Hi Andy, > Thanks Francois for your quick reply! Continue testing I have > experienced a problem. I can swap out device behind the phone with no > problems. The vlan & mac address update on the switch properly. I am > having problem when swap out the ip phone. The switch is confused and > not update the configuration of the port. Below is the log capture of > Packetfence. Any ideas? It looks like the phone appears on the data AND the voice vlan. There is also some consistency issu with the port-security table. Not having a hand on a 3750 complicates the troubleshooting here.
Let me ask you something, any reason not to use MAB and multi-domain authentication instead? That way CDP would do a better job to handle the phone, and everything would be RADIUS. > Jul 11 09:16:38 pfsetvlan(18) INFO: nb of items in queue: 1; nb of > threads running: 0 (main::startTrapHandlers) > Jul 11 09:16:38 pfsetvlan(18) INFO: secureMacAddrViolation trap received > on 10.1.52.2 ifIndex 10109 for 00:0f:23:83:92:a5 (main::handleTrap) > Jul 11 09:16:38 pfsetvlan(18) WARN: database query failed with: MySQL > server has gone away. (errno: 2006), will try again > (pf::db::db_query_execute) > Jul 11 09:16:38 pfsetvlan(18) WARN: database query failed with: MySQL > server has gone away. (errno: 2006), will try again > (pf::db::db_query_execute) > Jul 11 09:16:38 pfsetvlan(18) WARN: database query failed with: MySQL > server has gone away. (errno: 2006), will try again > (pf::db::db_query_execute) > Jul 11 09:16:38 pfsetvlan(18) WARN: database query failed with: MySQL > server has gone away. (errno: 2006), will try again > (pf::db::db_query_execute) > Jul 11 09:16:38 pfsetvlan(18) INFO: autoregister a node that is already > registered, do nothing. (pf::node::node_register) > Jul 11 09:16:39 pfsetvlan(18) INFO: de-authorizing VoIP > 00:0f:23:56:80:b6 at old location 10.1.52.2 ifIndex 10109 VLAN 112 > (main::handleTrap) > Jul 11 09:16:39 pfsetvlan(18) INFO: authorizing VoIP 00:0f:23:83:92:a5 > at new location 10.1.52.2 ifIndex 10109 VLAN 112 (main::handleTrap) > Jul 11 09:16:39 pfsetvlan(18) WARN: SNMP error tyring to remove or add > secure rows to ifIndex 10109 in port-security table. This could be > normal. Error message: Received commitFailed(14) error-status at > error-index 1 (pf::SNMP::Cisco::Catalyst_2960::authorizeMAC) > Jul 11 09:16:39 pfsetvlan(18) INFO: finished (main::cleanupAfterThread) > Jul 11 09:16:40 pfsetvlan(20) INFO: nb of items in queue: 1; nb of > threads running: 0 (main::startTrapHandlers) > Jul 11 09:16:40 pfsetvlan(20) INFO: secureMacAddrViolation trap received > on 10.1.52.2 ifIndex 10109 for 00:0f:23:83:92:a5 (main::handleTrap) > Jul 11 09:16:40 pfsetvlan(20) WARN: database query failed with: MySQL > server has gone away. (errno: 2006), will try again > (pf::db::db_query_execute) > Jul 11 09:16:40 pfsetvlan(20) WARN: database query failed with: MySQL > server has gone away. (errno: 2006), will try again > (pf::db::db_query_execute) > Jul 11 09:16:40 pfsetvlan(20) INFO: Will try to check on this node's > previous switch if secured entry needs to be removed. Old Switch IP: > 10.1.52.2 (main::do_port_security) > Jul 11 09:16:40 pfsetvlan(20) INFO: MAC not found on node's previous > switch secure table or switch inaccessible. (main::do_port_security) > Jul 11 09:16:41 pfsetvlan(20) WARN: database query failed with: MySQL > server has gone away. (errno: 2006), will try again > (pf::db::db_query_execute) > Jul 11 09:16:41 pfsetvlan(20) WARN: database query failed with: MySQL > server has gone away. (errno: 2006), will try again > (pf::db::db_query_execute) > Jul 11 09:16:41 pfsetvlan(20) INFO: autoregister a node that is already > registered, do nothing. (pf::node::node_register) > Jul 11 09:16:41 pfsetvlan(20) INFO: authorizing VoIP 00:0f:23:83:92:a5 > at new location 10.1.52.2 ifIndex 10109 VLAN 112 (main::handleTrap) > Jul 11 09:16:41 pfsetvlan(20) WARN: SNMP error tyring to remove or add > secure rows to ifIndex 10109 in port-security table. This could be > normal. Error message: Received commitFailed(14) error-status at > error-index 1 (pf::SNMP::Cisco::Catalyst_2960::authorizeMAC) > Jul 11 09:16:41 pfsetvlan(20) INFO: finished (main::cleanupAfterThread) > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
