Hi,
My environment: CentOS 6.4 and Cisco 2960 switch.
I plugged a laptop in one of the switch port and the port was changed to
vlan #2 by snmp. And the laptop got the IP from 192.168.2.0/24 segment. It
worked as I expected.
Then I opened a browser from the laptop and submit the request. After a
while the switch port was changed to vlan #10. Actually on the
switches.conf the default vlan was configured to #3. How come it was
changed to vlan #10 but #3?
Below is the config of my switches.conf
[default]
vlans=1,2,3,4,5
normalVlan=1
registrationVlan=2
isolationVlan=3
macDetectionVlan=4
voiceVlan=5
inlineVlan=6
inlineTrigger=
normalRole=normal
registrationRole=registration
isolationRole=isolation
macDetectionRole=macDetection
voiceRole=voice
inlineRole=inline
VoIPEnabled=no
mode=testing
macSearchesMaxNb=30
macSearchesSleepInterval=2
uplink=dynamic
cliTransport=Telnet
cliUser=
cliPwd=
cliEnablePwd=
SNMPVersion=1
SNMPCommunityRead=public
SNMPCommunityWrite=private
SNMPVersionTrap=1
SNMPCommunityTrap=public
wsTransport=http
wsUser=
wsPwd=
radiusSecret=
[192.168.0.1]
type=Cisco::Catalyst_2900XL
mode=production
uplink=23,24
[192.168.1.12]
mode=production
deauthMethod=SNMP
type=Cisco::Catalyst_2960
VoIPEnabled=N
radiusSecret=useStrongerSecret
SNMPVersion=2c
uplink=24
SNMPVersionTrap=2c
*defaultVlan=3*
I did configure the default vlan to #10 before but after that I changed it
to #3. It seems the system now remember vlan #10 forever and won't accept
my new input.
Below is the output from packetfence.log:
Jul 17 18:24:32 pfdhcplistener(12620) INFO: dc:0e:a1:8a:d4:8f requested an
IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008).
Modified node with last_dhcp = 2013-07-17 18:24:32,computername =
Operations-PC,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43
(main::listen_dhcp)
Jul 17 18:24:32 pfdhcplistener(12620) INFO: DHCPACK from 192.168.2.1
(6c:f0:49:70:bd:eb) to host dc:0e:a1:8a:d4:8f (192.168.2.10) for 30 seconds
(main::parse_dhcp_ack)
Jul 17 18:24:32 pfdhcplistener(12620) INFO: DHCPACK CIADDR from 192.168.2.1
(6c:f0:49:70:bd:eb) to host dc:0e:a1:8a:d4:8f (192.168.2.10)
(main::parse_dhcp_ack)
Jul 17 18:24:33 redir.cgi(0) INFO: dc:0e:a1:8a:d4:8f being redirected
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jul 17 18:24:33 redir.cgi(0) INFO: Updating node dc:0e:a1:8a:d4:8f
user_agent with useragent: 'Mozilla/5.0 (Windows NT 6.1; WOW64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36'
(pf::web::web_node_record_user_agent)
Jul 17 18:24:33 redir.cgi(0) INFO: dc:0e:a1:8a:d4:8f redirected to
authentication page
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Jul 17 18:24:42 register.cgi(0) INFO: 192.168.2.10 - dc:0e:a1:8a:d4:8f on
registration page
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler)
Jul 17 18:24:42 register.cgi(0) INFO: performing node registration MAC:
dc:0e:a1:8a:d4:8f pid: admin (pf::web::_sanitize_and_register)
Jul 17 18:24:42 register.cgi(0) INFO: re-evaluating access for node
dc:0e:a1:8a:d4:8f (manage_register called)
(pf::enforcement::reevaluate_access)
Jul 17 18:24:42 register.cgi(0) INFO: dc:0e:a1:8a:d4:8f is currentlog
connected at 192.168.1.12 ifIndex 10003 in VLAN 2
(pf::enforcement::_should_we_reassign_vlan)
Jul 17 18:24:42 register.cgi(0) INFO: MAC: dc:0e:a1:8a:d4:8f, PID: admin,
Status: reg. Returned VLAN: 3 (pf::vlan::fetchVlanForNode)
*Jul 17 18:24:42 register.cgi(0) INFO: VLAN reassignment required for
dc:0e:a1:8a:d4:8f (current VLAN = 2 but should be in VLAN 3)
(pf::enforcement::_should_we_reassign_vlan)*
Jul 17 18:24:42 register.cgi(0) INFO: switch port for dc:0e:a1:8a:d4:8f is
192.168.1.12 ifIndex 10003 connection type: Wired SNMP
(pf::enforcement::_vlan_reevaluation)
Jul 17 18:24:42 register.cgi(0) INFO: 192.168.2.10 - dc:0e:a1:8a:d4:8f on
registration page
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_register_2ecgi::handler)
*Jul 17 18:24:44 pfsetvlan(3) INFO: security traps are configured on
192.168.1.12 ifIndex 10003. Re-assigning VLAN for dc:0e:a1:8a:d4:8f
(main::handleTrap)*
*Jul 17 18:24:44 pfsetvlan(3) INFO: MAC: dc:0e:a1:8a:d4:8f, PID: admin,
Status: reg. Returned VLAN: 10 (pf::vlan::fetchVlanForNode)*
I don't have any vlan #10 configured on my conf file at all why the system
still assign the port to this vlan? I even restarted the snmptrapd but did
not make any difference. Or is there somewhere else still have this record
saved?
Thank you.
Jacky
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
