Hello Fabrice, I used the configuration mentioned in packetfence documentation, I believe that is MAC security.
snmp-server authentication-trap disable snmp-server host 192.168.1.5 "public" snmp trap link-status port 1-24 disable no mac-security mac-address-table interface FastEthernet ALL mac-security port ALL disable mac-security port 1-24 enable default mac-security auto-learning port ALL max-addrs exit mac-security enable mac-security snmp-lock disable mac-security intrusion-detect disable mac-security filtering enable mac-security snmp-trap enable mac-security auto-learning aging-time 60 mac-security learning-ports NONE mac-security learning disable VoIPsupport YouneedtoensurethatallyourportsaretaggedwiththevoiceVLAN.Theswitchshoulddoth e restforyou. vlan create 6 name "Telephone" type port learning ivl vlan members 6 1-20,23-24 The reason why I didn't opted for Radius is, I would like to use existing Microsoft NPS radius for authentication. But iam not getting proper documentation to configure that to talk with packetfence for authenticating and role assignment. Could you please share me if you have documents. Thanks Mohan -----Original Message----- From: Fabrice DURAND [mailto:[email protected]] Sent: Friday, July 31, 2015 3:37 PM To: Mohanram <[email protected]>; [email protected] Subject: Re: [PacketFence-users] first board index error in Nortel 2526T-PWR switch Hello Mohanram, port sec doesn't work very well because of the borad index. Don't you want to try mac-auth/802.1x ? I did a new branch on github and it works very well on my side. https://github.com/inverse-inc/packetfence/compare/feature/avaya_radius regards Fabrice Le 2015-07-31 09:27, Mohanram a écrit : > Hello Fdurand, > > Yes I used avaya ERS 2500 while creating switch, still I get similar > error logs > > Jul 30 12:13:37 pfsetvlan(6) WARN: Trap ifIndex is invalid. Should > this switch be factory-reset? See Nortel's BayStack Stacking issues in > module documentation for more information. > (pf::Switch::Avaya::parseTrap) Jul 30 > 12:13:37 pfsetvlan(6) ERROR: Use of uninitialized value $trapVlan in > concatenation (.) or string at /usr/local/pf/sbin/pfsetvlan line 730. > (main::parseTrap) > Jul 30 12:13:37 pfsetvlan(6) ERROR: Use of uninitialized value in > pattern match (m//) at /usr/local/pf/lib/pf/Switch/Avaya.pm line 120. > (pf::Switch::Avaya::getBoardPortFromIfIndex) > Jul 30 12:13:37 pfsetvlan(6) ERROR: Use of uninitialized value > $portIndx in concatenation (.) or string at > /usr/local/pf/lib/pf/Switch/Nortel.pm line 706. > (pf::Switch::Nortel::isPortSecurityEnabled) > Jul 30 12:13:37 pfsetvlan(4) WARN: unable to parse trapLine.. here's > the > line: 172.16.210.40||secureMacAddrViolation|||58:16:26:bf:e8:d2|||| > (main::startTrapHandlers) Jul 30 12:13:37 pfsetvlan(4) INFO: nb of > items in > queue: 1; nb of threads running: 0 (main::startTrapHandlers) Jul 30 > 12:13:37 > pfsetvlan(4) INFO: Memory configuration is not valid anymore for key > config::Switch in local cached_hash (pfconfig::cached::is_valid) Jul > 30 > 12:13:37 pfsetvlan(4) ERROR: Use of uninitialized value $ifType in > numeric eq (==) at /usr/local/pf/lib/pf/vlan.pm line 170. > (pf::vlan::doWeActOnThisTrap) > Jul 30 12:13:37 pfsetvlan(4) ERROR: Use of uninitialized value $ifType > in numeric eq (==) at /usr/local/pf/lib/pf/vlan.pm line 170. > (pf::vlan::doWeActOnThisTrap) > Jul 30 12:13:37 pfsetvlan(4) INFO: secureMacAddrViolation trap > received on > (172.16.210.40) ifindex which is not ethernetCsmacd > (pf::vlan::doWeActOnThisTrap) Jul 30 12:13:37 pfsetvlan(4) INFO: > doWeActOnThisTrap returns false. Stop secureMacAddrViolation handling > (main::handleTrap) Jul 30 12:13:37 pfsetvlan(4) INFO: finished > (main::cleanupAfterThread) > > Thanks > Mohan > > -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
