Francois, You're Welcome. And I apologize for not being as clear as I should have been. I should have said VLAN switching does occur without problem, if the switch interface port-secured MAC is generic. The following are the snmptraps for each of the 3 scenarios only this time using a generic port-secured MAC:
Scenario 1 Starting with generic port-secured MAC 0002.0001.0046 VLAN change from Registration to CustomVLAN5: 2012-03-15|21:59:55|UDP: [138.67.244.19]:58083->[138.67.244.17]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1611178) 4:28:31.78|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10146 = Wrong Type (should be INTEGER): Gauge32: 10146|.1.3.6.1.2.1.31.1.1.1.1.10146 = STRING: GigabitEthernet1/0/46|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10146 = Hex-STRING: 00 24 81 56 15 EA END VARIABLEBINDINGS 2012-03-15|21:59:57|UDP: [138.67.244.19]:58083->[138.67.244.17]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1611334) 4:28:33.34|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10146 = Wrong Type (should be INTEGER): Gauge32: 10146|.1.3.6.1.2.1.31.1.1.1.1.10146 = STRING: GigabitEthernet1/0/46|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10146 = Hex-STRING: 00 24 81 56 15 EA END VARIABLEBINDINGS 2012-03-15|21:59:58|UDP: [138.67.244.19]:58083->[138.67.244.17]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1611441) 4:28:34.41|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10146 = Wrong Type (should be INTEGER): Gauge32: 10146|.1.3.6.1.2.1.31.1.1.1.1.10146 = STRING: GigabitEthernet1/0/46|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10146 = Hex-STRING: 00 24 81 56 15 EA END VARIABLEBINDINGS 2012-03-15|21:59:59|UDP: [138.67.244.19]:58083->[138.67.244.17]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1611584) 4:28:35.84|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10146 = Wrong Type (should be INTEGER): Gauge32: 10146|.1.3.6.1.2.1.31.1.1.1.1.10146 = STRING: GigabitEthernet1/0/46|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10146 = Hex-STRING: 00 24 81 56 15 EA END VARIABLEBINDINGS ======================================= Scenario 2 Starting with generic port-secured MAC 0002.0001.0046 VLAN change from CustomVLAN5 to Normal: 2012-03-15|22:10:02|UDP: [138.67.244.19]:58083->[138.67.244.17]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1671917) 4:38:39.17|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10146 = Wrong Type (should be INTEGER): Gauge32: 10146|.1.3.6.1.2.1.31.1.1.1.1.10146 = STRING: GigabitEthernet1/0/46|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10146 = Hex-STRING: 00 24 81 56 15 EA END VARIABLEBINDINGS 2012-03-15|22:10:04|UDP: [138.67.244.19]:58083->[138.67.244.17]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1672069) 4:38:40.69|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10146 = Wrong Type (should be INTEGER): Gauge32: 10146|.1.3.6.1.2.1.31.1.1.1.1.10146 = STRING: GigabitEthernet1/0/46|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10146 = Hex-STRING: 00 24 81 56 15 EA END VARIABLEBINDINGS 2012-03-15|22:10:06|UDP: [138.67.244.19]:58083->[138.67.244.17]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1672222) 4:38:42.22|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10146 = Wrong Type (should be INTEGER): Gauge32: 10146|.1.3.6.1.2.1.31.1.1.1.1.10146 = STRING: GigabitEthernet1/0/46|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10146 = Hex-STRING: 00 24 81 56 15 EA END VARIABLEBINDINGS 2012-03-15|22:10:07|UDP: [138.67.244.19]:58083->[138.67.244.17]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1672325) 4:38:43.25|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10146 = Wrong Type (should be INTEGER): Gauge32: 10146|.1.3.6.1.2.1.31.1.1.1.1.10146 = STRING: GigabitEthernet1/0/46|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10146 = Hex-STRING: 00 24 81 56 15 EA END VARIABLEBINDINGS ======================================= Scenario 3 Starting with generic port-secured MAC 0002.0001.0046 VLAN change from Normal to CustomVLAN: 2012-03-15|22:12:15|UDP: [127.0.0.1]:47565->[127.0.0.1]|138.67.244.19|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.29464.1.1|.1.3.6.1.2.1.2.2.1.1.10146 = INTEGER: 10146|.1.3.6.1.2.1.2.2.1.1.10146 = INTEGER: 80 END VARIABLEBINDINGS 2012-03-15|22:15:00|UDP: [138.67.244.19]:58083->[138.67.244.17]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1701632) 4:43:36.32|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10146 = Wrong Type (should be INTEGER): Gauge32: 10146|.1.3.6.1.2.1.31.1.1.1.1.10146 = STRING: GigabitEthernet1/0/46|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10146 = Hex-STRING: 00 24 81 56 15 EA END VARIABLEBINDINGS 2012-03-15|22:15:01|UDP: [138.67.244.19]:58083->[138.67.244.17]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1701806) 4:43:38.06|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10146 = Wrong Type (should be INTEGER): Gauge32: 10146|.1.3.6.1.2.1.31.1.1.1.1.10146 = STRING: GigabitEthernet1/0/46|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10146 = Hex-STRING: 00 24 81 56 15 EA END VARIABLEBINDINGS 2012-03-15|22:15:03|UDP: [138.67.244.19]:58083->[138.67.244.17]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1701981) 4:43:39.81|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10146 = Wrong Type (should be INTEGER): Gauge32: 10146|.1.3.6.1.2.1.31.1.1.1.1.10146 = STRING: GigabitEthernet1/0/46|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10146 = Hex-STRING: 00 24 81 56 15 EA END VARIABLEBINDINGS 2012-03-15|22:15:05|UDP: [138.67.244.19]:58083->[138.67.244.17]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1702140) 4:43:41.40|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10146 = Wrong Type (should be INTEGER): Gauge32: 10146|.1.3.6.1.2.1.31.1.1.1.1.10146 = STRING: GigabitEthernet1/0/46|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10146 = Hex-STRING: 00 24 81 56 15 EA END VARIABLEBINDINGS I didn't unregister the node in any of these scenarios but I believe you looking for proof of successful snmp communications, i.e. traps and sets. Please let me know if I misunderstood. Thank you! Steve ________________________________________ From: Francois Gaudreault [[email protected]] Sent: Thursday, March 15, 2012 2:05 PM To: [email protected] Subject: Re: [Packetfence-users] PF 3.2 Custom VLAN Category behavior Hi Steve, Thank you for providing the "evidences" :) Nowhere in your logs, I see a security trap received from the switch. That means, we do not have a locationlog for your device. VLAN re-assignments will likely fail (scenario 2 and 3). Let's start from 0. Things to do: - disconnect your device - unregister your device, put the device in the "no category" in PF UI - reset the switchport to default configuration interface GigabitEthernet1/0/46 switchport access vlan 425 switchport mode access switchport port-security maximum 1 vlan access switchport port-security switchport port-security violation restrict switchport port-security mac-address 0020.0001.0046 end - reconnect your device, see if you get a security trap ** If you don't, this is a problem - Open a browser, You should be able to see the portal - From the UI, change the status from unreg to reg, and category to net-admin - Check the logs to see the VLAN re-evaluation Let me know the results. Thanks! -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
