Thanks for info. By following your suggestion I have setup 802.1X.

Now I am testing violations checks. For some reason although I see that user 
used more than allowed bandwidth, he is not cutted off (violation did not 
trigger). I wanted to setup custom violation which cut's off after used has 
used more than 10MB per hour. Here is my definition:

[root@pf-zen-esx logs]# cat ../conf/violations.conf
[1100012]
desc=Bandwidth Limit (10MB/hour)
enabled=Y
actions=email,log,trap
window=dynamic
vclose=
url=/remediation.php?template=bandwidth_limit
trigger=Accounting::TOT10MBh
grace=1m

I do see something strange in packetfence.log:

Sep 04 12:16:59 pfmon(1) INFO: getting violations triggers for accounting 
cleanup (pf::accounting::acct_maintenance)
Sep 04 12:16:59 pfmon(1) INFO: Calling node acct maintenance total with 
monthly and 1 for 21474836480 (pf::accounting::acct_maintenance)
Sep 04 12:16:59 pfmon(1) INFO: Calling node acct maintenance total with  and 
1 for 10485760 (pf::accounting::acct_maintenance)
Sep 04 12:16:59 pfmon(1) WARN: database query failed because statement 
handler was undefined or invalid, will try again (pf::db::db_query_execute)
Sep 04 12:16:59 pfmon(1) WARN: database query failed because statement 
handler was undefined or invalid, will try again (pf::db::db_query_execute)
Sep 04 12:16:59 pfmon(1) WARN: database query failed because statement 
handler was undefined or invalid, will try again (pf::db::db_query_execute)
Sep 04 12:16:59 pfmon(1) ERROR: Database issue: We tried 3 times to serve 
query acct_maintenance_bw__all called from pf::db::db_data and we failed. Is 
the database running? (pf::db::db_query_execute)
Sep 04 12:16:59 pfmon(0) ERROR: cleanup thread finished - this is bad 
(main::)

Do you have any ideas/suggestions?

-----Original Message-----
From: Francois Gaudreault [mailto:[email protected]]
Sent: Tuesday, September 04, 2012 4:18 PM
To: [email protected]
Subject: Re: [PacketFence-users] Catalyst 2960 and accounting setup

Hi,

Accounting will only work if you use AAA (so MAB or 802.1X).  It won't work 
with port-security.  Apparently, we have some feature to grab data using 
SNMP, but those have not been maintained since a while.

Use MAB instead of port-security if you want to use accounting data.

On 2012-09-04 10:05 AM, Marko Mrvelj wrote:
> Hi all,
>
> I am trying to get accounting for traffic on packetfence with cisco
> catalyst switch (2960). I have port security configured and working
> correctly on the switch.
>
> Can somebody give me directions how to tell switch to send accounting 
> data?
>
> Thanks,
>
> Marko Mrvelj
>
>
> ----------------------------------------------------------------------
> --------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond.
> Discussions will include endpoint security, mobile security and the
> latest in malware threats.
> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>


--
Francois Gaudreault, ing. jr
[email protected]  ::  +1.514.447.4918 (x130) ::  www.inverse.ca 
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and threat 
landscape has changed and how IT managers can respond. Discussions will 
include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to