Hey all,
Any help would be appreciated. I'm currently setting up Packetfence for
the first time, and I've never setup a NAC before. I've used the ZEN
installation and I'm stuck. I have a VM with 2 NICs. One is on a
management VLAN (eth1) and the other is the trunk port for the other 5
packetfence VLANs I've created (eth0.310 - eth0.314). I can successfully
put a PC on my registration VLAN (311) and login locally with the demo
user account. After that I get "Unable to detect network connectivity"
and then "Sorry! Your network should be enabled within a minute or two".
I think the problem might be with the snmp between the switch and
packetfence, but I'm not positive. I've tried setting port-security snmp
traps and up/down link traps and neither seem to work. I've also tried
SNMP 1, 2c, and 3. I can do an snmpwalk from the packetfence server to
the switch.
The only thing of use that I get in my packetfence.log is:
Mar 19 08:37:47 redir.cgi(0) INFO: Static User-Agent lookup data
initialized (pf::useragent::_init)
Mar 19 08:37:47 redir.cgi(0) INFO: MAC 18:a9:05:xx:xx:xx shouldn't reach
here. Calling access re-evaluation. Make sure your network device
configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_loc$
Mar 19 08:37:47 redir.cgi(0) INFO: re-evaluating access for node
18:a9:05:cd:05:1c (redir.cgi called)
(pf::enforcement::reevaluate_access)
Mar 19 08:37:47 redir.cgi(0) WARN: Can't re-evaluate access for mac
18:a9:05:xx:xx:xx because no open locationlog entry was found
(pf::enforcement::reevaluate_access)
Here is a portion of switches.conf:
[172.16.25.41]
type=Cisco::Catalyst_3750
vlans=310,311,312,313,314
normalVlan=310
registrationVlan=311
isolationVlan=312
macDetectionVlan=313
guestVlan=314
uplink=1
deauthMethod=SSH
SNMPVersionTrap=3
SNMPUserNameTrap=PACKETFENCE_READ_USER
SNMPAuthProtocolTrap=MD5
SNMPAuthPasswordTrap=READPASSWORD
SNMPPrivProtocolTrap=AES
SNMPPrivPasswordTrap=READPASSWORD2
SNMPCommunityWrite=PACKETFENCE
SNMPEngineID=1234000000000000
SNMPUserNameRead=PACKETFENCE_READ_USER
SNMPAuthProtocolRead=MD5
SNMPAuthPasswordRead= READPASSWORD
SNMPPrivProtocolRead=AES
SNMPPrivPasswordRead= READPASSWORD2
SNMPUserNameWrite=PACKETFENCE_WRITE_USER
SNMPAuthProtocolWrite=MD5
SNMPAuthPasswordWrite=WRITEPASSWORD
SNMPPrivProtocolWrite=AES
SNMPPrivPasswordWrite= WRITEPASSWORD 2
controllerIp=
cliTransport=SSH
cliUser=packetfence
cliPwd=CLIPASSWORD
cliEnablePwd=CLIENABLE
mode=production
SNMPVersion=3
SNMPCommunityTrap=PACKETFENCESNMPTRAP
SNMPCommunityRead= PACKETFENCESNMPTRAP2
Switch config (the one setup for link up/down):
snmp trap mac-notification change added
snmp-server engineID local 123450000000000000000000
snmp-server group PFREADGROUP v3 priv notify
*tv.00000001.00000000.00000020.000000000F
snmp-server group PFWRITEGROUP v3 priv read PFREADVIEW write PFWRITEVIEW
snmp-server community PACKETFENCESNMPTRAP RW
snmp-server community PACKETFENCESNMPTRAP2 RO
snmp-server enable traps snmp linkdown linkup
snmp-server enable traps mac-notification change move threshold
snmp-server host 172.16.250.16 version 3 priv PFREADUSER
mac-notification snmp
Thanks again!
Amanda Berlin, MCSA, MCDST, A+
Network Analyst
Information Systems
Firelands Regional Medical Center
419-557-6772
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
