Re: [PacketFence-users] Swtich Port Security Violation issue

Tue, 09 Jul 2013 07:27:06 -0700 

May I respectfully ask why you are using SNMP traps?

I ask only because I have about 100 of those switches and they work wonderfully 
with MAB which has been much more scalable and reliable in my experience.

MAB gives you the same results as SNMP traps with much finer grained control 
and more graceful error handling.

I can send you the relevant config snippets from one of my switches if you 
would like.

Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton TX. 76513
Fone: 254-295-4658
Phax: 254-295-4221
HTTP://WWW.UMHB.EDU

From: Fabrice DURAND [mailto:[email protected]]
Sent: Tuesday, July 09, 2013 9:09 AM
To: [email protected]
Subject: Re: [PacketFence-users] Swtich Port Security Violation issue

Hello,
add :
snmp-server community public RO
snmp-server community private RW

in your switch config.

Regards
Fabrice

Le 2013-07-08 18:08, forbmsyn a écrit :
Hi,

I have a Cisco 2960 switch.  On port #3 I have a laptop plugged in. Then I have 
the following error message on Packet fence server and the switch.


Error message from the packet fence serve:

Jul 08 14:00:05 pfsetvlan(24) INFO: secureMacAddrViolation trap on 192.168.1.12 
ifIndex 10003. Port Security is no longer configured on the port. Flush the 
trap (main::signalHandlerTrapListQueued)


And the error message from the switch:
*Mar  4 01:21:08.599: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation 
occurred, caused by MAC address dc0e.a18a.d48f on port FastEthernet0/3.

Below is the config of the switch:

pfsw2960#show running-config
Building configuration...

Current configuration : 3992 bytes
!
! Last configuration change at 23:26:42 UTC Wed Mar 3 1993
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname pfsw2960
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$v6AY$CHpQRFjE5It5ggqY80s9Y0
!
username admin password 0 admin
no aaa new-model
system mtu routing 1500
!
!
!
!
crypto pki trustpoint TP-self-signed-3219086464
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3219086464
 revocation-check none
 rsakeypair TP-self-signed-3219086464
!
!
crypto pki certificate chain TP-self-signed-3219086464
 certificate self-signed 01
  30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33323139 30383634 3634301E 170D3933 30333031 30303030
  35385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32313930
  38363436 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100AF7D 853F4F63 33C9C1E7 67E19204 F6647E85 DE33E663 207935F3 169D50D3
  D29CE944 47E12F9C E0F1F090 2FB5CF0B B33544ED B2643B58 63F4B441 DD5E4C07
  844278A6 F811497E B18F73B3 9F4B0418 5701CD26 F4CA985E 8C729706 E83886F9
  5311E7EB 4282AB4A 882AA3B0 66DFA19D E6F22371 4848B689 0F8B75AD 1A8C1A31
  B16B0203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
  551D1104 0C300A82 08706673 77323936 30301F06 03551D23 04183016 80143711
  4F7C7DED 5B7AB254 2C8BA9E7 F9FBDCC9 3654301D 0603551D 0E041604 1437114F
  7C7DED5B 7AB2542C 8BA9E7F9 FBDCC936 54300D06 092A8648 86F70D01 01040500
  03818100 49D71241 3FC607E9 7D6CBFFC BBC7D710 10C622C8 42EF439B 1ABD6EED
  247B7D70 20DD2D96 E5C55399 768AD11D EE0A9553 A9EF4634 66C1C672 2BE90557
  58ED21C0 11D797F9 7F2BDAF9 0754AFE7 9B205531 FC76D6D8 2202348B 7CCDDED5
  A5286F33 4BBF7AA2 4BFAC9EC F0F460CC 11487E48 EBBB5796 52DC5B31 A9E3C1DC 
7AB2DAD0
        quit
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0/1
 switchport access vlan 4
 switchport port-security violation restrict
 switchport port-security mac-address 0200.0001.0001
!
interface FastEthernet0/2
 switchport access vlan 4
 switchport mode access
 switchport port-security maximum 2
 switchport port-security maximum 1 vlan access
 switchport port-security
 switchport port-security violation restrict
 switchport port-security mac-address 0200.0001.0002
!
interface FastEthernet0/3
 switchport access vlan 4
 switchport mode access
 switchport port-security maximum 2
 switchport port-security maximum 1 vlan access
 switchport port-security
 switchport port-security violation restrict
 switchport port-security mac-address 0200.0000.0003
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
 switchport mode trunk
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 ip address 192.168.1.12 255.255.255.0
!
ip http server
ip http secure-server
logging esm config
snmp-server enable traps snmp linkdown linkup
snmp-server enable traps port-security
snmp-server enable traps port-security trap-rate 1
snmp-server enable traps mac-notification change move threshold
snmp-server host 192.168.1.5 version 2c public  port-security
!
line con 0
line vty 0 4
 login
line vty 5 15
 login
!
end

pfsw2960#



What's wrong with my configuration?

Thank you!





------------------------------------------------------------------------------

See everything from the browser to the database with AppDynamics

Get end-to-end visibility with application monitoring from AppDynamics

Isolate bottlenecks and diagnose root cause in seconds.

Start your free trial of AppDynamics Pro today!

http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk




_______________________________________________

PacketFence-users mailing list

[email protected]<mailto:[email protected]>

https://lists.sourceforge.net/lists/listinfo/packetfence-users




--

Fabrice Durand

[email protected]<mailto:[email protected]> ::  +1.514.447.4918 (x135) ::  
www.inverse.ca<http://www.inverse.ca>

Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org)

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to