Hello everybody, I'm new of Packetfence and I have tried to configure it as
well, but I encountered some problems. I explain briefly my configuration
of my test network.
I configure Packetfence to act in vlan enforcement, out-of-band, using
admin interface:
Management Interface of Packetfence with ip address 192.168.1.5 (eth0)
Registration Vlan, Vlan ID 2 in 192.168.2.0 network, with interface ip
address of pf 192.168.2.1 (eth0.2)
Isolation Vlan, Vlan ID 3 in 192.168.3.0 network, with interface ip address
of pf 192.168.3.1 (eth0.3)
Data Vlan, Vlan ID 10 in 192.168.10.0 network, with interface ip address of
pf 192.168.10.1 (eth0.10)
I use a Catalyst 3560G Cisco's switch connected with Packetfence's
interface eth0 by Gi 0/6. The ip address of switch is 192.168.1.9, so i add
it
by admin interface and I can access to it by telnet from Packetfence. I
create the Registration, Isolation, Mac-Detection (Vlan ID 4) and Data Vlan
and I have configured the switch for operate with SNMP v2c with port
security.
When I connect my laptop in the Gi 0/14 switch's port, through "debug snmp
packets" and "debug snmp requests" I see that the switch send trap to
Packetfence, but seems that nothing else happen.
If I understand well, with port security set on the switch, a device that
is plugged in a switch's port, if its unregistered is put on the
Registration Vlan and he receives an ip address, then if he tries to
connect to Internet he will be redirected to the Captive Portal, right?
I post the result from logs file packetfence.log and snmptrapd.log:
-packetfence.log
pfsetvlan(7) INFO: secureMacAddrViolation trap on 192.168.1.9 ifIndex
10114. Port Security is no longer configured on the port. Flush the trap
(main::signalHandlerTrapListQueued)
-snmptrapd.log
UDP: [192.168.1.9]:52573->[192.168.1.5]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN
SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 =
Timeticks: (324640) 0:54:06.40|.1.3.6.1.6.3.1.1.4.1.0 = OID:
.1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10114 = Wrong Type (should
be INTEGER): Gauge32: 10114|.1.3.6.1.2.1.31.1.1.1.1.10114 = STRING:
GigabitEthernet0/14|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10114 = Hex-STRING: E0
3F 49 37 E5 E4 END VARIABLEBINDINGS
-This is my switch.conf file
[default]
description=Switches Default Values
vlans=1,2,3,4,5
normalVlan=1
registrationVlan=2
isolationVlan=3
macDetectionVlan=4
voiceVlan=5
inlineVlan=6
inlineTrigger=
normalRole=normal
registrationRole=registration
isolationRole=isolation
macDetectionRole=macDetection
voiceRole=voice
inlineRole=inline
VoIPEnabled=no
VlanMap=Y
RoleMap=Y
mode=testing
macSearchesMaxNb=30
macSearchesSleepInterval=2
uplink=dynamic
#
# Command Line Interface
#
# cliTransport could be: Telnet, SSH or Serial
cliTransport=Telnet
cliUser=
cliPwd=
cliEnablePwd=
#
# SNMP section
#
# PacketFence -> Switch
SNMPVersion=2c
SNMPCommunityRead=public
SNMPCommunityWrite=private
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
# Switch -> PacketFence
SNMPVersionTrap=2c
SNMPCommunityTrap=public
#SNMPAuthProtocolTrap = MD5
#SNMPAuthPasswordTrap = authpwdread
#SNMPPrivProtocolTrap = DES
#SNMPPrivPasswordTrap = privpwdread
#
# Web Services Interface
#
# wsTransport could be: http or https
wsTransport=http
wsUser=
wsPwd=
#
# RADIUS NAS Client config
#
# RADIUS shared secret with switch
radiusSecret=
[192.168.1.9]
RoleMap=N
mode=production
cliUser=PF
AccessListMap=N
description=Catalyst_3560G
type=Cisco::Catalyst_3560G
cliPwd=pluto
VoIPEnabled=N
cliEnablePwd=pluto
**************************************************************************
**************************************************************************
-And running configuration from Catalyst 3560G (I test port security only
on Gi 0/14) :
Current configuration : 4336 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$wp5f$kTZJ0It4vJrBMoyox4xcV.
!
username PF secret 5 $1$qHiw$T2V1k1V5mCMc.Z7.Qrj9E1
!
!
no aaa new-model
system mtu routing 1500
authentication mac-move permit
no ip domain-lookup
!
!
!
!
crypto pki trustpoint TP-self-signed-1409580288
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1409580288
revocation-check none
rsakeypair TP-self-signed-1409580288
!
!
crypto pki certificate chain TP-self-signed-1409580288
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343039 35383032 3838301E 170D3933 30333031 30303031
34335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34303935
38303238 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B74F 854CD472 BCCFA23D 076116BC FF2328B5 8263FD63 8E5AA805 B1D341D3
A536AABD 4594C6C2 8307D613 ABBF2F05 C4D99133 073F068D 606F9C9E 69A2EA7A
E87E1C12 302E447A F5CA2737 F7B0B8D0 3FF7E2D2 8180B24A 28E0517A 3840C4B0
07251853 7E83FEF8 2BB30887 2CA3DB9A 5FFDBDFD C0E2791B 7B3C85DC F24B4D40
B0990203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
551D1104 0B300982 07537769 7463682E 301F0603 551D2304 18301680 14E0AFB9
4EBC1DE0 A3FC8C4E 147D411D 533ADBBD DD301D06 03551D0E 04160414 E0AFB94E
BC1DE0A3 FC8C4E14 7D411D53 3ADBBDDD 300D0609 2A864886 F70D0101 04050003
81810034 454BCBA1 86C1CFC9 82248035 5BC5F8AA F6BCF216 518E98CE 83566A92
54BCC8EB E80ADFC1 981A56E6 626C092D F621A61C 7DA9A188 A8027956 E1084A9A
184F01EA DA9053DB FB7659FC D014C4AF 9F09C42B 48A2879E 7803F2B5 5AE75F98
5240041C 27C10830 DFEDD4B7 41177C55 AE79B76A A58A9F86 1FCAA57F C6758653
B749EA
quit
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface GigabitEthernet0/1
spanning-tree portfast
!
interface GigabitEthernet0/2
spanning-tree portfast
!
interface GigabitEthernet0/3
spanning-tree portfast
!
interface GigabitEthernet0/4
spanning-tree portfast
!
interface GigabitEthernet0/5
spanning-tree portfast
!
interface GigabitEthernet0/6
spanning-tree portfast
!
interface GigabitEthernet0/7
spanning-tree portfast
!
interface GigabitEthernet0/8
spanning-tree portfast
!
interface GigabitEthernet0/9
spanning-tree portfast
!
interface GigabitEthernet0/10
spanning-tree portfast
!
interface GigabitEthernet0/11
spanning-tree portfast
!
interface GigabitEthernet0/12
spanning-tree portfast
!
interface GigabitEthernet0/13
spanning-tree portfast
!
interface GigabitEthernet0/14
switchport access vlan 4
switchport mode access
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address 0200.0000.0014 vlan access
spanning-tree portfast
!
interface GigabitEthernet0/15
spanning-tree portfast
!
interface GigabitEthernet0/16
spanning-tree portfast
!
interface GigabitEthernet0/17
spanning-tree portfast
!
interface GigabitEthernet0/18
spanning-tree portfast
!
interface GigabitEthernet0/19
spanning-tree portfast
!
interface GigabitEthernet0/20
spanning-tree portfast
!
interface GigabitEthernet0/21
spanning-tree portfast
!
interface GigabitEthernet0/22
spanning-tree portfast
!
interface GigabitEthernet0/23
spanning-tree portfast
!
interface GigabitEthernet0/24
spanning-tree portfast
!
interface GigabitEthernet0/25
spanning-tree portfast
!
interface GigabitEthernet0/26
spanning-tree portfast
!
interface GigabitEthernet0/27
spanning-tree portfast
!
interface GigabitEthernet0/28
spanning-tree portfast
!
interface Vlan1
ip address 192.168.1.9 255.255.255.0
ip helper-address 192.168.2.1
!
ip classless
ip http server
ip http secure-server
!
ip sla enable reaction-alerts
snmp-server enable traps port-security
snmp-server enable traps port-security trap-rate 1
snmp-server host 192.168.1.5 version 2c public port-security
!
!
line con 0
line vty 0 4
login local
transport input telnet
line vty 5 15
login local
transport input telnet
!
end
**************************************************************************
**************************************************************************
After plugging the laptop the switch's running config not change, no vlan
is set by Packetfence.
I have some incorrect configuration settings?
Thanks very much in advance,
your feedback and help will be for sure appreciated.
Regards,
Rosario
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
