes online PacketFence (PF) sees the trap. Uses SNMP to
communicate back and forth. Changes the VLAN, etc. However after
all that is done the: "switchport port-security mac-address
0200.0000.0011" line is gone. The next device that plugs in no
longer gets the SNMP trap generated and they remain in whatever VLAN
the previous device left them in.
I am in the middle of trying to track this down myself. I wanted to
throw this out for anyone else who may have run into this problem
before and can offer me a quick solution (or a good starting place).
The PF system is in full debug mode, the Cisco 4500 has debug snmp
enabled. All my logs and configs related to this configuration are
located here:
http://nss.wustl.edu/~jemurray/4500-port-security-fail.txt
It looks like everything is working as expected, I believe these are
the debug lines where it is "authorizing" the MAC address to the port:
Jul 13 14:24:50.532: SNMP: Set request, reqid 46851, errstat 0, erridx 0
cpsIfVlanSecureMacAddrEntry.5.11.2.0.0.0.0.17.671 = 6
cpsIfVlanSecureMacAddrEntry.5.11.0.35.50.148.85.164.557 = 4
The first should destroy the former MAC and the second line should set
the new MAC?
In the logs I see these messages:
Jul 13 14:24:50 pfsetvlan(7) INFO: MAC: 00:23:32:94:55:a4 is of status
unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Jul 13 14:24:50 pfsetvlan(7) INFO: authorizing 00:23:32:94:55:a4 (old
entry 02:00:00:00:00:11) at new location 128.252.71.61 ifIndex 11
(main::handleTrap)
Jul 13 14:24:50 pfsetvlan(7) DEBUG: opening SNMP v2c write connection
to 128.252.71.61 (pf::SNMP::connectWrite)
Jul 13 14:24:50 pfsetvlan(7) WARN: SNMP error tyring to add or remove
secure rows in port-security table. This could be normal. Error
message: Received undoFailed(15) error-status at error-index 1
(pf::SNMP::Cisco::Catalyst_2960::authorizeMAC)
Thoughts?
--
Jason E. Murray
[email protected]
http://www.zweck.net/
.
------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric
Ries, the creator of the Lean Startup Methodology on "Lean Startup
Secrets Revealed." This video shows you how to validate your ideas,
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
