Hi Fabrice, thanks for your help, I will test it. In this example for “cisco small business”, a SG500 is specified as the switch type,
-#-#- Once you have configured your switchports, you must configure the switch in PacketFence with the following information: Definition→Type: Cisco SG500 Definition→Mode: production #-#--# however i find for the selection only a Cisco::SG300. How i find this “Cisco SG500” ? Regards Stefan ##### Am 04.05.17, 17:32 schrieb "[email protected] -- Fabrice Durand" <[email protected]>: Hello Stefan, i asked one of my coworker who worked with this sort of switches and portsec is not working with packetfence. What you can do is to use it with radius (https://packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html#_cisco_small_business) Regards Fabrice Le 2017-05-04 à 11:03, Stefan Sabolowitsch a écrit : > Hi Fabrice, > SG300 / SG500 do not know CISCO-PORT-SECURITY-MIB 1.3.6.1.4.1.9.9.315.1.2.1.1.1 > > [root@PacketFence-ZEN etc]# snmpwalk -v 2c -c public 172.16.32.249 1.3.6.1.4.1.9.9.315.1.2.1.1.1 > SNMPv2-SMI::enterprises.9.9.315.1.2.1.1.1 = No Such Object available on this agent at this OID > > Regards > Stefan > > > .#.#.#.#.#. > Am 03.05.17, 22:04 schrieb "[email protected] -- Fabrice Durand" <[email protected]>: > > Hello Stefan, > > it looks that snmpget 1.3.6.1.4.1.9.9.315.1.2.1.1.1.51 return nothing. > > Can you try snmpwalk 1.3.6.1.4.1.9.9.315.1.2.1.1.1 ? > > Regards > > Fabrice > > > > Le 2017-05-03 à 12:02, Stefan Sabolowitsch a écrit : > > Bonjour Fabrice, > > Tout d'abord vous remercier de PacketFence. > > > > A pcap file is attached to this mail. > > 172.16.32.249 = SG300 Switch > > 172.16.32.23 = PacketFence > > > > [root@PacketFence-ZEN etc]# snmpwalk -v 2c -c public 172.16.32.249 1.3.6.1.2.1.17.4.3.1.2 > > SNMPv2-SMI::mib-2.17.4.3.1.2.0.20.253.22.202.8 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.0.21.23.119.111.168 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.0.21.23.212.11.128 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.0.21.23.218.156.228 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.0.21.23.218.158.212 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.0.26.75.49.217.63 = INTEGER: 56 > > SNMPv2-SMI::mib-2.17.4.3.1.2.0.26.232.26.196.154 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.0.28.66.103.179.230 = INTEGER: 49 > > SNMPv2-SMI::mib-2.17.4.3.1.2.0.29.9.221.232.11 = INTEGER: 51 > > SNMPv2-SMI::mib-2.17.4.3.1.2.0.30.103.151.242.53 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.0.31.18.35.23.133 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.0.37.0.241.239.58 = INTEGER: 49 > > SNMPv2-SMI::mib-2.17.4.3.1.2.0.64.157.68.249.43 = INTEGER: 57 > > SNMPv2-SMI::mib-2.17.4.3.1.2.0.80.86.148.71.55 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.0.192.183.78.154.181 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.52.219.253.131.216.9 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.52.219.253.131.216.18 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.124.117 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.124.127 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.124.249 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.125.3 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.125.193 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.125.203 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.126.129 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.126.139 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.126.151 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.126.161 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.127.181 = INTEGER: 0 > > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.133.130 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.80.6.171.53.133.140 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.120.215.95.149.164.18 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.128.232.111.3.136.192 = INTEGER: 58 > > SNMPv2-SMI::mib-2.17.4.3.1.2.128.232.111.3.136.196 = INTEGER: 58 > > > > > > Last question, is it the correct ifIndex (51) ? > > Yes, please look here. > > [root@PacketFence-ZEN etc]# snmpget -v 2c -c public 172.16.32.249 .1.3.6.1.2.1.17.4.3.1.1.0.29.9.221.232.11 > > SNMPv2-SMI::mib-2.17.4.3.1.1.0.29.9.221.232.11 = Hex-STRING: 00 1D 09 DD E8 0B > > > > Needed MAC Address on ifindex 51 > > > > Best regards. > > Stefan > > > > -#-#-#-#-#-#--#-#-#-#-#-#-# > > > > Am 01.05.17, 16:16 schrieb "[email protected] -- Fabrice Durand" <[email protected]>: > > > > Hello Stefan, > > > > can you take a capture on udp port 161 between PacketFence and the switch ? > > > > Also can you do a snmpwalk on this oid : 1.3.6.1.2.1.17.4.3.1.2 > > > > Last question, is it the correct ifIndex (51) ? > > > > Regards > > > > Fabrice > > > > > > > > Le 2017-04-30 à 07:13, Stefan Sabolowitsch a écrit : > > > Hi there, > > > have here SG300 / SG500, but packetfence get no MAC at index. > > > > > > Apr 28 18:06:56 PacketFence-ZEN packetfence: pfsetvlan(3) INFO: [mac:[undef]] up trap received on 172.16.32.249 ifIndex 51 (main::handleTrap) > > > Apr 28 18:06:56 PacketFence-ZEN packetfence: pfsetvlan(3) INFO: [mac:[undef]] setting 172.16.32.249 port 51 to MAC detection VLAN (main::handleTrap) > > > Apr 28 18:06:56 PacketFence-ZEN packetfence: pfsetvlan(3) WARN: [mac:[undef]] Should set ifIndex 51 to VLAN 4 but the switch is not in production -> Do nothing (pf::Switch::setVlan) > > > Apr 28 18:07:04 PacketFence-ZEN packetfence: pfsetvlan(3) WARN: [mac:[undef]] couldn't get MAC at ifIndex 51. This is a problem. (pf::Switch::_getMacAtIfIndex) > > > > > > 2017-04-28|15:51:38|UDP: [172.16.32.249]:161->[172.16.32.23]:162|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBIND > > > INGS .1.3.6.1.2.1.1.3.0 = Timeticks: (255971270) 29 days, 15:01:52.70|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.6.3.1.1.5.3|.1.3.6.1.2.1.2.2.1.1.51 = INTEGER: 51|.1.3.6.1.2.1.2.2.1.7.51 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.51 = INTEGER: down(2) END VARIABLEBINDINGS > > > > > > 2017-04-28|15:51:42|UDP: [172.16.32.249]:161->[172.16.32.23]:162|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBIND > > > INGS .1.3.6.1.2.1.1.3.0 = Timeticks: (255971678) 29 days, 15:01:56.78|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.6.1.101.0.185|.1.3.6.1.4.1.9.6.1.101.2.3.1.0 = STRING: "%SEC-W-PORTUNAUTHORIZED: Port gi3 is unAuthorized"|.1.3.6.1.4.1.9.6.1.101.2.3.2.0 = INTEGER: 1 END VARIABLEBINDINGS > > > > > > 2017-04-28|15:51:42|UDP: [172.16.32.249]:161->[172.16.32.23]:162|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (255971680) 29 days, 15:01:56.80|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.6.3.1.1.5.4|.1.3.6.1.2.1.2.2.1.1.51 = INTEGER: 51|.1.3.6.1.2.1.2.2.1.7.51 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.51 = INTEGER: up(1) END VARIABLEBINDINGS > > > > > > 2017-04-28|15:51:46|UDP: [172.16.32.249]:161->[172.16.32.23]:162|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (255972128) 29 days, 15:02:01.28|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.9.6.1.101.0.151|.1.3.6.1.4.1.9.6.1.101.2.3.1.0 = STRING: "%STP-W-PORTSTATUS: gi3: STP status Forwarding > > > > > > [root@PacketFence-ZEN logs]# /usr/local/pf/bin/pfcmd_vlan -getMAC -verbose 4 -switch 172.16.32.249 -ifIndex 51 > > > TRACE - Memory configuration is still valid for key config::Switch in local cached_hash > > > DEBUG - cache get for namespace='Default', key='HASH(0x3b53988)', cache='RawMemory', time='0ms': MISS (not in cache) > > > DEBUG - cache set for namespace='Default', key='{"encoding":null,"reconnect":"60","server":"127.0.0.1:6379"}', size=1, expires='never', cache='RawMemory', time='0ms' > > > DEBUG - cache get for namespace='switch.overlay', key='172.16.32.249', cache='Redis', time='6ms': MISS (not in cache) > > > DEBUG - creating new pf::Switch::Cisco::SG300 object > > > DEBUG - start handling 'getMac' command > > > DEBUG - attempt 1 to obtain mac at 172.16.32.249 ifIndex 51 > > > DEBUG - opening SNMP v2c read connection to 172.16.32.249 > > > TRACE - SNMP get_request for sysLocation: 1.3.6.1.2.1.1.6.0 > > > DEBUG - cache get for namespace='Default', key='HASH(0x3b53988)', cache='RawMemory', time='0ms': HIT > > > DEBUG - cache get for namespace='switch', key='ARRAY(0x9f92f90)', cache='Redis', time='1ms': MISS (not in cache) > > > DEBUG - cache set for namespace='switch', key='["172.16.32.249",["-varbindlist",["1.3.6.1.2.1.1.6.0"]]]', size=48, expires='10m', cache='Redis', time='1ms' > > > TRACE - SNMP get_request for vmVlan: 1.3.6.1.4.1.9.9.68.1.2.2.1.2.51 > > > TRACE - SNMP get_table for ifPhysAddress: 1.3.6.1.2.1.2.2.1.6 > > > TRACE - SNMP get_table for dot1dBasePortIfIndex: 1.3.6.1.2.1.17.1.4.1.2 > > > TRACE - SNMP get_table for dot1dTpFdbPort: 1.3.6.1.2.1.17.4.3.1.2 > > > WARN - couldn't get MAC at ifIndex 51. This is a problem. > > > DEBUG - attempt 2 to obtain mac at 172.16.32.249 ifIndex 51 > > > TRACE - SNMP get_request for vmVlan: 1.3.6.1.4.1.9.9.68.1.2.2.1.2.51 > > > TRACE - SNMP get_table for ifPhysAddress: 1.3.6.1.2.1.2.2.1.6 > > > TRACE - SNMP get_table for dot1dBasePortIfIndex: 1.3.6.1.2.1.17.1.4.1.2 > > > > > > thanks for any help here. > > > Stefan > > > > > > > > > ------------------------------------------------------------------------------ > > > Check out the vibrant tech community on one of the world's most > > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > _______________________________________________ > > > PacketFence-users mailing list > > > [email protected] > > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > -- > > Fabrice Durand > > [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca > > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) > > > > > > ------------------------------------------------------------------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > _______________________________________________ > > PacketFence-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > > > > > -- > Fabrice Durand > [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
