Hi,
I re-installed PF on CentOS and re-did the configuration. After that I
plugged a laptop into one of the switch port with the following config. IP
of my switch is 192.168.1.12
interface FastEthernet0/5
switchport access vlan 4
switchport mode access
switchport port-security maximum 2
switchport port-security maximum 1 vlan access
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address 0200.0001.0005
end
I have the following snmp setting on the swtich:
pfsw2960#show running-config | in snmp
*snmp-server community public RO*
*snmp-server community private RW*
snmp-server enable traps snmp linkdown linkup
snmp-server enable traps port-security
snmp-server enable traps port-security trap-rate 1
snmp-server enable traps mac-notification change move threshold
snmp-server host 192.168.1.5 version 2c public port-security
And the switches.conf is as below
[root@qlpfp conf]# more switches.conf
[default]
vlans=1,2,3,4,5
normalVlan=1
registrationVlan=2
isolationVlan=3
macDetectionVlan=4
voiceVlan=5
inlineVlan=6
inlineTrigger=
normalRole=normal
registrationRole=registration
isolationRole=isolation
macDetectionRole=macDetection
voiceRole=voice
inlineRole=inline
VoIPEnabled=no
mode=testing
macSearchesMaxNb=30
macSearchesSleepInterval=2
uplink=dynamic
cliTransport=Telnet
cliUser=
cliPwd=
cliEnablePwd=
SNMPVersion=1
SNMPCommunityRead=public
SNMPCommunityWrite=private
SNMPVersionTrap=1
SNMPCommunityTrap=public
wsTransport=http
wsUser=
wsPwd=
radiusSecret=
[192.168.0.1]
type=Cisco::Catalyst_2900XL
mode=production
uplink=23,24
[192.168.1.12]
mode=production
deauthMethod=SSH
type=Cisco::Catalyst_2960
VoIPEnabled=N
uplink=24
radiusSecret=useStrongerSecret
SNMPVersion=2c
defaultVlan=1
[root@qlpfp conf]#
Then on the switch I got the following error:
*Mar 4 05:04:14.787: %PORT_SECURITY-2-PSECURE_VIOLATION: Security
violation occurred, caused by MAC address dc0e.a18a.d48f on port
FastEthernet0/5.
*Mar 4 05:04:28.208: %PORT_SECURITY-2-PSECURE_VIOLATION: Security
violation occurred, caused by MAC address dc0e.a18a.d48f on port
FastEthernet0/5.
*Mar 4 05:04:59.213: %PORT_SECURITY-2-PSECURE_VIOLATION: Security
violation occurred, caused by MAC address dc0e.a18a.d48f on port
FastEthernet0/5.
*Mar 4 05:05:12.366: %PORT_SECURITY-2-PSECURE_VIOLATION: Security
violation occurred, caused by MAC address dc0e.a18a.d48f on port
FastEthernet0/5.
*Mar 4 05:05:28.346: %PORT_SECURITY-2-PSECURE_VIOLATION: Security
violation occurred, caused by MAC address dc0e.a18a.d48f on port
FastEthernet0/5.
And on the PF server I got the following error from snmptrapd.log:
2013-07-15|21:05:03|UDP: [192.168.1.12]:64779->[192.168.1.5]|0.0.0.0|BEGIN
TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS
.1.3.6.1.2.1.1.3.0 = Timeticks: (27752835) 3 days,
5:05:28.35|.1.3.6.1.6.3.1.1.4.1.0 = OID:
.1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10005 = *Wrong Type (should
be INTEGER)*: Gauge32: 10005|.1.3.6.1.2.1.31.1.1.1.1.10005 = STRING:
FastEthernet0/5|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10005 = Hex-STRING: DC 0E
A1 8A D4 8F END VARIABLEBINDINGS
2013-07-15|21:10:12|UDP: [192.168.1.12]:64779->[192.168.1.5]|0.0.0.0|BEGIN
TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS
.1.3.6.1.2.1.1.3.0 = Timeticks: (27783739) 3 days,
5:10:37.39|.1.3.6.1.6.3.1.1.4.1.0 = OID:
.1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10005 = *Wrong Type (should
be INTEGER*): Gauge32: 10005|.1.3.6.1.2.1.31.1.1.1.1.10005 = STRING:
FastEthernet0/5|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10005 = Hex-STRING: DC 0E
A1 8A D4 8F END VARIABLEBINDINGS
2013-07-15|21:10:16|UDP: [192.168.1.12]:64779->[192.168.1.5]|0.0.0.0|BEGIN
TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS
.1.3.6.1.2.1.1.3.0 = Timeticks: (27784139) 3 days,
5:10:41.39|.1.3.6.1.6.3.1.1.4.1.0 = OID:
.1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10005 =* Wrong Type (should
be INTEGER)*: Gauge32: 10005|.1.3.6.1.2.1.31.1.1.1.1.10005 = STRING:
FastEthernet0/5|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10005 = Hex-STRING: DC 0E
A1 8A D4 8F END VARIABLEBINDINGS
The symptom is the switch was not changed to vlan#2 as it should be. What
is the problem with my config?
Regards,
Jacky
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
