[PacketFence-users] vlan has changed before scan (openvas) finished

Tue, 10 Dec 2013 10:18:53 -0800 

Hi experts,

I have PF installed on CentOS 6.4.

When a new device connected to the switch, it was asked to login at captive
portal, then being scanned. At this moment the device was assigned to
registration vlan. The login was successful.

>From openVAS WebUI, I could see the task was created.

After around 30 seconds, the vlan was changed to the default vlan, but the
scan by openVAS has not finished yet.

How do I force the device to stay at registration vlan, until the scan
finish?


Below is part of the log from packetfence.log


Dec 10 11:30:40 release.pm(0) INFO: scanning 192.168.2.34 by calling
/usr/local/pf/bin/pfcmd schedule now 192.168.2.34 1>/dev/null 2>&1
(pf::web::release::handler)
Dec 10 11:30:40 release.pm(0) INFO: violation for mac dc:0e:a1:8a:d4:8f vid
1200001 modified (pf::violation::violation_modify)
Dec 10 11:30:43 pfdhcplistener(1796) INFO: dc:0e:a1:8a:d4:8f requested an
IP. DHCP Fingerprint: OS::107 (Microsoft Windows Vista/7 or Server 2008).
Modified node with last_dhcp = 2013-12-10 11:30:43,computername =
Operations-PC,dhcp_fingerprint = 1,15,3,6,44,46,47,31,33,121,249,43
(main::listen_dhcp)
Dec 10 11:30:43 pfdhcplistener(1796) INFO: DHCPACK from 192.168.2.1
(00:0c:29:04:c5:74) to host dc:0e:a1:8a:d4:8f (192.168.2.34) for 30 seconds
(main::parse_dhcp_ack)
Dec 10 11:30:43 pfcmd.pl(3615) INFO: New ID generated: 138669304346d48f
(pf::util::generate_id)
Dec 10 11:30:43 pfcmd.pl(3615) INFO: Instantiate a new vulnerability
scanning engine object of type pf::scan::openvas.
(pf::scan::instantiate_scan_engine)
Dec 10 11:30:43 pfcmd.pl(3615) INFO: Creating a new scan target named
138669304346d48f for host 192.168.2.34 (pf::scan::openvas::createTarget)
Dec 10 11:30:44 pfcmd.pl(3615) INFO: Scan target named 138669304346d48f
successfully created with id: e3494a91-db57-4aa1-9def-4a4cbe7847ee
(pf::scan::openvas::createTarget)
Dec 10 11:30:44 pfcmd.pl(3615) INFO: Creating a new scan escalator named
138669304346d48f (pf::scan::openvas::createEscalator)
Dec 10 11:30:44 pfcmd.pl(3615) INFO: Scan escalator named 138669304346d48f
successfully created with id: 77d98800-3ade-4163-946b-4c90378cfb7f
(pf::scan::openvas::createEscalator)
Dec 10 11:30:44 pfcmd.pl(3615) INFO: Creating a new scan task named
138669304346d48f (pf::scan::openvas::createTask)
Dec 10 11:30:44 pfcmd.pl(3615) INFO: Scan task named 138669304346d48f
successfully created with id: 797ea872-f7d0-4c93-aad4-92f72d73c8b7
(pf::scan::openvas::createTask)
Dec 10 11:30:44 pfcmd.pl(3615) INFO: Starting scan task named
138669304346d48f (pf::scan::openvas::startTask)
Dec 10 11:30:44 pfcmd.pl(3615) INFO: Scan task named 138669304346d48f
successfully started (pf::scan::openvas::startTask)
Dec 10 11:30:44 pfcmd.pl(3615) INFO: Calling /usr/local/pf/bin/pfcmd manage
vclose dc:0e:a1:8a:d4:8f 1200001 (pf::scan::run_scan)
Dec 10 11:30:45 pfcmd.pl(3623) INFO: violation 1200001 closed for
dc:0e:a1:8a:d4:8f (pf::violation::violation_close)
Dec 10 11:30:45 pfcmd.pl(3623) INFO: re-evaluating access for node
dc:0e:a1:8a:d4:8f (manage_vclose called)
(pf::enforcement::reevaluate_access)
Dec 10 11:30:45 pfcmd.pl(3623) INFO: dc:0e:a1:8a:d4:8f is currentlog
connected at 192.168.1.254 ifIndex 10005 in VLAN 2
(pf::enforcement::_should_we_reassign_vlan)
Dec 10 11:30:46 pfcmd.pl(3623) INFO: Connection type is WIRED_MAC_AUTH.
Getting role from node_info (pf::vlan::getNormalVlan)
Dec 10 11:30:46 pfcmd.pl(3623) INFO: Username was defined 'dc0ea18ad48f' -
returning user based role 'employee_role' (pf::vlan::getNormalVlan)
Dec 10 11:30:46 pfcmd.pl(3623) INFO: MAC: dc:0e:a1:8a:d4:8f, PID: testpf3,
Status: reg. Returned VLAN: 10 (pf::vlan::fetchVlanForNode)
Dec 10 11:30:46 pfcmd.pl(3623) INFO: VLAN reassignment required for
dc:0e:a1:8a:d4:8f (current VLAN = 2 but should be in VLAN 10)
(pf::enforcement::_should_we_reassign_vlan)
Dec 10 11:30:46 pfcmd.pl(3623) INFO: switch port for dc:0e:a1:8a:d4:8f is
192.168.1.254 ifIndex 10005 connection type: Wired MAC Auth
(pf::enforcement::_vlan_reevaluation)
Dec 10 11:30:46 redir.cgi(0) INFO: dc:0e:a1:8a:d4:8f being redirected
(default profile)
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Dec 10 11:30:46 redir.cgi(0) INFO: MAC dc:0e:a1:8a:d4:8f shouldn't reach
here. Calling access re-evaluation. Make sure your network device
configuration is correct.
(ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler)
Dec 10 11:30:46 redir.cgi(0) INFO: re-evaluating access for node
dc:0e:a1:8a:d4:8f (redir.cgi called) (pf::enforcement::reevaluate_access)
Dec 10 11:30:46 redir.cgi(0) INFO: dc:0e:a1:8a:d4:8f VLAN reassignment is
forced. (pf::enforcement::_should_we_reassign_vlan)
Dec 10 11:30:46 redir.cgi(0) INFO: switch port for dc:0e:a1:8a:d4:8f is
192.168.1.254 ifIndex 10005 connection type: Wired MAC Auth
(pf::enforcement::_vlan_reevaluation)
Dec 10 11:30:49 pfsetvlan(23) INFO: local (127.0.0.1) trap for switch
192.168.1.254 (main::parseTrap)
Dec 10 11:30:49 pfsetvlan(24) INFO: local (127.0.0.1) trap for switch
192.168.1.254 (main::parseTrap)
Dec 10 11:30:49 pfsetvlan(24) WARN: database query failed with: MySQL
server has gone away. (errno: 2006), will try again
(pf::db::db_query_execute)
Dec 10 11:30:49 pfsetvlan(5) INFO: nb of items in queue: 1; nb of threads
running: 0 (main::startTrapHandlers)
Dec 10 11:30:49 pfsetvlan(23) WARN: database query failed with: MySQL
server has gone away. (errno: 2006), will try again
(pf::db::db_query_execute)
Dec 10 11:30:49 pfsetvlan(6) INFO: nb of items in queue: 1; nb of threads
running: 1 (main::startTrapHandlers)
Dec 10 11:30:49 pfsetvlan(5) INFO: reAssignVlan trap received on
192.168.1.254 ifIndex 10005 (main::handleTrap)
Dec 10 11:30:49 pfsetvlan(5) WARN: Until CoA is implemented we will bounce
the port on VLAN re-assignment traps for MAC-Auth
(pf::SNMP::handleReAssignVlanTrapForWiredMacAuth)
Dec 10 11:30:53 pfsetvlan(5) INFO: finished (main::cleanupAfterThread)
Dec 10 11:30:53 pfsetvlan(7) INFO: nb of items in queue: 1; nb of threads
running: 0 (main::startTrapHandlers)
Dec 10 11:30:55 pf::WebAPI(1697) INFO: handling radius autz request: from
switch_ip => 192.168.1.254, connection_type => WIRED_MAC_AUTH mac =>
dc:0e:a1:8a:d4:8f, port => 50005, username => dc0ea18ad48f
(pf::radius::authorize)
Dec 10 11:30:55 pfsetvlan(7) INFO: reAssignVlan trap received on
192.168.1.254 ifIndex 10005 (main::handleTrap)
Dec 10 11:30:55 pfsetvlan(7) WARN: Until CoA is implemented we will bounce
the port on VLAN re-assignment traps for MAC-Auth
(pf::SNMP::handleReAssignVlanTrapForWiredMacAuth)
Dec 10 11:30:55 pf::WebAPI(1697) INFO: Connection type is WIRED_MAC_AUTH.
Getting role from node_info (pf::vlan::getNormalVlan)
Dec 10 11:30:55 pf::WebAPI(1697) INFO: Username was defined 'dc0ea18ad48f'
- returning user based role 'employee_role' (pf::vlan::getNormalVlan)
Dec 10 11:30:55 pf::WebAPI(1697) INFO: MAC: dc:0e:a1:8a:d4:8f, PID:
testpf3, Status: reg. Returned VLAN: 10 (pf::vlan::fetchVlanForNode)
Dec 10 11:30:55 pf::WebAPI(1697) WARN: Role-based Network Access Control is
not supported on network device type pf::SNMP::Cisco::Catalyst_2960.
 (pf::SNMP::supportsRoleBasedEnforcement)
ec 10 11:30:59 pfsetvlan(7) INFO: finished (main::cleanupAfterThread)
Dec 10 11:31:01 pf::WebAPI(1698) INFO: handling radius autz request: from
switch_ip => 192.168.1.254, connection_type => WIRED_MAC_AUTH mac =>
dc:0e:a1:8a:d4:8f, port => 50005, username => dc0ea18ad48f
(pf::radius::authorize)
Dec 10 11:31:01 pf::WebAPI(1698) INFO: Connection type is WIRED_MAC_AUTH.
Getting role from node_info (pf::vlan::getNormalVlan)
Dec 10 11:31:01 pf::WebAPI(1698) INFO: Username was defined 'dc0ea18ad48f'
- returning user based role 'employee_role' (pf::vlan::getNormalVlan)
Dec 10 11:31:01 pf::WebAPI(1698) INFO: MAC: dc:0e:a1:8a:d4:8f, PID:
testpf3, Status: reg. Returned VLAN: 10 (pf::vlan::fetchVlanForNode)
Dec 10 11:31:02 pf::WebAPI(1698) WARN: Role-based Network Access Control is
not supported on network device type pf::SNMP::Cisco::Catalyst_2960.
 (pf::SNMP::supportsRoleBasedEnforcement)



Thanks.

------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to