Hi Francois,
I've made some progress, e.g. I'm getting snmptraps. However, I've got a new
problem, or problems.
The Cisco 3750 connected laptop gets Registration VLAN IP 192.169.52.2 but
something is wrong with DNS so the captive portal doesn't come up. Oddly, the
DNS resolved backhole IP is 192.168.53.1, the PF Isolation VLAN IP, not
192.168.52.1 as I think it should be. My .conf files (below) look okay. Maybe
related is a system default IP route and resolv.conf problem: If I don't let
Centos 6 NetworkManager start the interfaces, I get the correct default route
out eth0.10 but resolv.conf is empty. If I do let NetworkManager start the
interfaces I don't get the correct default IP route, it's wrongly set to eth0
when it should be eth0.10, as defined in the ifcfg-eth_ files (see them below),
but resolv.conf is correctly populated. Running /etc/init.d/network start will
fix both cases, i.e. add the correct default route (the bad one needs to be
deleted too) or populate the /etc/resolv.conf with DNS servers and search
domain. I've also put far below a few packetfence.log entries that look
concerning.
LAPTOP NSLOOKUP:
C:\nslookup yahoo
Server: Unknown
Address: 192.168.52.1
Name: yahoo.registration.mines.edu
Address: 192.168.53.1
=============================
NETWORKS.CONF:
[192.168.52.0]
netmask=255.255.255.0
gateway=192.168.52.1
domain-name=registration.mines.edu
dns=192.168.52.1
dhcp_start=192.168.52.2
dhcp_end=192.168.52.250
dhcp_default_lease_time=300
dhcp_max_lease_time=600
type=vlan-registration
named=enabled
dhcpd=enabled
[192.168.53.0]
netmask=255.255.255.0
gateway=192.168.53.1
domain-name=isolation.mines.edu
dns=192.168.53.1
dhcp_start=192.168.53.2
dhcp_end=192.168.53.250
dhcp_default_lease_time=300
dhcp_max_lease_time=600
type=vlan-registration
named=enabled
dhcpd=enabled
==============================
../PF/VAR/CONF/DHCPD.CONF:
subnet 192.168.52.0 netmask 255.255.255.0 {
option routers 192.168.52.1;
option subnet-mask 255.255.255.0;
option domain-name "registration.mines.edu";
option domain-name-servers 192.168.52.1;
range 192.168.52.2 192.168.52.250;
default-lease-time 300;
max-lease-time 600;
}
subnet 192.168.53.0 netmask 255.255.255.0 {
option routers 192.168.53.1;
option subnet-mask 255.255.255.0;
option domain-name "isolation.mines.edu";
option domain-name-servers 192.168.53.1;
range 192.168.53.2 192.168.53.250;
default-lease-time 300;
max-lease-time 600;
}
=====================================
IFCFG-ETH's:
-------------------
DEVICE="eth0"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE=Ethernet
BOOTPROTO=static
IPADDR=138.67.244.17
NETMASK=255.255.252.0
DNS1=138.67.1.2
DNS2=138.67.1.3
DOMAIN=mines.edu
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
HWADDR=00:0E:0C:09:31:7A
[root@nac network-scripts]# more ifcfg-eth0.10
DEVICE="eth0.10"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE=Ethernet
BOOTPROTO=static
IPADDR=138.67.4.199
NETMASK=255.255.192.0
GATEWAY=138.67.1.1
DNS1=138.67.1.2
DNS2=138.67.1.3
DOMAIN=mines.edu
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0.10"
VLAN=yes
=========================================
PACKETFENCE.LOG's:
Feb 17 16:39:34 pfdhcplistener(27923) WARN: database query failed with:
Duplicate entry '00:21:9b:55:a6:5a' for key 'PRIMARY'. (errno: 1062), will try
again (pf::db::db_query_execute)
Feb 17 16:39:34 pfdhcplistener(27923) WARN: database query failed with:
Duplicate entry '00:21:9b:55:a6:5a' for key 'PRIMARY'. (errno: 1062), will try
again (pf::db::db_query_execute)
Feb 17 16:39:34 pfdhcplistener(27923) WARN: database query failed with:
Duplicate entry '00:21:9b:55:a6:5a' for key 'PRIMARY'. (errno: 1062), will try
again (pf::db::db_query_execute)
(the above is just one MAC example of these triplicate logs)
MORE PACKETFENCE LOGS, THESE ARE RELATED TO THE LAPTOP REGISTRATION:
Feb 17 16:53:47 pfsetvlan(9) INFO: nb of items in queue: 1; nb of threads
running: 0 (main::startTrapHandlers)
Feb 17 16:53:47 pfsetvlan(9) INFO: secureMacAddrViolation trap received on
138.67.244.16 ifIndex 10046 for 2c:41:38:14:06:14 (main::handleTrap)
Feb 17 16:53:47 pfsetvlan(9) INFO: Will try to check on this node's previous
switch if secured entry needs to be removed. Old Switch IP: 138.67.244.16
(main::do_port_security)
Feb 17 16:53:47 pfsetvlan(9) INFO: de-authorizing 2c:41:38:14:06:14 (new entry
02:00:00:01:00:47) at old location 138.67.244.16 ifIndex 10047
(main::do_port_security)
Feb 17 16:53:48 pfsetvlan(9) INFO: MAC: 2c:41:38:14:06:14 is of status unreg;
belongs into registration VLAN (pf::vlan::getRegistrationVlan)
Feb 17 16:53:48 pfsetvlan(9) INFO: authorizing 2c:41:38:14:06:14 (old entry
02:00:00:01:00:46) at new location 138.67.244.16 ifIndex 10046
(main::handleTrap)
Feb 17 16:53:48 pfsetvlan(9) INFO: finished (main::cleanupAfterThread)
Feb 17 16:53:49 pfsetvlan(11) INFO: nb of items in queue: 1; nb of threads
running: 0 (main::startTrapHandlers)
Feb 17 16:53:49 pfsetvlan(11) INFO: secureMacAddrViolation trap received on
138.67.244.16 ifIndex 10046 for 2c:41:38:14:06:14 (main::handleTrap)
Feb 17 16:53:49 pfsetvlan(11) INFO: Will try to check on this node's previous
switch if secured entry needs to be removed. Old Switch IP: 138.67.244.16
(main::do_port_security)
Feb 17 16:53:49 pfsetvlan(11) INFO: MAC 2c:41:38:14:06:14 is already authorized
on 138.67.244.16 ifIndex 10046. Stopping secureMacAddrViolation trap handling
here (main::handleTrap)
Feb 17 16:53:49 pfsetvlan(11) INFO: finished (main::cleanupAfterThread)
Feb 17 16:53:51 pfsetvlan(13) INFO: nb of items in queue: 1; nb of threads
running: 0 (main::startTrapHandlers)
Feb 17 16:53:51 pfsetvlan(13) INFO: secureMacAddrViolation trap received on
138.67.244.16 ifIndex 10046 for 2c:41:38:14:06:14 (main::handleTrap)
Feb 17 16:53:51 pfsetvlan(13) INFO: Will try to check on this node's previous
switch if secured entry needs to be removed. Old Switch IP: 138.67.244.16
(main::do_port_security)
Feb 17 16:53:51 pfsetvlan(13) INFO: MAC 2c:41:38:14:06:14 is already authorized
on 138.67.244.16 ifIndex 10046. Stopping secureMacAddrViolation trap handling
here (main::handleTrap)
Feb 17 16:53:51 pfsetvlan(13) INFO: finished (main::cleanupAfterThread)
Thanks Again!
Steve
________________________________________
From: Francois Gaudreault [[email protected]]
Sent: Tuesday, February 14, 2012 8:21 PM
To: [email protected]
Subject: Re: [Packetfence-users] PF 3.1.0 doesn't change Cisco 3750 12.2(52)SE
from Registration to Normal VLAN
Hi Steve,
> When I run /usr/bin/mysql_secure_installation it tells me:
> "Enter current password for root (enter for none):
> ERROR 2002 (HY000): Can't connect to local MySQL server through socket
> '/var/lib/mysql/mysql.sock' (2)
> Enter current password for root (enter for none):"
You need to make sure mysqld is properly started.
--
Francois Gaudreault, ing. jr
[email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
