Francois, I tested with 2 users on Xp client (flat file) and tested on packetfence these commands:
#tail -f /usr/local/pf/logs/packetefence.log ( just got IP requests ) #tcpdump -i eth0 port 162 Did not receive any traps. On the switch side I put >debug snmp packets, and before these modifications I was getting at least >messages (send / response) On the interface web no modifications too, the same happens before modifications. Should I do some modification on my running-config ? What steps could I perform to ensure that I will receive SNMP traps ? Please really need help about this... My running-config is bellow: ----- Building configuration... Current configuration : 2888 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log datetime no service password-encryption service sequence-numbers ! hostname fence0 ! aaa new-model aaa group server radius packetfence server 192.168.50.120 auth-port 1812 acct-port 1813 ! aaa authentication login default local aaa authentication dot1x default group packetfence aaa authorization network default group packetfence ! username admin privilege 15 password 0 fence0 ip subnet-zero ! no ip domain-lookup ip ssh time-out 120 ip ssh authentication-retries 3 ! spanning-tree mode pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id dot1x system-auth-control ! ! ! ! interface FastEthernet0/1 ! interface FastEthernet0/2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 switchport mode access switchport protected switchport port-security switchport port-security violation restrict switchport port-security mac-address 0000.39b5.f8d9 snmp trap mac-notification added dot1x port-control auto dot1x guest-vlan 5 dot1x reauthentication dot1x auth-fail vlan 3 spanning-tree portfast ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface Vlan1 ip address 192.168.50.111 255.255.255.0 ip helper-address 10.0.0.1 no ip route-cache ! interface Vlan2 ip address 192.168.2.10 255.255.255.0 no ip route-cache shutdown ! interface Vlan3 ip address 192.168.3.10 255.255.255.0 no ip route-cache shutdown ! interface Vlan5 ip address 192.168.5.10 255.255.255.0 no ip route-cache shutdown ! interface Vlan10 ip address 192.168.1.10 255.255.255.0 no ip route-cache shutdown ! ip default-gateway 192.168.50.1 ip http server snmp-server engineID local 123400000000000000000000 snmp-server community public RO snmp-server community private RW snmp-server enable traps snmp authentication linkdown linkup snmp-server enable traps port-security snmp-server enable traps port-security trap-rate 1 snmp-server enable traps MAC-Notification snmp-server host 192.168.50.120 public radius-server host 192.168.50.120 auth-port 1812 acct-port 1813 timeout 2 key centos radius-server retransmit 3 radius-server vsa send authentication banner motd ^C Bem Vindo ao Switch Cisco 2950 Somente pessoal autorizado, acesso restrito. Para acesso registre seu dispositivo pelo sistema PacketFence. ^C ! line con 0 line vty 5 15 ! ! end ------ Tks in advance, Marlon 2011/10/13 Francois Gaudreault <[email protected]> > > Now, are you receiving security traps? > > On 11-10-12 4:47 PM, Marlon Bastida wrote: > > Francois, > I'm using PF 2.0.1 documentation, but based on that u said I did: > - deleted some lines on the CLI switch > > no snmp-server enable traps snmp authentication linkdown linkup > no snmp-server enable traps MAC-Notification > > Will modify to just include engineID 123400000000000000000000 on the 1st > line, and following lines I will comment because SNMP v1, if I have to change > with your help to a new SNMP version we can include again. > SNMPEngineID=ARRAY(0X9ac3dcc) > #SNMPPrivProtocoloRead=ARRAY(0x9acb670) > #SNMPPrivProtocoloWrite=ARRAY(0x9ac3ed4) > Have no idea why appeared to me these lines with ARRAY. I edited the files > directly by vi editor and sometimes by web interface. > Tks in advance, > Marlon > > 2011/10/11 Francois Gaudreault <[email protected]> >> >> Before helping you, couple of things, >> > ----- >> > snmp-server engineID local 123400000000000000000000 >> > snmp-server community public RO >> > snmp-server community private RW >> > snmp-server enable traps snmp authentication linkdown linkup >> > snmp-server enable traps port-security >> > snmp-server enable traps port-security traprate 1 >> > snmp-server enable traps MAC-Notification >> > snmp-server host 192.168.50.120 public >> > >> This is not what we say in our configuration guide, so go back and >> carefully read the page 16 ( Cisco 2950 with port-security). MAC-Notif >> and linkstatus traps SHOULD NOT be enabled if you use port-security. >> >> > >> > [192.168.50.111] >> > type=Cisco::Catalyst_2950 >> > mode=production >> > vlans=2,3,4,5,10 >> > normalVlan=10 >> > SNMPVersionTrap=1 >> > SNMPCommunityTrap=public >> > SNMPCommunityRead=public >> > SNMPCommunityWrite=private >> > SNMPEngineID=ARRAY(0X9ac3dcc) >> > SNMPPrivProtocoloRead=ARRAY(0x9acb670) >> > SNMPPrivProtocoloWrite=ARRAY(0x9ac3ed4) >> > uplink= (let blank because I don't have a >> > uplink, gateway) >> > ----- >> What are those ARRAY thing in your switches.conf ???? >> >> -- >> Francois Gaudreault, ing. jr ------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Ciosco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
