Re: [PacketFence-users] SG300 / SG500 couldn't get MAC at ifIndex

Thu, 04 May 2017 08:36:43 -0700 

Hello Stefan,

i asked one of my coworker who worked with this sort of switches and
portsec is not working with packetfence.

What you can do is to use it with radius
(https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_cisco_small_business)

Regards

Fabrice



Le 2017-05-04 à 11:03, Stefan Sabolowitsch a écrit :
> Hi Fabrice,
> SG300 / SG500 do not know CISCO-PORT-SECURITY-MIB 
> 1.3.6.1.4.1.9.9.315.1.2.1.1.1
>
> [root@PacketFence-ZEN etc]# snmpwalk -v 2c -c public 172.16.32.249 
> 1.3.6.1.4.1.9.9.315.1.2.1.1.1
> SNMPv2-SMI::enterprises.9.9.315.1.2.1.1.1 = No Such Object available on this 
> agent at this OID
>
> Regards
> Stefan
>
>
> .#.#.#.#.#.
> Am 03.05.17, 22:04 schrieb "[email protected] -- Fabrice Durand" 
> <[email protected]>:
>
>     Hello Stefan,
>     
>     it looks that snmpget 1.3.6.1.4.1.9.9.315.1.2.1.1.1.51 return nothing.
>     
>     Can you try snmpwalk 1.3.6.1.4.1.9.9.315.1.2.1.1.1 ?
>     
>     Regards
>     
>     Fabrice
>     
>     
>     
>     Le 2017-05-03 à 12:02, Stefan Sabolowitsch a écrit :
>     > Bonjour Fabrice,
>     > Tout d'abord vous remercier de PacketFence.
>     >
>     > A pcap file is attached to this mail.
>     > 172.16.32.249 = SG300 Switch
>     > 172.16.32.23 = PacketFence
>     >
>     > [root@PacketFence-ZEN etc]# snmpwalk -v 2c -c public 172.16.32.249 
> 1.3.6.1.2.1.17.4.3.1.2
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.0.20.253.22.202.8 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.0.21.23.119.111.168 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.0.21.23.212.11.128 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.0.21.23.218.156.228 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.0.21.23.218.158.212 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.0.26.75.49.217.63 = INTEGER: 56
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.0.26.232.26.196.154 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.0.28.66.103.179.230 = INTEGER: 49
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.0.29.9.221.232.11 = INTEGER: 51
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.0.30.103.151.242.53 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.0.31.18.35.23.133 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.0.37.0.241.239.58 = INTEGER: 49
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.0.64.157.68.249.43 = INTEGER: 57
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.0.80.86.148.71.55 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.0.192.183.78.154.181 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.52.219.253.131.216.9 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.52.219.253.131.216.18 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.124.117 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.124.127 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.124.249 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.125.3 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.125.193 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.125.203 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.126.129 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.126.139 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.126.151 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.126.161 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.127.181 = INTEGER: 0
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.133.130 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.133.140 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.120.215.95.149.164.18 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.128.232.111.3.136.192 = INTEGER: 58
>     > SNMPv2-SMI::mib-2.17.4.3.1.2.128.232.111.3.136.196 = INTEGER: 58
>     >
>     >
>     > Last question, is it the correct ifIndex (51) ?
>     > Yes, please look here.
>     > [root@PacketFence-ZEN etc]# snmpget -v 2c -c public 172.16.32.249 
> .1.3.6.1.2.1.17.4.3.1.1.0.29.9.221.232.11
>     > SNMPv2-SMI::mib-2.17.4.3.1.1.0.29.9.221.232.11 = Hex-STRING: 00 1D 09 
> DD E8 0B
>     >
>     > Needed MAC Address on ifindex 51
>     >
>     > Best regards.
>     > Stefan
>     >
>     > -#-#-#-#-#-#--#-#-#-#-#-#-#
>     >
>     > Am 01.05.17, 16:16 schrieb "[email protected] -- Fabrice Durand" 
> <[email protected]>:
>     >
>     >     Hello Stefan,
>     >     
>     >     can you take a capture on udp port 161 between PacketFence and the 
> switch ?
>     >     
>     >     Also can you do a snmpwalk on this oid : 1.3.6.1.2.1.17.4.3.1.2
>     >     
>     >     Last question, is it the correct ifIndex (51) ?
>     >     
>     >     Regards
>     >     
>     >     Fabrice
>     >     
>     >     
>     >     
>     >     Le 2017-04-30 à 07:13, Stefan Sabolowitsch a écrit :
>     >     > Hi there,
>     >     > have here SG300 / SG500, but packetfence get no MAC at index.
>     >     >
>     >     > Apr 28 18:06:56 PacketFence-ZEN packetfence: pfsetvlan(3) INFO: 
> [mac:[undef]] up trap received on 172.16.32.249 ifIndex 51 (main::handleTrap)
>     >     > Apr 28 18:06:56 PacketFence-ZEN packetfence: pfsetvlan(3) INFO: 
> [mac:[undef]] setting 172.16.32.249 port 51 to MAC detection VLAN 
> (main::handleTrap)
>     >     > Apr 28 18:06:56 PacketFence-ZEN packetfence: pfsetvlan(3) WARN: 
> [mac:[undef]] Should set ifIndex 51 to VLAN 4 but the switch is not in 
> production -> Do nothing (pf::Switch::setVlan)
>     >     > Apr 28 18:07:04 PacketFence-ZEN packetfence: pfsetvlan(3) WARN: 
> [mac:[undef]] couldn't get MAC at ifIndex 51. This is a problem. 
> (pf::Switch::_getMacAtIfIndex)
>     >     >
>     >     > 2017-04-28|15:51:38|UDP: 
> [172.16.32.249]:161->[172.16.32.23]:162|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN 
> SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBIND
>     >     > INGS .1.3.6.1.2.1.1.3.0 = Timeticks: (255971270) 29 days, 
> 15:01:52.70|.1.3.6.1.6.3.1.1.4.1.0 = OID: 
> .1.3.6.1.6.3.1.1.5.3|.1.3.6.1.2.1.2.2.1.1.51 = INTEGER: 
> 51|.1.3.6.1.2.1.2.2.1.7.51 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.51 = 
> INTEGER: down(2) END VARIABLEBINDINGS
>     >     >
>     >     > 2017-04-28|15:51:42|UDP: 
> [172.16.32.249]:161->[172.16.32.23]:162|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN 
> SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBIND
>     >     > INGS .1.3.6.1.2.1.1.3.0 = Timeticks: (255971678) 29 days, 
> 15:01:56.78|.1.3.6.1.6.3.1.1.4.1.0 = OID: 
> .1.3.6.1.4.1.9.6.1.101.0.185|.1.3.6.1.4.1.9.6.1.101.2.3.1.0 = STRING: 
> "%SEC-W-PORTUNAUTHORIZED: Port gi3 is 
> unAuthorized"|.1.3.6.1.4.1.9.6.1.101.2.3.2.0 = INTEGER: 1 END VARIABLEBINDINGS
>     >     >
>     >     > 2017-04-28|15:51:42|UDP: 
> [172.16.32.249]:161->[172.16.32.23]:162|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN 
> SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: 
> (255971680) 29 days, 15:01:56.80|.1.3.6.1.6.3.1.1.4.1.0 = OID: 
> .1.3.6.1.6.3.1.1.5.4|.1.3.6.1.2.1.2.2.1.1.51 = INTEGER: 
> 51|.1.3.6.1.2.1.2.2.1.7.51 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.51 = 
> INTEGER: up(1) END VARIABLEBINDINGS
>     >     >
>     >     > 2017-04-28|15:51:46|UDP: 
> [172.16.32.249]:161->[172.16.32.23]:162|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN 
> SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: 
> (255972128) 29 days, 15:02:01.28|.1.3.6.1.6.3.1.1.4.1.0 = OID: 
> .1.3.6.1.4.1.9.6.1.101.0.151|.1.3.6.1.4.1.9.6.1.101.2.3.1.0 = STRING: 
> "%STP-W-PORTSTATUS: gi3: STP status Forwarding
>     >     >
>     >     > [root@PacketFence-ZEN logs]# /usr/local/pf/bin/pfcmd_vlan -getMAC 
> -verbose 4 -switch 172.16.32.249 -ifIndex 51
>     >     > TRACE - Memory configuration is still valid for key 
> config::Switch in local cached_hash
>     >     > DEBUG - cache get for namespace='Default', key='HASH(0x3b53988)', 
> cache='RawMemory', time='0ms': MISS (not in cache)
>     >     > DEBUG - cache set for namespace='Default', 
> key='{"encoding":null,"reconnect":"60","server":"127.0.0.1:6379"}', size=1, 
> expires='never', cache='RawMemory', time='0ms'
>     >     > DEBUG - cache get for namespace='switch.overlay', 
> key='172.16.32.249', cache='Redis', time='6ms': MISS (not in cache)
>     >     > DEBUG - creating new pf::Switch::Cisco::SG300 object
>     >     > DEBUG - start handling 'getMac' command
>     >     > DEBUG - attempt 1 to obtain mac at 172.16.32.249 ifIndex 51
>     >     > DEBUG - opening SNMP v2c read connection to 172.16.32.249
>     >     > TRACE - SNMP get_request for sysLocation: 1.3.6.1.2.1.1.6.0
>     >     > DEBUG - cache get for namespace='Default', key='HASH(0x3b53988)', 
> cache='RawMemory', time='0ms': HIT
>     >     > DEBUG - cache get for namespace='switch', key='ARRAY(0x9f92f90)', 
> cache='Redis', time='1ms': MISS (not in cache)
>     >     > DEBUG - cache set for namespace='switch', 
> key='["172.16.32.249",["-varbindlist",["1.3.6.1.2.1.1.6.0"]]]', size=48, 
> expires='10m', cache='Redis', time='1ms'
>     >     > TRACE - SNMP get_request for vmVlan: 
> 1.3.6.1.4.1.9.9.68.1.2.2.1.2.51
>     >     > TRACE - SNMP get_table for ifPhysAddress: 1.3.6.1.2.1.2.2.1.6
>     >     > TRACE - SNMP get_table for dot1dBasePortIfIndex: 
> 1.3.6.1.2.1.17.1.4.1.2
>     >     > TRACE - SNMP get_table for dot1dTpFdbPort: 1.3.6.1.2.1.17.4.3.1.2
>     >     > WARN - couldn't get MAC at ifIndex 51. This is a problem.
>     >     > DEBUG - attempt 2 to obtain mac at 172.16.32.249 ifIndex 51
>     >     > TRACE - SNMP get_request for vmVlan: 
> 1.3.6.1.4.1.9.9.68.1.2.2.1.2.51
>     >     > TRACE - SNMP get_table for ifPhysAddress: 1.3.6.1.2.1.2.2.1.6
>     >     > TRACE - SNMP get_table for dot1dBasePortIfIndex: 
> 1.3.6.1.2.1.17.1.4.1.2
>     >     >
>     >     > thanks for any help here.
>     >     > Stefan
>     >     >
>     >     >
>     >     > 
> ------------------------------------------------------------------------------
>     >     > Check out the vibrant tech community on one of the world's most
>     >     > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>     >     > _______________________________________________
>     >     > PacketFence-users mailing list
>     >     > [email protected]
>     >     > https://lists.sourceforge.net/lists/listinfo/packetfence-users
>     >     
>     >     -- 
>     >     Fabrice Durand
>     >     [email protected] ::  +1.514.447.4918 (x135) ::  www.inverse.ca
>     >     Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and 
> PacketFence (http://packetfence.org) 
>     >     
>     >     
>     >     
> ------------------------------------------------------------------------------
>     >     Check out the vibrant tech community on one of the world's most
>     >     engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>     >     _______________________________________________
>     >     PacketFence-users mailing list
>     >     [email protected]
>     >     https://lists.sourceforge.net/lists/listinfo/packetfence-users
>     >     
>     >     
>     >
>     
>     -- 
>     Fabrice Durand
>     [email protected] ::  +1.514.447.4918 (x135) ::  www.inverse.ca
>     Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
> (http://packetfence.org) 
>     
>     
>     
> ------------------------------------------------------------------------------
>     Check out the vibrant tech community on one of the world's most
>     engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>     _______________________________________________
>     PacketFence-users mailing list
>     [email protected]
>     https://lists.sourceforge.net/lists/listinfo/packetfence-users
>     
>

-- 
Fabrice Durand
[email protected] ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to