[PacketFence-users] trouble expanding CustomVLANs beyond 5

[Steve Wittstruck]

Hi PF Community:

I'm having trouble expanding the # of CustomVlans beyond 5.  Below are my 
relevant custom.pm and switches.conf lines, and the packetfence.log entries for 
the failed CustomVLAN6.  If I  grep around in other pf/conf files I see more 
hits on "CustomVLAN"'s 1 thru 5 in ui.conf* and violations.conf.  Is expanding 
the number of CustomVLAN's beyond 5 more complicated than I hoped?  The failed 
CustomVLAN6 lookup ends up putting the switch port into the MacDetection VLAN 
(I have it defined even though I'm using Port-Security, not Linkup/LinkDown.)  
I'm running version 3.2.

#    # return customVlan to nodes defined with a category
    if (defined($node_info->{'category'}) && lc($node_info->{'category'}) eq 
"admin1") {
        return $switch->getVlanByName('customVlan4');
    } elsif (defined($node_info->{'category'}) && lc($node_info->{'category'}) 
eq "admin2") {
        return $switch->getVlanByName('customVlan5');
    } elsif (defined($node_info->{'category'}) && lc($node_info->{'category'}) 
eq "admin3") {
        return $switch->getVlanByName('customVlan6');
    }
#

#guestVlan = 5
customVlan1 =
customVlan2 =
customVlan3 =
customVlan4 = 100
customVlan5 = 200
customVlan6 = 300

May 04 17:13:03 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads 
running: 0 (main::startTrapHandlers)
May 04 17:13:03 pfsetvlan(1) INFO: secureMacAddrViolation trap received on 
138.67.244.19 ifIndex 10146 for 00:24:81:56:15:ea (main::handleTrap)
May 04 17:13:03 pfsetvlan(1) INFO: Will try to check on this node's previous 
switch if secured entry needs to be removed. Old Switch IP: 138.67.244.19 
(main::do_port_security)
May 04 17:13:03 pfsetvlan(1) INFO: MAC not found on node's previous switch 
secure table or switch inaccessible. (main::do_port_security)
May 04 17:13:04 pfsetvlan(1) WARN: VLAN customVlan6 is not a valid VLAN 
identifier (see switches.conf) (pf::SNMP::getVlanByName)
May 04 17:13:04 pfsetvlan(1) WARN: Resolved VLAN for node is not properly 
defined: Replacing with macDetectionVlan (pf::vlan::fetchVlanForNode)
May 04 17:13:04 pfsetvlan(1) INFO: MAC: 00:24:81:56:15:ea, PID: swittstr, 
Status: reg. Returned VLAN: 54 (pf::vlan::fetchVlanForNode)
May 04 17:13:04 pfsetvlan(1) INFO: authorizing 00:24:81:56:15:ea (old entry 
00:01:00:00:00:46) at new location 138.67.244.19 ifIndex 10146 
(main::handleTrap)
May 04 17:13:04 pfsetvlan(2) INFO: nb of items in queue: 1; nb of threads 
running: 1 (main::startTrapHandlers)
May 04 17:13:04 pfsetvlan(1) INFO: finished (main::cleanupAfterThread)
May 04 17:13:04 pfsetvlan(3) INFO: nb of items in queue: 1; nb of threads 
running: 0 (main::startTrapHandlers)
May 04 17:13:04 pfsetvlan(4) INFO: nb of items in queue: 1; nb of threads 
running: 1 (main::startTrapHandlers)
May 04 17:13:04 pfsetvlan(3) INFO: secureMacAddrViolation trap received on 
138.67.244.19 ifIndex 10146 for 00:24:81:56:15:ea (main::handleTrap)
May 04 17:13:04 pfsetvlan(3) INFO: Will try to check on this node's previous 
switch if secured entry needs to be removed. Old Switch IP: 138.67.244.19 
(main::do_port_security)
May 04 17:13:05 pfsetvlan(3) INFO: MAC 00:24:81:56:15:ea is already authorized 
on 138.67.244.19 ifIndex 10146. Stopping secureMacAddrViolation trap handling 
here (main::handleTrap)
May 04 17:13:05 pfsetvlan(3) INFO: finished (main::cleanupAfterThread)
May 04 17:13:05 pfsetvlan(5) INFO: nb of items in queue: 1; nb of threads 
running: 0 (main::startTrapHandlers)
May 04 17:13:05 pfsetvlan(5) INFO: secureMacAddrViolation trap received on 
138.67.244.19 ifIndex 10146 for 00:24:81:56:15:ea (main::handleTrap)
May 04 17:13:05 pfsetvlan(5) INFO: Will try to check on this node's previous 
switch if secured entry needs to be removed. Old Switch IP: 138.67.244.19 
(main::do_port_security)
May 04 17:13:05 pfsetvlan(5) INFO: MAC 00:24:81:56:15:ea is already authorized 
on 138.67.244.19 ifIndex 10146. Stopping secureMacAddrViolation trap handling 
here (main::handleTrap)
May 04 17:13:05 pfsetvlan(5) INFO: finished (main::cleanupAfterThread)
May 04 17:13:07 pfsetvlan(7) INFO: nb of items in queue: 1; nb of threads 
running: 0 (main::startTrapHandlers)
May 04 17:13:07 pfsetvlan(7) INFO: secureMacAddrViolation trap received on 
138.67.244.19 ifIndex 10146 for 00:24:81:56:15:ea (main::handleTrap)
May 04 17:13:07 pfsetvlan(7) INFO: Will try to check on this node's previous 
switch if secured entry needs to be removed. Old Switch IP: 138.67.244.19 
(main::do_port_security)
May 04 17:13:07 pfsetvlan(7) INFO: MAC 00:24:81:56:15:ea is already authorized 
on 138.67.244.19 ifIndex 10146. Stopping secureMacAddrViolation trap handling 
here (main::handleTrap)
May 04 17:13:08 pfsetvlan(7) INFO: finished (main::cleanupAfterThread)

Thank you!
Steve, CSM

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users