Olivier,
So sorry. I paste an old config about my running-config, so there are
deleted lines on this config. At this moment I have this.
On bold characters are the lines that I did not delete but have doubts after
you said, please point me what should I delete. On italic are working fine
for me about dot1x.
----------------
Building configuration...
Current configuration : 2785 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service sequence-numbers
!
hostname fence0
!
aaa new-model
aaa group server radius packetfence
server 192.168.50.120 auth-port 1812 acct-port 1813
!
aaa authentication login default local
aaa authentication dot1x default group packetfence
aaa authorization network default group packetfence
!
username admin privilege 15 password 0 fence0
ip subnet-zero
!
no ip domain-lookup
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
dot1x system-auth-control
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
switchport mode access
switchport protected
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address 0000.39b5.f8d9
* snmp trap mac-notification added*
* dot1x port-control auto
dot1x guest-vlan 5
dot1x reauthentication
dot1x auth-fail vlan 3 (these 4 lines give me to
the correct VLAN when I do dot1x authentication on the client)*
spanning-tree portfast
!
interface FastEthernet0/6
!
[....]
interface FastEthernet0/24
!
interface Vlan1
ip address 192.168.50.111 255.255.255.0
ip helper-address 10.0.0.1
no ip route-cache
!
interface Vlan2
ip address 192.168.2.10 255.255.255.0
no ip route-cache
shutdown
!
interface Vlan3
ip address 192.168.3.10 255.255.255.0
no ip route-cache
shutdown
!
interface Vlan5
ip address 192.168.5.10 255.255.255.0
no ip route-cache
shutdown
!
interface Vlan10
ip address 192.168.1.10 255.255.255.0
no ip route-cache
shutdown
!
ip default-gateway 192.168.50.1
ip http server
snmp-server engineID local 123400000000000000000000
snmp-server community public RO
snmp-server community private RW
snmp-server enable traps port-security
snmp-server enable traps port-security trap-rate 1
snmp-server host 192.168.50.120 public
radius-server host 192.168.50.120 auth-port 1812 acct-port 1813 timeout 2
key centos
radius-server retransmit 3
radius-server vsa send authentication
banner motd ^C
Bem Vindo ao Switch Cisco 2950
Somente pessoal autorizado, acesso restrito.
Para acesso registre seu dispositivo pelo sistema PacketFence.
^C
!
line con 0
line vty 5 15
!
!
end
----------------
Tks in advance,
Marlon
2011/10/25 Olivier Bilodeau <[email protected]>:
>>
>> I tested with 2 users on Xp client (flat file) and tested on
>> packetfence these commands:
>>
>> #tail -f /usr/local/pf/logs/packetefence.log ( just got IP requests )
>>
>> #tcpdump -i eth0 port 162
>>
>> Did not receive any traps. On the switch side I put
>>> debug snmp packets, and before these modifications I was getting at
least messages (send / response)
>> On the interface web no modifications too, the same happens before
>> modifications.
>>
>>
>> Should I do some modification on my running-config ?
>> What steps could I perform to ensure that I will receive SNMP traps ?
>> Please really need help about this...
>>
>>
>> My running-config is bellow:
> [...]
>
> Did you resolve your issue? If so share the answer.
>
> If not:
>
> You are running dot1x along side port-security: not recommended
> You have linkup / linkdown traps although Francois told you to get rid
> of the statement.
> You have MAC-Notif traps although Francois told you to get rid of the
> statement.
>
> That said, this means you should be getting too many traps and not none
> of them. So start from the beginning:
> - can the switch ping packetfence's IP on eth0
> - validate the firewall rules / ACL in the path and on PF (don't forget
> it's port 162 UDP)
> - if all else fails, on your switch: debug snmp packets, generate the
> events then, show log
>
> Good luck!
> --
> Olivier Bilodeau
------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the
demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Cisco Self-Assessment and learn
about Cisco certifications, training, and career opportunities.
http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
