Hello,
please help me with my inital Setup. I've read the Administration Guide and
follow the steps from the "Configuration by example" but it don't work.
When I pluged in a Laptop or PC at my switch on Port Fa0/1, I see the log
messages (below), but no action.
What is wrong?
Here my settings:
#############
# Logs
#############
# Cisco Switch LOG
*Mar 1 20:51:11.991: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state
to up
*Mar 1 20:51:12.754: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation
occurred, caused by MAC address 001c.233b.376d on port FastEthernet0/1.
*Mar 1 20:51:12.997: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/1, changed state to up
*Mar 1 20:51:23.726: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation
occurred, caused by MAC address 001c.233b.376d on port FastEthernet0/1.
# snmptrapd.log
2012-08-07|08:00:29|UDP: [192.168.1.99]:49313->[192.168.1.5]|0.0.0.0|BEGIN TYPE
0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS
.1.3.6.1.2.1.1.3.0 = Timeticks: (7507276) 20:51:12.76|.1.3.6.1.6.3.1.1.4.1.0 =
OID: .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10001 = Gauge32:
10001|.1.3.6.1.2.1.31.1.1.1.1.10001 = STRING:
"FastEthernet0/1"|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10001 = Hex-STRING: 00 1C 23
3B 37 6D END VARIABLEBINDINGS
2012-08-07|08:00:32|UDP: [192.168.1.99]:49313->[192.168.1.5]|0.0.0.0|BEGIN TYPE
0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS
.1.3.6.1.2.1.1.3.0 = Timeticks: (7507574) 20:51:15.74|.1.3.6.1.6.3.1.1.4.1.0 =
OID: .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10001 = Gauge32:
10001|.1.3.6.1.2.1.31.1.1.1.1.10001 = STRING:
"FastEthernet0/1"|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10001 = Hex-STRING: 00 1C 23
3B 37 6D END VARIABLEBINDINGS
2012-08-07|08:00:40|UDP: [192.168.1.99]:49313->[192.168.1.5]|0.0.0.0|BEGIN TYPE
0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS
.1.3.6.1.2.1.1.3.0 = Timeticks: (7508372) 20:51:23.72|.1.3.6.1.6.3.1.1.4.1.0 =
OID: .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10001 = Gauge32:
10001|.1.3.6.1.2.1.31.1.1.1.1.10001 = STRING:
"FastEthernet0/1"|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10001 = Hex-STRING: 00 1C 23
3B 37 6D END VARIABLEBINDINGS
# packetfence.log
Aug 07 10:00:32 pfsetvlan(21) INFO: secureMacAddrViolation trap on 192.168.1.99
ifIndex 10001. Port Security is no longer configured on the port. Flush the
trap (main::signalHandlerTrapListQueued)
Aug 07 10:00:36 pfsetvlan(22) INFO: secureMacAddrViolation trap on 192.168.1.99
ifIndex 10001. Port Security is no longer configured on the port. Flush the
trap (main::signalHandlerTrapListQueued)
Aug 07 10:00:44 pfsetvlan(23) INFO: secureMacAddrViolation trap on 192.168.1.99
ifIndex 10001. Port Security is no longer configured on the port. Flush the
trap (main::signalHandlerTrapListQueued)
################
# Hardware Setup
################
###########################################################
# Cisco 2960 - 12.2(50)SE5 #
# ######### ######### ########## ######### ######### #
# # Fa0/1 # # Fa0/2 # ... # Fa0/48 # # Gi0/1 # # Gi0/2 # #
# ######### ######### ########## ######### ######### #
# #
###########################################################
Fa0/1 - Fa0/48 (Client Ports)
Gi0/1 PacketFence Appliance
##################
# Software Setup
##################
###############
# pf.conf
###############
[interface eth2.2]
enforcement=vlan
ip=192.168.2.1
type=internal
mask=255.255.255.0
[interface eth2.3]
enforcement=vlan
ip=192.168.3.1
type=internal
mask=255.255.255.0
[interface eth2]
ip=192.168.1.5
type=management
mask=255.255.255.0
enforcement=
[database]
pass=pf
[general]
locale=de_DE
timezone=Europe/Berlin
[alerting]
[guests_self_registration]
modes=email,sms,sponsor
############
# switches.conf
############
#
# Copyright 2006-2008 Inverse inc.
#
# See the enclosed file COPYING for license information (GPL).
# If you did not receive this file, see
# http://www.fsf.org/licensing/licenses/gpl.html
[default]
SNMPCommunityRead=public
SNMPCommunityWrite=private
SNMPCommunityTrap=public
SNMPVersion=2c
SNMPVersionTrap=2c
vlans=1,2,3,4,5
normalVlan=1
registrationVlan=2
isolationVlan=3
macDetectionVlan=4
guestVlan=5
VoIPEnabled=no
# cliTransport could be: Telnet, SSH or Serial
cliTransport=Telnet
cliUser=
cliPwd=test
cliEnablePwd=test
[192.168.1.99]
type=Cisco::Catalyst_2960
mode=production
uplink=10101
###############
# networks.conf
###############
[192.168.2.0]
dns=192.168.2.1
dhcp_start=192.168.2.10
gateway=192.168.2.1
named=enabled
dhcp_max_lease_time=30
dhcpd=enabled
type=vlan-registration
netmask=255.255.255.0
dhcp_end=192.168.2.246
dhcp_default_lease_time=30
domain-name=vlan-registration.packetfence.org
[192.168.3.0]
dns=192.168.3.1
dhcp_start=192.168.3.10
gateway=192.168.3.1
named=enabled
dhcp_max_lease_time=30
dhcpd=enabled
type=vlan-isolation
netmask=255.255.255.0
dhcp_end=192.168.3.246
dhcp_default_lease_time=30
domain-name=vlan-isolation.packetfence.org
##############
# sh run (c2960)
##############
Building configuration...
Current configuration : 5475 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$x.0d$7vdK.IxoC9DaDelVEnJfg/ (test)
!
no aaa new-model
system mtu routing 1500
vtp mode transparent
ip subnet-zero
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
name Registration
!
vlan 3
name Isolation
!
vlan 4
name MAC_Detection
!
vlan 5
name Guest
!
interface FastEthernet0/1
switchport access vlan 4
switchport mode access
switchport port-security maximum 1 vlan access
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address 0200.0001.0001
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 4
switchport mode access
switchport port-security maximum 1 vlan access
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address 0200.0001.0002
spanning-tree portfast
.
.
.
interface GigabitEthernet0/1
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.99 255.255.255.0
no ip route-cache
!
ip http server
ip http secure-server
snmp-server enable traps port-security
snmp-server enable traps port-security trap-rate 1
snmp-server host 192.168.1.5 version 2c public port-security
!
control-plane
!
!
line con 0
logging synchronous
line vty 0 4
password test
login
line vty 5
password test
login
line vty 6 15
login
!
end
END
Best Regards
- Mit freundlichen Grüßen
°v°
/(_)\ Matthias Rauch
^ ^ MIT- Rechenzentrum
Sozialstiftung Bamberg
Buger Straße 80
96049 Bamberg
e-Mail: [email protected]
Internet: www.sozialstiftung-bamberg.de
---------------------------
Sozialstiftung Bamberg
Buger Straße 80, 96049 Bamberg
-----------------------------------------------------------------------------------------------------------------------
Vorsitzender des Stiftungsrates: Oberbürgermeister Andreas Starke | Vorstand:
Xaver Frauenknecht
-----------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
