Derek,
First thing, yo were right, it was version 3.6.x.
Secondly, if the port on the floating network device is in trunk mode, the
switch won't be able to get a MAC exception.
Finally, those are the running configuration on the cisco:
floating device:
interface GigabitEthernet0/1
switchport trunk native vlan 450
switchport mode trunk
ip dhcp snooping limit rate 40
ip dhcp snooping trust
end
On the switch prior to connecting the floating network device:
interface FastEthernet0/3
switchport access vlan 11
switchport mode access
switchport port-security maximum 1 vlan access
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address 0200.0001.0003
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
end
And after connecting the floating network device (note that the port is in
access mode):
switchport access vlan 11
switchport trunk native vlan 11
switchport trunk allowed vlan 1,11-14,100
switchport mode trunk
switchport port-security maximum 1 vlan 11
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
end
This is the configuration from switches.conf (snipped for both switches):
[192.168.0.242]
type=Cisco::Catalyst_2960
mode=production
uplink=49,50
description=switch48-1
[192.168.0.244]
type=Cisco::Catalyst_2960
mode=production
uplink=9
description=switch8-float-1
And from floating_network_devices.conf:
[5c:50:15:78:a9:89]
ip=192.168.0.244
trunkPort=yes
pvid=450
taggedVlan=1,11,12,13,14,100
IOS version on switch: Cisco IOS Software, C2960 Software
(C2960-LANBASEK9-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)
IOS version on floating network device: Cisco IOS Software, C2960 Software
(C2960-LANBASEK9-M), Version 12.2(58)SE2, RELEASE SOFTWARE (fc1)
The native VLAN mismatch causes the switch to not be reachable.
And, in any 2960-alike switch that we have inhouse we tried to run:
/usr/local/pf/bin/pfcmd_vlan -switch 192.168.0.254 -ifIndex 10116 -getMAC
-verbose 4
And we always get:
DEBUG - instantiating new SwitchFactory object
DEBUG - creating new pf::SNMP::Cisco::Catalyst_2960 object
DEBUG - start handling 'getMac' command
WARN - couldn't get MAC at ifIndex 10116. This is a problem.
This error is shown in packetfence.log sometimes.
On Thu, Aug 29, 2013 at 5:18 PM, Derek Wuelfrath <[email protected]>wrote:
> For some reason, floating network devices have stopped working after the
> upgrade from 3.8 to 4.0.5.
>
> How was 3.8 ? Never tried since we release 4 right after 3.6.1 :)
>
> the port-security mac address violation is not received, thus no action is
> handled by PF.
>
> You are sure about it ? The violation is coming before PacketFence can do
> anything. What is the status of the port before plugging the floating
> device in ? provide a show run ?
>
> On the other hand, if the port of the floating network device is in access
> mode, the MAC is discovered.
>
> There is no link between the two…
>
> Can you paste more info about the log.
> And a show run of the interface you are plugging a floating device in
> BEFORE and AFTER.
>
> Thanks
>
> Cheers!
> dw.
>
> --
> Derek Wuelfrath
> [email protected] :: +1.514.447.4918 (x110) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
> www.packetfence.org)
>
> On 2013-08-29, at 9:44 AM, Andreas Calvo Gómez <[email protected]>
> wrote:
>
> For some reason, floating network devices have stopped working after the
> upgrade from 3.8 to 4.0.5.
> All floating network devices are configured to have a trunk port and allow
> a set of vlans in the port.
> However, when a floating network device with a trunk port is connected to
> a switch managed by PacketFence, the port-security mac address violation is
> not received, thus no action is handled by PF.
> On the other hand, if the port of the floating network device is in access
> mode, the MAC is discovered.
>
> But when PF tries to find the MAC in the switch, it complains with:
> Aug 29 15:18:03 pfsetvlan(15) WARN: couldn't get MAC at ifIndex 10039.
> This is a problem. (pf::SNMP::_getMacAtIfIndex
>
> Trying to run:
> /usr/local/pf/bin/pfcmd_vlan -switch 192.168.0.254 -ifIndex 10116 -getMAC
> -verbose 4
> show the same error:
> DEBUG - instantiating new SwitchFactory object
> DEBUG - creating new pf::SNMP::Cisco::Catalyst_2960 object
> DEBUG - start handling 'getMac' command
> WARN - couldn't get MAC at ifIndex 10116. This is a problem.
>
> Should a floating network device that will be multi-vlan have the port in
> trunk mode by default?
> Will PF configure the uplink port on the floating network device?
>
> If I force to finish the setup on the switch port (set the native vlan),
> the floating network device works as expected.
>
> Any hint?
>
>
> ------------------------------------------------------------------------------
> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies
> and advance your career. Get an incredible 1,500+ hours of step-by-step
> tutorial videos with LearnDevNow. Subscribe today and save!
>
> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
> ------------------------------------------------------------------------------
> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies
> and advance your career. Get an incredible 1,500+ hours of step-by-step
> tutorial videos with LearnDevNow. Subscribe today and save!
> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
--
Atentamente,
Andreas Calvo
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
