Hi, Start adding the proper SNMP community in your switch config. I don't see them in your 2960 config you just post.
On 2012-08-07 4:20 AM, Rauch, Matthias wrote: > Hello, > > please help me with my inital Setup. I've read the Administration Guide > and follow the steps from the "Configuration by example" but it don't work. > > When I pluged in a Laptop or PC at my switch on Port Fa0/1, I see the > log messages (below), but no action. > > What is wrong? > > Here my settings: > > ############# > > # Logs > > ############# > > # Cisco Switch LOG > > *Mar 1 20:51:11.991: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed > state to up > > *Mar 1 20:51:12.754: %PORT_SECURITY-2-PSECURE_VIOLATION: Security > violation occurred, caused by MAC address 001c.233b.376d on port > FastEthernet0/1. > > *Mar 1 20:51:12.997: %LINEPROTO-5-UPDOWN: Line protocol on Interface > FastEthernet0/1, changed state to up > > *Mar 1 20:51:23.726: %PORT_SECURITY-2-PSECURE_VIOLATION: Security > violation occurred, caused by MAC address 001c.233b.376d on port > FastEthernet0/1. > > # snmptrapd.log > > 2012-08-07|08:00:29|UDP: > [192.168.1.99]:49313->[192.168.1.5]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN > SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = > Timeticks: (7507276) 20:51:12.76|.1.3.6.1.6.3.1.1.4.1.0 = OID: > .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10001 = Gauge32: > 10001|.1.3.6.1.2.1.31.1.1.1.1.10001 = STRING: > "FastEthernet0/1"|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10001 = Hex-STRING: 00 > 1C 23 3B 37 6D END VARIABLEBINDINGS > > 2012-08-07|08:00:32|UDP: > [192.168.1.99]:49313->[192.168.1.5]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN > SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = > Timeticks: (7507574) 20:51:15.74|.1.3.6.1.6.3.1.1.4.1.0 = OID: > .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10001 = Gauge32: > 10001|.1.3.6.1.2.1.31.1.1.1.1.10001 = STRING: > "FastEthernet0/1"|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10001 = Hex-STRING: 00 > 1C 23 3B 37 6D END VARIABLEBINDINGS > > 2012-08-07|08:00:40|UDP: > [192.168.1.99]:49313->[192.168.1.5]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN > SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = > Timeticks: (7508372) 20:51:23.72|.1.3.6.1.6.3.1.1.4.1.0 = OID: > .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10001 = Gauge32: > 10001|.1.3.6.1.2.1.31.1.1.1.1.10001 = STRING: > "FastEthernet0/1"|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10001 = Hex-STRING: 00 > 1C 23 3B 37 6D END VARIABLEBINDINGS > > # packetfence.log > > Aug 07 10:00:32 pfsetvlan(21) INFO: secureMacAddrViolation trap on > 192.168.1.99 ifIndex 10001. Port Security is no longer configured on the > port. Flush the trap (main::signalHandlerTrapListQueued) > > Aug 07 10:00:36 pfsetvlan(22) INFO: secureMacAddrViolation trap on > 192.168.1.99 ifIndex 10001. Port Security is no longer configured on the > port. Flush the trap (main::signalHandlerTrapListQueued) > > Aug 07 10:00:44 pfsetvlan(23) INFO: secureMacAddrViolation trap on > 192.168.1.99 ifIndex 10001. Port Security is no longer configured on the > port. Flush the trap (main::signalHandlerTrapListQueued) > > ################ > > # Hardware Setup > > ################ > > ########################################################### > > # Cisco 2960 - 12.2(50)SE5 # > > # ######### ######### ########## ######### ######### # > > # # Fa0/1 # # Fa0/2 # ... # Fa0/48 # # Gi0/1 # # Gi0/2 # # > > # ######### ######### ########## ######### ######### # > > # # > > ########################################################### > > Fa0/1 - Fa0/48 (Client Ports) > > Gi0/1 PacketFence Appliance > > ################## > > # Software Setup > > ################## > > ############### > > # pf.conf > > ############### > > [interface eth2.2] > > enforcement=vlan > > ip=192.168.2.1 > > type=internal > > mask=255.255.255.0 > > [interface eth2.3] > > enforcement=vlan > > ip=192.168.3.1 > > type=internal > > mask=255.255.255.0 > > [interface eth2] > > ip=192.168.1.5 > > type=management > > mask=255.255.255.0 > > enforcement= > > [database] > > pass=pf > > [general] > > locale=de_DE > > timezone=Europe/Berlin > > [alerting] > > [guests_self_registration] > > modes=email,sms,sponsor > > ############ > > # switches.conf > > ############ > > # > > # Copyright 2006-2008 Inverse inc. > > # > > # See the enclosed file COPYING for license information (GPL). > > # If you did not receive this file, see > > # http://www.fsf.org/licensing/licenses/gpl.html > > [default] > > SNMPCommunityRead=public > > SNMPCommunityWrite=private > > SNMPCommunityTrap=public > > SNMPVersion=2c > > SNMPVersionTrap=2c > > vlans=1,2,3,4,5 > > normalVlan=1 > > registrationVlan=2 > > isolationVlan=3 > > macDetectionVlan=4 > > guestVlan=5 > > VoIPEnabled=no > > # cliTransport could be: Telnet, SSH or Serial > > cliTransport=Telnet > > cliUser= > > cliPwd=test > > cliEnablePwd=test > > [192.168.1.99] > > type=Cisco::Catalyst_2960 > > mode=production > > uplink=10101 > > ############### > > # networks.conf > > ############### > > [192.168.2.0] > > dns=192.168.2.1 > > dhcp_start=192.168.2.10 > > gateway=192.168.2.1 > > named=enabled > > dhcp_max_lease_time=30 > > dhcpd=enabled > > type=vlan-registration > > netmask=255.255.255.0 > > dhcp_end=192.168.2.246 > > dhcp_default_lease_time=30 > > domain-name=vlan-registration.packetfence.org > > [192.168.3.0] > > dns=192.168.3.1 > > dhcp_start=192.168.3.10 > > gateway=192.168.3.1 > > named=enabled > > dhcp_max_lease_time=30 > > dhcpd=enabled > > type=vlan-isolation > > netmask=255.255.255.0 > > dhcp_end=192.168.3.246 > > dhcp_default_lease_time=30 > > domain-name=vlan-isolation.packetfence.org > > ############## > > # sh run (c2960) > > ############## > > Building configuration... > > Current configuration : 5475 bytes > > ! > > version 12.2 > > no service pad > > service timestamps debug datetime msec > > service timestamps log datetime msec > > no service password-encryption > > ! > > hostname Switch > > ! > > boot-start-marker > > boot-end-marker > > ! > > enable secret 5 $1$x.0d$7vdK.IxoC9DaDelVEnJfg/ (test) > > ! > > no aaa new-model > > system mtu routing 1500 > > vtp mode transparent > > ip subnet-zero > > ! > > ! > > spanning-tree mode pvst > > spanning-tree extend system-id > > ! > > vlan internal allocation policy ascending > > ! > > vlan 2 > > name Registration > > ! > > vlan 3 > > name Isolation > > ! > > vlan 4 > > name MAC_Detection > > ! > > vlan 5 > > name Guest > > ! > > interface FastEthernet0/1 > > switchport access vlan 4 > > switchport mode access > > switchport port-security maximum 1 vlan access > > switchport port-security > > switchport port-security violation restrict > > switchport port-security mac-address 0200.0001.0001 > > spanning-tree portfast > > ! > > interface FastEthernet0/2 > > switchport access vlan 4 > > switchport mode access > > switchport port-security maximum 1 vlan access > > switchport port-security > > switchport port-security violation restrict > > switchport port-security mac-address 0200.0001.0002 > > spanning-tree portfast > > . > > . > > . > > interface GigabitEthernet0/1 > > switchport mode trunk > > spanning-tree portfast > > ! > > interface GigabitEthernet0/2 > > ! > > interface Vlan1 > > ip address 192.168.1.99 255.255.255.0 > > no ip route-cache > > ! > > ip http server > > ip http secure-server > > snmp-server enable traps port-security > > snmp-server enable traps port-security trap-rate 1 > > snmp-server host 192.168.1.5 version 2c public port-security > > ! > > control-plane > > ! > > ! > > line con 0 > > logging synchronous > > line vty 0 4 > > password test > > login > > line vty 5 > > password test > > login > > line vty 6 15 > > login > > ! > > end > > END > > Best Regards > > - Mit freundlichen Grüßen > > °v° > > /(_)\ Matthias Rauch > > ^ ^ MIT- Rechenzentrum > > Sozialstiftung Bamberg > > Buger Straße 80 > > 96049 Bamberg > > e-Mail: [email protected] > > Internet: www.sozialstiftung-bamberg.de > > --------------------------- > Sozialstiftung Bamberg > Buger Straße 80, 96049 Bamberg > ----------------------------------------------------------------------------------------------------------------------- > > Vorsitzender des Stiftungsrates: Oberbürgermeister Andreas Starke | > Vorstand: Xaver Frauenknecht > ----------------------------------------------------------------------------------------------------------------------- > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
