Hello
I have a doubt
I'm setting up the PF 5.4.0 with the service radius (dlink 2000 AP +)
the manual says the process has to be done with the port-security.
- It is necessary to add the AP in floating device.
- The PF 5.4.0 know that is the floating device and automatically configures
for port-security.
but I have a problem, Cisco does not accept me devices due to
the violation. As PF automatic configure what can I do to solve the
problem?
PF LOG
Nov 05 18:49:59 pfsetvlan(2) WARN: couldn't get MAC at ifIndex 1. This is a
problem. (pf::Switch::_getMacAtIfIndex)
Nov 05 18:49:59 pfsetvlan(2) WARN: Tried to grab MAC address at ifIndex 1 on
switch 192.168.137.254 for 2 minutes and failed (main::handleTrap)
Nov 05 18:49:59 pfsetvlan(2) INFO: cannot find MAC (maybe we found a VoIP, but
they don't count here). Do nothing (main::handleTrap)
Nov 05 18:49:59 pfsetvlan(2) INFO: finished (main::cleanupAfterThread)
Nov 05 18:50:09 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads
running: 0 (main::startTrapHandlers)
Nov 05 18:50:09 pfsetvlan(1) INFO: up trap received on 192.168.137.254 ifIndex
20 (main::handleTrap)
Nov 05 18:50:09 pfsetvlan(1) INFO: The logs shows that the last device pluged
was a floating network device. We may have missedthe LinkDown trap. Disabling
floating network device configuration on the port. (main::handleTrap)
Nov 05 18:50:09 pfsetvlan(1) INFO: Disabling LinkDown traps on port 20
(pf::floatingdevice::disablePortConfig)
Nov 05 18:50:09 pfsetvlan(1) INFO: Setting port 20 to MAC detection Vlan.
(pf::floatingdevice::disablePortConfig)
Nov 05 18:50:09 pfsetvlan(1) INFO: There is a floating device on
192.168.137.254 port 20 (pf::floatingdevice::portHasFloatingDevice)
Nov 05 18:50:09 pfsetvlan(1) ERROR: Use of uninitialized value $mac in
concatenation (.) or string at /usr/local/pf/lib/pf/locationlog.pm line 502.
(pf::locationlog::locationlog_synchronize)
Nov 05 18:50:09 pfsetvlan(1) INFO: Not adding locationlog entry for mac
because it's plugged in a floating device enabled port
(pf::locationlog::locationlog_synchronize)
Nov 05 18:50:09 pfsetvlan(1) INFO: Should set 192.168.137.254 ifIndex 20 to
VLAN 4 but it is already in this VLAN -> Do nothing (pf::Switch::setVlan)
Nov 05 18:50:09 pfsetvlan(1) INFO: Enabling access control on port 20
(pf::floatingdevice::disablePortConfig)
Nov 05 18:50:10 pfsetvlan(1) WARN: couldn't get MAC at ifIndex 20. This is a
problem. (pf::Switch::_getMacAtIfIndex)
Nov 05 18:50:10 pfsetvlan(1) INFO: finished (main::cleanupAfterThread)
Nov 05 18:50:15 pfsetvlan(4) INFO: nb of items in queue: 1; nb of threads
running: 0 (main::startTrapHandlers)
Nov 05 18:50:15 pfsetvlan(4) INFO: MAC 02:00:00:00:00:20 is a fake MAC. Stop
mac handling (main::handleTrap)
Nov 05 18:50:15 pfsetvlan(4) INFO: finished (main::cleanupAfterThread)
CISCO LOG
Switch#
00:05:29: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred,
caused by MAC address c8f7.335f.975e on port FastEthernet0/20.
Thanks
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
