We do still see the issue we just noticed if we restart pfsetvlan it will not enter the seemingly endless loop until it encounters a new trap.
I performed a test on a fresh v5.0.1 installation configure a single Cisco Catalyst switch to report port-security traps to PacketFence. We see the trap accepted by snmptrapd and written to logs/snmptrapd.log At this point pfsetvlan starts to consume all CPU. We ran tcpdump on the interface while this was occurring and observe PacketFence communicating with the switch by SNMP but we cannot identify the OID. The first part looks like it is reading the current VLAN of the port, then another get receiving an empty string, then the last after which it enters the loop. [root@nupf pf]# [root@nupf pf]# tcpdump -i eth1 "dst 10.56.111.218 or src 10.56.111.218" tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes 08:47:48.344609 IP 10.56.111.218.iad1 > nupf.wadsworth.org.snmptrap: V2Trap(139) system.sysUpTime.0=534398765 S:1.1.4.1.0=E:cisco.9.315.0.0.1 interfaces.ifTable.ifEntry.ifIndex.8=8 31.1.1.1.1.8="GigabitEthernet1/0/6" E:cisco.9.315.1.2.1.1.10.8=00_23_df_82_1c_6a 08:47:50.755516 IP 10.56.111.218.iad1 > nupf.wadsworth.org.snmptrap: V2Trap(139) system.sysUpTime.0=534399006 S:1.1.4.1.0=E:cisco.9.315.0.0.1 interfaces.ifTable.ifEntry.ifIndex.8=8 31.1.1.1.1.8="GigabitEthernet1/0/6" E:cisco.9.315.1.2.1.1.10.8=00_23_df_82_1c_6a 08:47:51.148512 IP nupf.wadsworth.org.55365 > 10.56.111.218.snmp: C=cselonly GetRequest(28) system.sysLocation.0 08:47:51.151449 IP 10.56.111.218.snmp > nupf.wadsworth.org.55365: C=cselonly GetResponse(28) system.sysLocation.0="" 08:47:51.153094 IP nupf.wadsworth.org.55365 > 10.56.111.218.snmp: C=cselonly GetRequest(34) E:cisco.9.68.1.2.2.1.2.8 08:47:51.155921 IP 10.56.111.218.snmp > nupf.wadsworth.org.55365: C=cselonly GetResponse(35) E:cisco.9.68.1.2.2.1.2.8=122 08:47:51.163669 IP nupf.wadsworth.org.44739 > 10.56.111.218.snmp: C=cselonly GetRequest(28) system.sysLocation.0 08:47:51.166849 IP 10.56.111.218.snmp > nupf.wadsworth.org.44739: C=cselonly GetResponse(28) system.sysLocation.0="" 08:47:51.168340 IP nupf.wadsworth.org.44739 > 10.56.111.218.snmp: C=cselonly GetRequest(35) E:cisco.9.315.1.2.1.1.1.8 08:47:51.170953 IP 10.56.111.218.snmp > nupf.wadsworth.org.44739: C=cselonly GetResponse(36) E:cisco.9.315.1.2.1.1.1.8=1 08:47:55.035614 IP 10.56.111.218.iad1 > nupf.wadsworth.org.snmptrap: V2Trap(139) system.sysUpTime.0=534399433 S:1.1.4.1.0=E:cisco.9.315.0.0.1 interfaces.ifTable.ifEntry.ifIndex.8=8 31.1.1.1.1.8="GigabitEthernet1/0/6" E:cisco.9.315.1.2.1.1.10.8=00_23_df_82_1c_6a 08:48:03.215609 IP 10.56.111.218.iad1 > nupf.wadsworth.org.snmptrap: V2Trap(139) system.sysUpTime.0=534400252 S:1.1.4.1.0=E:cisco.9.315.0.0.1 interfaces.ifTable.ifEntry.ifIndex.8=8 31.1.1.1.1.8="GigabitEthernet1/0/6" E:cisco.9.315.1.2.1.1.10.8=00_23_df_82_1c_6a ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
