Hello again,
We've setup a test network (one server, two clients and a Netgear GS748T
switch), installed PF and imported some nodes. The switch is configured
to send traps to a PF interface. However, they are never processed by
PF. We can see them arrive to the server with tshark or tcpdump but
nothing else happen. snmptrapd.log and packetfence.log are silent about
any traps-related event. snmptrapd is running and iptables is allowing
port 162. PF is running on CentOS 7.
Maybe the PF network configuration is wrong:
Interface VLAN Address Type
p4p1 switch VLAN99 10.0.99.100/24 Management -> where traps
should be received
p4p1.98 switch VLAN98 10.0.98.252/24 Mac Detection
p4p1.97 switch VLAN97 10.0.97.252/24 Registration
p4p1.96 switch VLAN96 10.0.96.252/24 Isolation
p4p1.30 switch VLAN30 10.0.30.252/24 for authorized clients
Maybe trap configuration is wrong:
public read-write 10.0.99.100/24
trap 10.0.99.100/24 port 162
Maybe the switch is not properly supported by PF. We're planning to
renew our switches next year.
Or are we totally missing something in the PF config ?
Regards
On 08/11/2018 19:52, Ludovic Zammit wrote:
Hello Mehdi,
Import all your Mac using a CSV file under Node > Create.
It will register all the Mac address and during the import you will
need to assign a role.
MAB, Mac authentication bypass is a RADIUS method. I think you want to
use SNMP which is most commonly call Port-Security using a trap
security event.
Thanks,
Ludovic Zammit
[email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145)
::www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
On Nov 8, 2018, at 11:35 AM, mehdi.mjahad--- via PacketFence-users
<[email protected]
<mailto:[email protected]>> wrote:
Hi,
We're trying to setup a wired MAC-based authorization system to
dynamically assign VLANs. We don't want to use RADIUS (not suitable
for our needs), just MAB.
We don't have any AD but already a list of all MACs addresses, which
may be formatted to any format if needed.
We thought PacketFence would be a great solution. The website (and
the documentation) describes a perfect suitable solution for our
existing infrastructure: Link Change SNMP Traps:
https://packetfence.org/about.html#/vlan
Our switches are Netgear GS748T (no Cisco in our infra) which only
support LinkUp/Down Traps. And since they're the same family than the
documented GS110 switch, we thought they would be usable with PF.
We installed PF in Bypass mode but we can't figure how to implement
the solution. The main trouble is we can't figure out where to fill
our MAC list into PF.
Do we need to create a VLAN filter for each MAC ? We're a bit lost
since wer'e PF beginners and we would be thankful for some help.
Regards
_______________________________________________
PacketFence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
