Hello, I am trying to convert our inline packetfence setup into VLAN mode.
I seem to be having trouble with SNMP traps being sent from our Cisco
1131's to the PF server. Although I have it configured to send all SNMP
traps to PF, the only one that gets sent are DISASSOCIATE traps... check
out this debug output from the switch:
ap2#debug snmp packets
SNMP packet debugging is on
*Mar 2 21:41:29.780: %DOT11-6-DISASSOC: Interface Dot11Radio0,
Deauthenticating Station 001e.5273.06fc Reason: Sending station has left
the BSS
*Mar 2 21:41:29.781: SNMP: Queuing packet to 10.93.0.1
*Mar 2 21:41:29.781: SNMP: V1 Trap, ent dot11SMTnotification, addr
10.93.0.3, gentrap 6, spectrap 2
dot11StationConfigEntry.17.1 = 2
dot11StationConfigEntry.18.1 = 00 1E 52 73 06 FC
*Mar 2 21:41:30.030: SNMP: Packet sent via UDP to 10.93.0.1
ap2#
ap2#
*Mar 2 21:41:45.199: %DOT11-6-ASSOC: Interface Dot11Radio0, Station
001e.5273.06fc Associated KEY_MGMT[NONE]
ap2#
The trap is sent fine for the DISASSOC, but not for the ASSOC... any ideas
why?
I also have some questions about this setup... can I do VLAN switching just
by using SNMP traps? Or do I need 802.1x/MAC-auth set up to get that
going? I don't believe that these switches support port-security.
Another issue I am having is with assigning VLAN's to be either
Registration or Normal VLAN's... here's my desired VLAN breakdown:
96: Guest VLAN (this works)
95: Registration VLAN - hosts associate with an SSID with this VLAN, and
after they register, they should be switched to VLAN 94
94: Normal(?) VLAN - hosts will be in here after they pass registration
93: this is my "native VLAN" for the switch, the switch has an IP address
in this VLAN and this is the management VLAN for PF
92: MAC detect (?)
So, using this scheme, I would put 96 as "Guest VLAN", and 92 as "Mac
Detect VLAN", but what about the others? 95 should be a "Registration
VLAN", obviously, but what about 94? Is that another "Registration VLAN",
or is that a "Normal VLAN"? And what would I set 93 to be? Also, on the
switch itself, I would like two SSID's: Open (for vlan 96), and Internal
(for 95/94). When I create the SSID on the switch, do I just set Internal
to VLAN 95? How does it know to use VLAN 94 instead after people register?
Thanks for any help or pushes in the right direction!
David
------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
