Hi at all, I have installed Packetfence ZEN and i have configurate the system like is advised by the guide.
In this moment i have create all vlan (2,3,4,5,10) and set the appropriate dhcp/dns server If i plug an host in a switch port of the vlan 2 or 3, i'm redirect to the captive portal. So, until this, the system work well. Now i have tried to configure the snmp to permitt packetfence to realize the vlan assignement. Here is my switches.conf: # # Copyright 2006-2008 Inverse inc. # # See the enclosed file COPYING for license information (GPL). # If you did not receive this file, see # http://www.fsf.org/licensing/licenses/gpl.html [default] vlans=2,3,4,5,10 normalVlan=10 registrationVlan=2 isolationVlan=3 macDetectionVlan=4 guestVlan=5 customVlan1= customVlan2= customVlan3= customVlan4= customVlan5= VoIPEnabled=no voiceVlan= mode=testing macSearchesMaxNb=30 macSearchesSleepInterval=2 uplink=dynamic #Command Line Interface:telnet and SSH cliTransport= <<EOT Telnet SSH EOT cliUser= <<EOT root EOT cliPwd= <<EOT mypassword EOT cliEnablePwd= # # SNMP section # # PacketFence -> Switch SNMPVersion=3 SNMPCommunityRead=public SNMPCommunityWrite=private #SNMPEngineID = 0000000000000 SNMPUserNameRead=readUser SNMPAuthProtocolRead=MD5 SNMPAuthPasswordRead=authpwdread SNMPPrivProtocolRead=AES SNMPPrivPasswordRead=privpwdread SNMPUserNameWrite=writeUser SNMPAuthProtocolWrite=MD5 SNMPAuthPasswordWrite=authpwdwrite SNMPPrivProtocolWrite=AES SNMPPrivPasswordWrite=privpwdwrite # Switch -> PacketFence SNMPVersionTrap=3 SNMPCommunityTrap=public SNMPAuthProtocolTrap=MD5 SNMPUserNameTrap=readUser SNMPAuthPasswordTrap=authpwdread SNMPPrivProtocolTrap=AES SNMPPrivPasswordTrap=privpwdread # # Web Services Interface # # wsTransport could be: http or https wsTransport=https wsUser=root wsPwd=mypassword # # RADIUS NAS Client config # # RADIUS shared secret with switch radiusSecret= [127.0.0.1] type=PacketFence mode=production uplink=dynamic [10.0.10.2] type=Cisco::Catalyst_2960 mode=production radiusSecret=s3cr3t cliTransport= cliUser=ARRAY(0x19966c40) cliPwd=ARRAY(0x1996f600) wsUser=root controllerIp= SNMPEngineID=AA5ED139B81D4A328D18ACD1 SNMPPrivProtocolRead=AES SNMPPrivProtocolWrite=AES #[10.0.10.3] #type = Cisco::Aironet_1242 #mode=production #cliTransport = Telnet #cliUser = Cisco #cliPwd = Cisco #cliEnablePwd = Cisco #radiusSecret = s3cr3t and here is the snmp configuration of the Cisco 2960 switch : snmp-server engineID local AA5ED139B81D4A328D18ACD1 snmp-server group readGroup v3 priv notify *tv.00000000.00000000.00000000.000002000F snmp-server group writeGroup v3 priv write v1default snmp-server enable traps port-security snmp-server enable traps port-security trap-rate 1 snmp-server host 10.0.10.1 version 3 priv readUser port-security snmp-server engineID local AA5ED139B81D4A328D18ACD1 snmp-server group readGroup v3 priv notify *tv.00000000.00000000.00000000.000002000F snmp-server group writeGroup v3 priv write v1default snmp-server enable traps port-security snmp-server enable traps port-security trap-rate 1 snmp-server host 10.0.10.1 version 3 priv readUser port-security If i not set the snmp-server engineID in the switch [10.0.10.2], i get a warning. So i set the snmp-server engineID in the switch 10.0.10.2 parameter. Is that right? I have configured a switch's port with port security and the fake mac address; when i plug my host to this port, the security violation is generated and send to packetfence. At this point, packetfence tell me that there is an error in the communication with the switch, so the system can't communicate to the switch and the vlan assignement don't work. Here is the tail of packetfence log: Mar 13 12:29:35 pfsetvlan(21) INFO: secureMacAddrViolation trap on 10.0.10.2 ifIndex 10102. Port Security is no longer configured on the port. Flush the trap (main::signalHandlerTrapListQueued) Mar 13 12:29:39 pfsetvlan(25) ERROR: error creating SNMP v3 read connection to 10.0.10.2: No response from remote host '10.0.10.2' during discovery (pf::SNMP::connectRead) Mar 13 12:29:39 pfsetvlan(25) INFO: secureMacAddrViolation trap on 10.0.10.2 ifIndex 10102. Port Security is no longer configured on the port. Flush the trap (main::signalHandlerTrapListQueued) Mar 13 12:29:43 pfsetvlan(22) ERROR: error creating SNMP v3 read connection to 10.0.10.2: No response from remote host '10.0.10.2' during discovery (pf::SNMP::connectRead) Mar 13 12:29:45 pfsetvlan(23) ERROR: error creating SNMP v3 read connection to 10.0.10.2: No response from remote host '10.0.10.2' during discovery (pf::SNMP::connectRead) Mar 13 12:29:47 pfsetvlan(22) ERROR: error creating SNMP v3 read connection to 10.0.10.2: No response from remote host '10.0.10.2' during discovery (pf::SNMP::connectRead) Mar 13 12:29:47 pfsetvlan(22) INFO: secureMacAddrViolation trap on 10.0.10.2 ifIndex 10102. Port Security is no longer configured on the port. Flush the trap (main::signalHandlerTrapListQueued) Mar 13 12:29:51 pfsetvlan(23) ERROR: error creating SNMP v3 read connection to 10.0.10.2: No response from remote host '10.0.10.2' during discovery (pf::SNMP::connectRead) Mar 13 12:29:51 pfsetvlan(23) INFO: secureMacAddrViolation trap on 10.0.10.2 ifIndex 10102. Port Security is no longer configured on the port. Flush the trap (main::signalHandlerTrapListQueued) Mar 13 12:29:55 pfsetvlan(24) ERROR: error creating SNMP v3 read connection to 10.0.10.2: No response from remote host '10.0.10.2' during discovery (pf::SNMP::connectRead) Mar 13 12:29:57 pfsetvlan(21) ERROR: error creating SNMP v3 read connection to 10.0.10.2: No response from remote host '10.0.10.2' during discovery (pf::SNMP::connectRead) Mar 13 12:29:59 pfsetvlan(24) ERROR: error creating SNMP v3 read connection to 10.0.10.2: No response from remote host '10.0.10.2' during discovery (pf::SNMP::connectRead) Mar 13 12:29:59 pfsetvlan(24) INFO: secureMacAddrViolation trap on 10.0.10.2 ifIndex 10102. Port Security is no longer configured on the port. Flush the trap (main::signalHandlerTrapListQueued) Mar 13 12:30:03 pfsetvlan(21) ERROR: error creating SNMP v3 read connection to 10.0.10.2: No response from remote host '10.0.10.2' during discovery (pf::SNMP::connectRead) Mar 13 12:30:03 pfsetvlan(21) INFO: secureMacAddrViolation trap on 10.0.10.2 ifIndex 10102. Port Security is no longer configured on the port. Flush the trap (main::signalHandlerTrapListQueued) also, the check configuration sanity report: WARNING - switches.conf | SNMPUserNameTrap is missing for switch 127.0.0.1 WARNING - switches.conf | SNMPEngineID is missing for switch 127.0.0.1 WARNING - switches.conf | SNMPAuthProtocolTrap is missing for switch 127.0.0.1 WARNING - switches.conf | SNMPAuthPasswordTrap is missing for switch 127.0.0.1 WARNING - switches.conf | SNMPPrivProtocolTrap is missing for switch 127.0.0.1 WARNING - switches.conf | SNMPPrivPasswordTrap is missing for switch 127.0.0.1 WARNING - switches.conf | SNMPUserNameTrap is missing for switch 10.0.10.2 WARNING - switches.conf | SNMPAuthProtocolTrap is missing for switch 10.0.10.2 WARNING - switches.conf | SNMPAuthPasswordTrap is missing for switch 10.0.10.2 but SNMPAuthPasswordTrap, SNMPAuthProtocolTrap and SNMPUserNameTrap are set in the SNMP section, so i don't understand why the system tell this warning. Besides, in the services list the pfredirect services have actual status "stopped" and expected Status "Stopped". What do pfredirect? Can it influence the vlan assignement? How can i fix this problem? I think the switch send correctly the snmp traps, packetfence receve correctly the traps and the problem is in the comunication from packetfence to the switch. thank you for help:) ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
