Hi,
I tried using the snmpwalk utility to verify basic snmp connectivity and
this was failing to get any responses. I've since wiped the cisco config
and started from scratch and it's working immediately.
Thanks for all your help.
On Wed, Mar 14, 2012 at 4:43 PM, Adrian Mulgrew <[email protected]>wrote:
> I mean I still see the error in the snmptrapd.log
>
> |UDP:
> [192.168.1.101]:50369->[192.168.1.5]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN
> SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 =
> Timeticks: (2721180) 7:33:31.80|.1.3.6.1.6.3.1.1.4.1.0 = OID:
> .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10105 = Wrong Type (should
> be INTEGER): Gauge32: 10105|.1.3.6.1.2.1.31.1.1.1.1.10105 = STRING:
> GigabitEthernet0/5|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10105 = Hex-STRING: 00
> 13 77 35 0B E0 END VARIABLEBINDINGS
>
> Not sure how to tell if it is PF snmptrapd running or not? I assume it *is
> running *as I have not configured anything else. And the service is
> reported as running in the PF web interface services page.
>
> I've also added the running config from the switch incase you can see
> something there?
>
>
> Building configuration...
>
> Current configuration : 9417 bytes
> !
> version 12.2
> no service pad
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname SERI-PUBLIC
> !
> boot-start-marker
> boot-end-marker
> !
> enable secret 5 $1$PByI$SZC2K8Y73Pbwygnmi7BdL0
> enable password admin
> !
> username seri privilege 15 secret 5 $1$Y6tS$vCPwGHPgxtuvlgXJuWsqE/
> aaa new-model
> !
> !
> aaa group server radius packetfence
> server 192.168.1.5 auth-port 1812 acct-port 1813
> aaa authentication login default local
> aaa authentication dot1x default group packetfence
> aaa authorization network default group packetfence
> !
> !
> !
> aaa session-id common
> system mtu routing 1500
> ip subnet-zero
> !
> !
> !
> !
> dot1x system-auth-control
> spanning-tree mode pvst
> spanning-tree extend system-id
> !
> vlan internal allocation policy ascending
> !
> !
> !
> interface GigabitEthernet0/1
> interface GigabitEthernet0/2
> description Uplink to ESXi Host
> switchport trunk encapsulation dot1q
> switchport trunk allowed vlan 1-5,10,200
> !
> interface GigabitEthernet0/3
> switchport access vlan 4
> !
> interface GigabitEthernet0/4
> !
> interface GigabitEthernet0/5
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 1 vlan access
> switchport port-security
> switchport port-security violation restrict
> switchport port-security mac-addres
> !
> interface GigabitEthernet0/6
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security violation restrict
> dot1x pae authenticator
> dot1x port-control auto
> dot1x host-mode multi-host
> dot1x violation-mode protect
> dot1x reauthentication
> !
> interface GigabitEthernet0/7
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security violation restrict
> dot1x pae authenticator
> dot1x port-control auto
> dot1x host-mode multi-host
> dot1x violation-mode protect
> dot1x reauthentication
> !
> interface GigabitEthernet0/8
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security violation restrict
> dot1x pae authenticator
> dot1x port-control auto
> dot1x host-mode multi-host
> dot1x violation-mode protect
> dot1x reauthentication
> !
> interface GigabitEthernet0/9
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security violation restrict
> dot1x pae authenticator
> dot1x port-control auto
> dot1x host-mode multi-host
> dot1x violation-mode protect
> dot1x reauthentication
> !
> interface GigabitEthernet0/10
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security violation restrict
> dot1x pae authenticator
> dot1x port-control auto
> dot1x host-mode multi-host
> dot1x violation-mode protect
> dot1x reauthentication
> !
> interface GigabitEthernet0/11
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security violation restrict
> dot1x pae authenticator
> dot1x port-control auto
> dot1x host-mode multi-host
> dot1x violation-mode protect
> dot1x reauthentication
> !
> interface GigabitEthernet0/12
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security violation restrict
> dot1x pae authenticator
> dot1x port-control auto
> dot1x host-mode multi-host
> dot1x violation-mode protect
> dot1x reauthentication
> !
> interface GigabitEthernet0/13
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security violation restrict
> dot1x pae authenticator
> dot1x port-control auto
> dot1x host-mode multi-host
> dot1x violation-mode protect
> dot1x reauthentication
> !
> interface GigabitEthernet0/14
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security violation restrict
> dot1x pae authenticator
> dot1x port-control auto
> dot1x host-mode multi-host
> dot1x violation-mode protect
> dot1x reauthentication
> !
> interface GigabitEthernet0/15
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security violation restrict
> dot1x pae authenticator
> dot1x port-control auto
> dot1x host-mode multi-host
> dot1x violation-mode protect
> dot1x reauthentication
> !
> interface GigabitEthernet0/16
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security violation restrict
> dot1x pae authenticator
> dot1x port-control auto
> dot1x host-mode multi-host
> dot1x violation-mode protect
> dot1x reauthentication
> !
> interface GigabitEthernet0/17
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security violation restrict
> dot1x pae authenticator
> dot1x port-control auto
> dot1x host-mode multi-host
> dot1x violation-mode protect
> dot1x reauthentication
> !
> interface GigabitEthernet0/18
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security violation restrict
> dot1x pae authenticator
> dot1x port-control auto
> dot1x host-mode multi-host
> dot1x violation-mode protect
> dot1x reauthentication
> !
> interface GigabitEthernet0/19
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security violation restrict
> dot1x pae authenticator
> dot1x port-control auto
> dot1x host-mode multi-host
> dot1x violation-mode protect
> dot1x reauthentication
> !
> interface GigabitEthernet0/20
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security violation restrict
> dot1x pae authenticator
> dot1x port-control auto
> dot1x host-mode multi-host
> dot1x violation-mode protect
> dot1x reauthentication
> !
> interface GigabitEthernet0/21
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security violation restrict
> dot1x pae authenticator
> dot1x port-control auto
> dot1x host-mode multi-host
> dot1x violation-mode protect
> dot1x reauthentication
> !
> interface GigabitEthernet0/22
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security violation restrict
> dot1x pae authenticator
> dot1x port-control auto
> dot1x host-mode multi-host
> dot1x violation-mode protect
> dot1x reauthentication
> !
> interface GigabitEthernet0/23
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security violation restrict
> dot1x pae authenticator
> dot1x port-control auto
> dot1x host-mode multi-host
> dot1x violation-mode protect
> dot1x reauthentication
> !
> interface GigabitEthernet0/24
> switchport access vlan 4
> switchport mode access
> switchport port-security maximum 2
> switchport port-security maximum 1 vlan access
> switchport port-security violation restrict
> dot1x pae authenticator
> dot1x port-control auto
> dot1x host-mode multi-host
> dot1x violation-mode protect
> dot1x reauthentication
> !
> interface GigabitEthernet0/25
> !
> interface GigabitEthernet0/26
> !
> interface GigabitEthernet0/27
> !
> interface GigabitEthernet0/28
> !
> interface Vlan1
> description Mgmt Interface
> ip address 192.168.1.101 255.255.255.0
> no ip route-cache
> !
> ip http server
> snmp-server enable traps snmp authentication linkdown linkup coldstart
> warmstart
> snmp-server enable traps transceiver all
> snmp-server enable traps tty
> snmp-server enable traps cluster
> snmp-server enable traps entity
> snmp-server enable traps cpu threshold
> snmp-server enable traps vtp
> snmp-server enable traps vlancreate
> snmp-server enable traps vlandelete
> snmp-server enable traps flash insertion removal
> snmp-server enable traps port-security
> snmp-server enable traps port-security trap-rate 1
> snmp-server enable traps envmon fan shutdown supply temperature status
> snmp-server enable traps config-copy
> snmp-server enable traps config
> snmp-server enable traps config-ctid
> snmp-server enable traps rtr
> snmp-server enable traps bridge newroot topologychange
> snmp-server enable traps stpx inconsistency root-inconsistency
> loop-inconsistency
> snmp-server enable traps syslog
> snmp-server enable traps errdisable
> snmp-server enable traps mac-notification change move threshold
> snmp-server enable traps vlan-membership
> snmp-server host 192.168.1.5 version 2c public port-security
> radius-server host 192.168.1.5 auth-port 1812 acct-port 1813 timeout 2 key
> useStrongerSecret
> radius-server vsa send authentication
> !
> control-plane
> !
> !
> line con 0
> password admin
> line vty 0 4
> password admin
> transport input telnet
> line vty 5 15
> password admin
> transport input telnet
> !
> end
>
>
>
>
>
> On Wed, Mar 14, 2012 at 4:19 PM, Francois Gaudreault <
> [email protected]> wrote:
>
>> Hi,
>>
>> > I have now replaced the original and modified it as I think it should be
>> > for our environment. But still I get the same error. Could you please
>> > have a look at the complete switches.conf file and let me know if I have
>> > made a mistake:
>> You mean, you still get the SNMP Trap config error or the wrong type in
>> the trap?
>>
>> Is it possible you are running the OS snmptrapd and not the PF one?
>>
>> >
>> > #
>> > # Copyright 2006-2008 Inverse inc.
>> > #
>> > # See the enclosed file COPYING for license information (GPL).
>> > # If you did not receive this file, see
>> > # http://www.fsf.org/licensing/licenses/gpl.html
>> >
>> > [default]
>> > vlans = 1,2,3,4,5
>> > normalVlan = 1
>> > registrationVlan = 2
>> > isolationVlan = 3
>> > macDetectionVlan = 4
>> > guestVlan = 5
>> > customVlan1 =
>> > customVlan2 =
>> > customVlan3 =
>> > customVlan4 =
>> > customVlan5 =
>> > VoIPEnabled = no
>> > voiceVlan =
>> >
>> > mode = testing
>> > macSearchesMaxNb = 30
>> > macSearchesSleepInterval = 2
>> > uplink = dynamic
>> >
>> > #
>> > # Command Line Interface
>> > #
>> > # cliTransport could be: Telnet, SSH or Serial
>> > cliTransport = Telnet
>> > cliUser = admin
>> > cliPwd = admin
>> > cliEnablePwd = admin
>> >
>> > #
>> > # SNMP section
>> > #
>> >
>> > # PacketFence -> Switch
>> > SNMPVersion = 2c
>> > SNMPCommunityRead = public
>> > SNMPCommunityWrite = private
>> > #SNMPEngineID = 0000000000000
>> > #SNMPUserNameRead = readUser
>> > #SNMPAuthProtocolRead = MD5
>> > #SNMPAuthPasswordRead = authpwdread
>> > #SNMPPrivProtocolRead = DES
>> > #SNMPPrivPasswordRead = privpwdread
>> > #SNMPUserNameWrite = writeUser
>> > #SNMPAuthProtocolWrite = MD5
>> > #SNMPAuthPasswordWrite = authpwdwrite
>> > #SNMPPrivProtocolWrite = DES
>> > #SNMPPrivPasswordWrite = privpwdwrite
>> >
>> > # Switch -> PacketFence
>> > SNMPVersionTrap = 2c
>> > SNMPCommunityTrap = public
>> > #SNMPAuthProtocolTrap = MD5
>> > #SNMPAuthPasswordTrap = authpwdread
>> > #SNMPPrivProtocolTrap = DES
>> > #SNMPPrivPasswordTrap = privpwdread
>> >
>> > #
>> > # Web Services Interface
>> > #
>> > # wsTransport could be: http or https
>> > wsTransport = http
>> > wsUser =
>> > wsPwd =
>> > #
>> > # RADIUS NAS Client config
>> > #
>> > # RADIUS shared secret with switch
>> > radiusSecret=
>> >
>> > [127.0.0.1]
>> > type = PacketFence
>> > mode = production
>> > uplink = dynamic
>> > # SNMP Traps v1 are used for internal messages
>> > SNMPVersionTrap=1
>> > SNMPCommunityTrap=public
>> >
>> > [192.168.1.101]
>> > type = Cisco::Catalyst_2970
>> > mode = production
>> > uplink = 23,24
>> > #SNMPVersion = 2c
>> > #SNMPEngineID = 0000000000000
>> > #SNMPUserNameRead = readUser
>> > #SNMPAuthProtocolRead = MD5
>> > #SNMPAuthPasswordRead = authpwdread
>> > #SNMPPrivProtocolRead = DES
>> > #SNMPPrivPasswordRead = privpwdread
>> > #SNMPUserNameWrite = writeUser
>> > #SNMPAuthProtocolWrite = MD5
>> > #SNMPAuthPasswordWrite = authpwdwrite
>> > #SNMPPrivProtocolWrite = DES
>> > #SNMPPrivPasswordWrite = privpwdwrite
>> > #SNMPVersionTrap = 2c
>> > #SNMPUserNameTrap = readUser
>> > #SNMPAuthProtocolTrap = MD5
>> > #SNMPAuthPasswordTrap = authpwdread
>> > #SNMPPrivProtocolTrap = DES
>> > #SNMPPrivPasswordTrap = privpwdread
>> >
>> >
>> > On Wed, Mar 14, 2012 at 12:43 PM, Francois Gaudreault
>> > <[email protected] <mailto:[email protected]>> wrote:
>> >
>> > Hi,
>> >
>> > > The IOS version is 12.2(44)SE6 which is the latest available for
>> this
>> > > model.
>> > > After your suggestion I also tried with a CISCO 3560 and it does
>> the
>> > > same thing.
>> > > Could it be something in my configuration causing the problem.
>> > Maybe (see below). The 3560s are well supported in PF. In fact, we
>> > have them in production in a *lot* of deployments.
>> >
>> > >
>> > > In the configuration check-up log it has a warning about
>> > switches.conf
>> > > 'Switch SNMP Trap version is missing for switch 192.168.1.101
>> please
>> > > provide one specific to the switch or in default' I do have trap
>> > version
>> > > in the file. SO not sure why it is warning. Switches.conf below:
>> > You have the trap version/community config missing. Is this your
>> actual
>> > switches.conf or you stripped it for the mailing list? There are a
>> lot
>> > of stuff missing. You should not strip this file in any cases
>> (even if
>> > it can be a pain to edit sometimes when you have 1k switches in it).
>> >
>> > Please, put back the original switches.conf, and modify the fields
>> you
>> > need. After that, it should work.
>> >
>> > Thanks.
>> >
>> > --
>> > Francois Gaudreault, ing. jr
>> > [email protected] <mailto:[email protected]> ::
>> > +1.514.447.4918 <tel:%2B1.514.447.4918> (x130) :: www.inverse.ca
>> > <http://www.inverse.ca>
>> > Inverse inc. :: Leaders behind SOGo (www.sogo.nu
>> > <http://www.sogo.nu>) and PacketFence
>> > (www.packetfence.org <http://www.packetfence.org>)
>> >
>> >
>> ------------------------------------------------------------------------------
>> > Virtualization & Cloud Management Using Capacity Planning
>> > Cloud computing makes use of virtualization - but cloud computing
>> > also focuses on allowing computing to be delivered as a service.
>> > http://www.accelacomm.com/jaw/sfnl/114/51521223/
>> > _______________________________________________
>> > Packetfence-users mailing list
>> > [email protected]
>> > <mailto:[email protected]>
>> > https://lists.sourceforge.net/lists/listinfo/packetfence-users
>> >
>> >
>> >
>> >
>> >
>> ------------------------------------------------------------------------------
>> > Virtualization& Cloud Management Using Capacity Planning
>> > Cloud computing makes use of virtualization - but cloud computing
>> > also focuses on allowing computing to be delivered as a service.
>> > http://www.accelacomm.com/jaw/sfnl/114/51521223/
>> >
>> >
>> >
>> > _______________________________________________
>> > Packetfence-users mailing list
>> > [email protected]
>> > https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>>
>> --
>> Francois Gaudreault, ing. jr
>> [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
>> (www.packetfence.org)
>>
>>
>> ------------------------------------------------------------------------------
>> Virtualization & Cloud Management Using Capacity Planning
>> Cloud computing makes use of virtualization - but cloud computing
>> also focuses on allowing computing to be delivered as a service.
>> http://www.accelacomm.com/jaw/sfnl/114/51521223/
>> _______________________________________________
>> Packetfence-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>
>
>
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
