On 08/09/2012 04:55 AM, Rauch, Matthias wrote: > Hi, > > I have added the following lines in my Cisco configuration an it works now. > Thx > > snmp-server community public ro > snmp-server community private rw > > on which way, was the cisco configuration updated? > Via snmp or via telnet?
For Cisco most operations are SNMP, some are CLI. I think VLAN change on a trunk port (an unusual thing to have packetfence handle) is done through CLI access. > In the switches.conf is an entry "cliTransport=Telnet" Command-line interface (CLI) and SNMP are not the same thing. The code decides what's best. CLI has two options: Telnet and SSH. You've chosen Telnet for when the code decides to use the CLI for a certain operation. We have plans to clarify all this by having a switch report what it uses and what it needs configured. Cheers! > > > > -----Ursprüngliche Nachricht----- > Von: Francois Gaudreault [mailto:[email protected]] > Gesendet: Dienstag, 7. August 2012 14:46 > An: [email protected] > Betreff: Re: [PacketFence-users] Help with my inital Setup > > Hi, > > Start adding the proper SNMP community in your switch config. I don't see > them in your 2960 config you just post. > > On 2012-08-07 4:20 AM, Rauch, Matthias wrote: >> Hello, >> >> please help me with my inital Setup. I've read the Administration >> Guide and follow the steps from the "Configuration by example" but it don't >> work. >> >> When I pluged in a Laptop or PC at my switch on Port Fa0/1, I see the >> log messages (below), but no action. >> >> What is wrong? >> >> Here my settings: >> >> ############# >> >> # Logs >> >> ############# >> >> # Cisco Switch LOG >> >> *Mar 1 20:51:11.991: %LINK-3-UPDOWN: Interface FastEthernet0/1, >> changed state to up >> >> *Mar 1 20:51:12.754: %PORT_SECURITY-2-PSECURE_VIOLATION: Security >> violation occurred, caused by MAC address 001c.233b.376d on port >> FastEthernet0/1. >> >> *Mar 1 20:51:12.997: %LINEPROTO-5-UPDOWN: Line protocol on Interface >> FastEthernet0/1, changed state to up >> >> *Mar 1 20:51:23.726: %PORT_SECURITY-2-PSECURE_VIOLATION: Security >> violation occurred, caused by MAC address 001c.233b.376d on port >> FastEthernet0/1. >> >> # snmptrapd.log >> >> 2012-08-07|08:00:29|UDP: >> [192.168.1.99]:49313->[192.168.1.5]|0.0.0.0|BEGIN TYPE 0 END TYPE >> BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 >> = >> Timeticks: (7507276) 20:51:12.76|.1.3.6.1.6.3.1.1.4.1.0 = OID: >> .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10001 = Gauge32: >> 10001|.1.3.6.1.2.1.31.1.1.1.1.10001 = STRING: >> "FastEthernet0/1"|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10001 = Hex-STRING: >> 00 1C 23 3B 37 6D END VARIABLEBINDINGS >> >> 2012-08-07|08:00:32|UDP: >> [192.168.1.99]:49313->[192.168.1.5]|0.0.0.0|BEGIN TYPE 0 END TYPE >> BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 >> = >> Timeticks: (7507574) 20:51:15.74|.1.3.6.1.6.3.1.1.4.1.0 = OID: >> .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10001 = Gauge32: >> 10001|.1.3.6.1.2.1.31.1.1.1.1.10001 = STRING: >> "FastEthernet0/1"|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10001 = Hex-STRING: >> 00 1C 23 3B 37 6D END VARIABLEBINDINGS >> >> 2012-08-07|08:00:40|UDP: >> [192.168.1.99]:49313->[192.168.1.5]|0.0.0.0|BEGIN TYPE 0 END TYPE >> BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 >> = >> Timeticks: (7508372) 20:51:23.72|.1.3.6.1.6.3.1.1.4.1.0 = OID: >> .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10001 = Gauge32: >> 10001|.1.3.6.1.2.1.31.1.1.1.1.10001 = STRING: >> "FastEthernet0/1"|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10001 = Hex-STRING: >> 00 1C 23 3B 37 6D END VARIABLEBINDINGS >> >> # packetfence.log >> >> Aug 07 10:00:32 pfsetvlan(21) INFO: secureMacAddrViolation trap on >> 192.168.1.99 ifIndex 10001. Port Security is no longer configured on >> the port. Flush the trap (main::signalHandlerTrapListQueued) >> >> Aug 07 10:00:36 pfsetvlan(22) INFO: secureMacAddrViolation trap on >> 192.168.1.99 ifIndex 10001. Port Security is no longer configured on >> the port. Flush the trap (main::signalHandlerTrapListQueued) >> >> Aug 07 10:00:44 pfsetvlan(23) INFO: secureMacAddrViolation trap on >> 192.168.1.99 ifIndex 10001. Port Security is no longer configured on >> the port. Flush the trap (main::signalHandlerTrapListQueued) >> >> ################ >> >> # Hardware Setup >> >> ################ >> >> ########################################################### >> >> # Cisco 2960 - 12.2(50)SE5 # >> >> # ######### ######### ########## ######### ######### # >> >> # # Fa0/1 # # Fa0/2 # ... # Fa0/48 # # Gi0/1 # # Gi0/2 # # >> >> # ######### ######### ########## ######### ######### # >> >> # # >> >> ########################################################### >> >> Fa0/1 - Fa0/48 (Client Ports) >> >> Gi0/1 PacketFence Appliance >> >> ################## >> >> # Software Setup >> >> ################## >> >> ############### >> >> # pf.conf >> >> ############### >> >> [interface eth2.2] >> >> enforcement=vlan >> >> ip=192.168.2.1 >> >> type=internal >> >> mask=255.255.255.0 >> >> [interface eth2.3] >> >> enforcement=vlan >> >> ip=192.168.3.1 >> >> type=internal >> >> mask=255.255.255.0 >> >> [interface eth2] >> >> ip=192.168.1.5 >> >> type=management >> >> mask=255.255.255.0 >> >> enforcement= >> >> [database] >> >> pass=pf >> >> [general] >> >> locale=de_DE >> >> timezone=Europe/Berlin >> >> [alerting] >> >> [guests_self_registration] >> >> modes=email,sms,sponsor >> >> ############ >> >> # switches.conf >> >> ############ >> >> # >> >> # Copyright 2006-2008 Inverse inc. >> >> # >> >> # See the enclosed file COPYING for license information (GPL). >> >> # If you did not receive this file, see >> >> # http://www.fsf.org/licensing/licenses/gpl.html >> >> [default] >> >> SNMPCommunityRead=public >> >> SNMPCommunityWrite=private >> >> SNMPCommunityTrap=public >> >> SNMPVersion=2c >> >> SNMPVersionTrap=2c >> >> vlans=1,2,3,4,5 >> >> normalVlan=1 >> >> registrationVlan=2 >> >> isolationVlan=3 >> >> macDetectionVlan=4 >> >> guestVlan=5 >> >> VoIPEnabled=no >> >> # cliTransport could be: Telnet, SSH or Serial >> >> cliTransport=Telnet >> >> cliUser= >> >> cliPwd=test >> >> cliEnablePwd=test >> >> [192.168.1.99] >> >> type=Cisco::Catalyst_2960 >> >> mode=production >> >> uplink=10101 >> >> ############### >> >> # networks.conf >> >> ############### >> >> [192.168.2.0] >> >> dns=192.168.2.1 >> >> dhcp_start=192.168.2.10 >> >> gateway=192.168.2.1 >> >> named=enabled >> >> dhcp_max_lease_time=30 >> >> dhcpd=enabled >> >> type=vlan-registration >> >> netmask=255.255.255.0 >> >> dhcp_end=192.168.2.246 >> >> dhcp_default_lease_time=30 >> >> domain-name=vlan-registration.packetfence.org >> >> [192.168.3.0] >> >> dns=192.168.3.1 >> >> dhcp_start=192.168.3.10 >> >> gateway=192.168.3.1 >> >> named=enabled >> >> dhcp_max_lease_time=30 >> >> dhcpd=enabled >> >> type=vlan-isolation >> >> netmask=255.255.255.0 >> >> dhcp_end=192.168.3.246 >> >> dhcp_default_lease_time=30 >> >> domain-name=vlan-isolation.packetfence.org >> >> ############## >> >> # sh run (c2960) >> >> ############## >> >> Building configuration... >> >> Current configuration : 5475 bytes >> >> ! >> >> version 12.2 >> >> no service pad >> >> service timestamps debug datetime msec >> >> service timestamps log datetime msec >> >> no service password-encryption >> >> ! >> >> hostname Switch >> >> ! >> >> boot-start-marker >> >> boot-end-marker >> >> ! >> >> enable secret 5 $1$x.0d$7vdK.IxoC9DaDelVEnJfg/ (test) >> >> ! >> >> no aaa new-model >> >> system mtu routing 1500 >> >> vtp mode transparent >> >> ip subnet-zero >> >> ! >> >> ! >> >> spanning-tree mode pvst >> >> spanning-tree extend system-id >> >> ! >> >> vlan internal allocation policy ascending >> >> ! >> >> vlan 2 >> >> name Registration >> >> ! >> >> vlan 3 >> >> name Isolation >> >> ! >> >> vlan 4 >> >> name MAC_Detection >> >> ! >> >> vlan 5 >> >> name Guest >> >> ! >> >> interface FastEthernet0/1 >> >> switchport access vlan 4 >> >> switchport mode access >> >> switchport port-security maximum 1 vlan access >> >> switchport port-security >> >> switchport port-security violation restrict >> >> switchport port-security mac-address 0200.0001.0001 >> >> spanning-tree portfast >> >> ! >> >> interface FastEthernet0/2 >> >> switchport access vlan 4 >> >> switchport mode access >> >> switchport port-security maximum 1 vlan access >> >> switchport port-security >> >> switchport port-security violation restrict >> >> switchport port-security mac-address 0200.0001.0002 >> >> spanning-tree portfast >> >> . >> >> . >> >> . >> >> interface GigabitEthernet0/1 >> >> switchport mode trunk >> >> spanning-tree portfast >> >> ! >> >> interface GigabitEthernet0/2 >> >> ! >> >> interface Vlan1 >> >> ip address 192.168.1.99 255.255.255.0 >> >> no ip route-cache >> >> ! >> >> ip http server >> >> ip http secure-server >> >> snmp-server enable traps port-security >> >> snmp-server enable traps port-security trap-rate 1 >> >> snmp-server host 192.168.1.5 version 2c public port-security >> >> ! >> >> control-plane >> >> ! >> >> ! >> >> line con 0 >> >> logging synchronous >> >> line vty 0 4 >> >> password test >> >> login >> >> line vty 5 >> >> password test >> >> login >> >> line vty 6 15 >> >> login >> >> ! >> >> end >> >> END >> >> Best Regards >> >> - Mit freundlichen Grüßen >> >> °v° >> >> /(_)\ Matthias Rauch >> >> ^ ^ MIT- Rechenzentrum >> >> Sozialstiftung Bamberg >> >> Buger Straße 80 >> >> 96049 Bamberg >> >> e-Mail: [email protected] >> >> Internet: www.sozialstiftung-bamberg.de >> >> --------------------------- >> Sozialstiftung Bamberg >> Buger Straße 80, 96049 Bamberg >> ---------------------------------------------------------------------- >> ------------------------------------------------- >> >> Vorsitzender des Stiftungsrates: Oberbürgermeister Andreas Starke | >> Vorstand: Xaver Frauenknecht >> ---------------------------------------------------------------------- >> ------------------------------------------------- >> >> >> >> ---------------------------------------------------------------------- >> -------- >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. >> Discussions will include endpoint security, mobile security and the >> latest in malware threats. >> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> >> >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> > > > -- > Francois Gaudreault, ing. jr > [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse > inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and threat > landscape has changed and how IT managers can respond. Discussions will > include endpoint security, mobile security and the latest in malware threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > --------------------------- > Sozialstiftung Bamberg > Buger Straße 80, 96049 Bamberg > ----------------------------------------------------------------------------------------------------------------------- > Vorsitzender des Stiftungsrates: Oberbürgermeister Andreas Starke | Vorstand: > Xaver Frauenknecht > ----------------------------------------------------------------------------------------------------------------------- > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
