Hi Juan,
in fact pf try with CDP and LLDP but it look that it worked, radius answer:
Sending Access-Accept of id 71 to 10.11.62.15 port 1645
Cisco-AVPair = "device-traffic-class=voice""
Mean that an ip phone has been detected on this port.
Regards
Fabrice
Le 2014-08-21 12:43, Juan Camilo Valencia a écrit :
Hi Fabrice,
This is the answer
IF-MIB::ifName.10520 = STRING: Fa2/0/20
IF-MIB::ifName.10521 = STRING: Fa2/0/21
IF-MIB::ifName.10522 = STRING: Fa2/0/22
IF-MIB::ifName.10523 = STRING: Fa2/0/23
IF-MIB::ifName.10524 = STRING: Fa2/0/24
IF-MIB::ifName.10525 = STRING: Fa2/0/25
IF-MIB::ifName.10526 = STRING: Fa2/0/26
IF-MIB::ifName.10527 = STRING: Fa2/0/27
IF-MIB::ifName.10528 = STRING: Fa2/0/28
So basically that means that packetfence is doing right, so any idea
why is showing me this message about LLDP?. I have CDP enabled on the
port. My thoughts were that maybe packetfence is reading the wrong
port, but it doesn't, are the functions in packetfence to use LLDP
compatible with CDP?
Best Regards
On Thu, Aug 21, 2014 at 10:33 AM, Fabrice DURAND <[email protected]
<mailto:[email protected]>> wrote:
Hi Juan,
can you check with:
snmpwalk -v 2c -c public @ip_of_the_switch 1.3.6.1.2.1.31.1.1.1.1
and check the ifindex of FastEthernet2/0/25 ?
Because we are using a function in the 2950 switch module.
(getIfIndexByNasPortId)
Regards
Fabrice
Le 2014-08-21 11:24, Juan Camilo Valencia a écrit :
Hi Guys,
I'm working with a couple of 2960 switches on stack mode running
an IOS version 150-2.SE <http://150-2.SE>, the switch is
configured to use MAB and deauthenticate with Radius using CoA,
everything for a machine works perfectly. However, When I plug a
Cisco VoIP phone and the machine behind that, I'm getting this
info message,
"Aug 20 19:41:34 httpd.webservices(6156) INFO: Unable to lookup
LLDP port from IfIndex. LLDP VoIP detection will not work. Is
LLDP enabled?
(pf::Switch::Cisco::Catalyst_2950::getPhonesLLDPAtIfIndex)
Aug 20 19:41:34 httpd.webservices(6156) INFO: Could not find any
IP phones through discovery protocols for ifIndex 10525
(pf::Switch::getPhonesDPAtIfIndex)"
I made a debug from radius and this is what i'm getting,
"rlm_perl: request from bc:67:1c:30:78:c3 port 50225 was accepted
but no VLAN returned. This could be normal. See server logs for
details.
rlm_perl: PacketFence RESULT RESPONSE CODE: 2 (2 means OK)
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Service-Type = Call-Check
rlm_perl: Added pair Called-Station-Id = C0-25-5C-AA-30-19
rlm_perl: Added pair Calling-Station-Id = BC-67-1C-30-78-C3
rlm_perl: Added pair Message-Authenticator =
0x40025a04d0aa4d0e33f43722f48d6b30
rlm_perl: Added pair Cisco-AVPair = service-type=Call Check
rlm_perl: Added pair Cisco-AVPair =
audit-session-id=0A0B3E0F0000003906EA910A
rlm_perl: Added pair User-Name = bc671c3078c3
rlm_perl: Added pair User-Password = bc671c3078c3
rlm_perl: Added pairNAS-Port = 50225
rlm_perl: Added pair NAS-IP-Address = 10.11.62.15
rlm_perl: Added pair Framed-MTU = 1500
rlm_perl: Added pair NAS-Port-Id = FastEthernet2/0/25
rlm_perl: Added pair Cisco-AVPair = device-traffic-class=voice
rlm_perl: Added pair Auth-Type = Accept
+++[packetfence] = ok
++} # if (!EAP-Type || (EAP-Type != 21 && EAP-Type != 25)) = ok
+} # group post-auth = ok
Sending Access-Accept of id 71 to 10.11.62.15 port 1645
Cisco-AVPair = "device-traffic-class=voice""
""
The NAS-Port sent to Packetfece was 50225 and the ifindex
translated in packetfence is 10525, following the example of the
function /NasPortToIfIndex/ in Catalyst_2960.pm Module in
Packetfence the translation of the Nasport to Ifindex should be
10225 and not 10525, however I don't know if my inferences are
correct?, Do you think that this is a bug in the function or this
should be right answer.
Let me know what other info I can provide you to help me figured
it this out.
Best Regards,
--
*“Choose a job you love, and you will never have to work a day in
your life”*
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] <mailto:[email protected]> ::+1.514.447.4918
<tel:%2B1.514.447.4918> (x135) ::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
*“Choose a job you love, and you will never have to work a day in your
life”*
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
