Re: [PacketFence-users] SG300 port showing up wrong

Wed, 22 May 2019 19:18:58 -0700 

can i also ask you to have a copy of the radius request ?
in the auditing tab click on the + on the left of the mac address then go in the radius tab. 

https://mgmt_ip:1443/admin/auditing

Thanks

Fabrice


Le 19-05-22 à 12 h 46, Stuart Gendron a écrit :
I assume I could make a copy of the SG300.pm file and have separate ones for 24 and 48 port switches? 

Here's the info you requested:

IF-MIB::ifDescr.49 = STRING: gigabitethernet1
IF-MIB::ifDescr.50 = STRING: gigabitethernet2
IF-MIB::ifDescr.51 = STRING: gigabitethernet3
IF-MIB::ifDescr.52 = STRING: gigabitethernet4
IF-MIB::ifDescr.53 = STRING: gigabitethernet5
IF-MIB::ifDescr.54 = STRING: gigabitethernet6
IF-MIB::ifDescr.55 = STRING: gigabitethernet7
IF-MIB::ifDescr.56 = STRING: gigabitethernet8
IF-MIB::ifDescr.57 = STRING: gigabitethernet9
IF-MIB::ifDescr.58 = STRING: gigabitethernet10
IF-MIB::ifDescr.59 = STRING: gigabitethernet11
IF-MIB::ifDescr.60 = STRING: gigabitethernet12
IF-MIB::ifDescr.61 = STRING: gigabitethernet13
IF-MIB::ifDescr.62 = STRING: gigabitethernet14
IF-MIB::ifDescr.63 = STRING: gigabitethernet15
IF-MIB::ifDescr.64 = STRING: gigabitethernet16
IF-MIB::ifDescr.65 = STRING: gigabitethernet17
IF-MIB::ifDescr.66 = STRING: gigabitethernet18
IF-MIB::ifDescr.67 = STRING: gigabitethernet19
IF-MIB::ifDescr.68 = STRING: gigabitethernet20
IF-MIB::ifDescr.69 = STRING: gigabitethernet21
IF-MIB::ifDescr.70 = STRING: gigabitethernet22
IF-MIB::ifDescr.71 = STRING: gigabitethernet23
IF-MIB::ifDescr.72 = STRING: gigabitethernet24
IF-MIB::ifDescr.73 = STRING: gigabitethernet25
IF-MIB::ifDescr.74 = STRING: gigabitethernet26
IF-MIB::ifDescr.75 = STRING: gigabitethernet27
IF-MIB::ifDescr.76 = STRING: gigabitethernet28
IF-MIB::ifDescr.77 = STRING: gigabitethernet29
IF-MIB::ifDescr.78 = STRING: gigabitethernet30
IF-MIB::ifDescr.79 = STRING: gigabitethernet31
IF-MIB::ifDescr.80 = STRING: gigabitethernet32
IF-MIB::ifDescr.81 = STRING: gigabitethernet33
IF-MIB::ifDescr.82 = STRING: gigabitethernet34
IF-MIB::ifDescr.83 = STRING: gigabitethernet35
IF-MIB::ifDescr.84 = STRING: gigabitethernet36
IF-MIB::ifDescr.85 = STRING: gigabitethernet37
IF-MIB::ifDescr.86 = STRING: gigabitethernet38
IF-MIB::ifDescr.87 = STRING: gigabitethernet39
IF-MIB::ifDescr.88 = STRING: gigabitethernet40
IF-MIB::ifDescr.89 = STRING: gigabitethernet41
IF-MIB::ifDescr.90 = STRING: gigabitethernet42
IF-MIB::ifDescr.91 = STRING: gigabitethernet43
IF-MIB::ifDescr.92 = STRING: gigabitethernet44
IF-MIB::ifDescr.93 = STRING: gigabitethernet45
IF-MIB::ifDescr.94 = STRING: gigabitethernet46
IF-MIB::ifDescr.95 = STRING: gigabitethernet47
IF-MIB::ifDescr.96 = STRING: gigabitethernet48
IF-MIB::ifDescr.97 = STRING: gigabitethernet49
IF-MIB::ifDescr.98 = STRING: gigabitethernet50
IF-MIB::ifDescr.99 = STRING: gigabitethernet51
IF-MIB::ifDescr.100 = STRING: gigabitethernet52
IF-MIB::ifDescr.1000 = STRING: Po1
IF-MIB::ifDescr.1001 = STRING: Po2
IF-MIB::ifDescr.1002 = STRING: Po3
IF-MIB::ifDescr.1003 = STRING: Po4
IF-MIB::ifDescr.1004 = STRING: Po5
IF-MIB::ifDescr.1005 = STRING: Po6
IF-MIB::ifDescr.1006 = STRING: Po7
IF-MIB::ifDescr.1007 = STRING: Po8
IF-MIB::ifDescr.3000 = STRING: tunnel1
IF-MIB::ifDescr.7000 = STRING: loopback1
IF-MIB::ifDescr.20000 = STRING: Logical-int 1
IF-MIB::ifDescr.100000 = STRING: 1
IF-MIB::ifDescr.100063 = STRING: 64
IF-MIB::ifDescr.100067 = STRING: 68
IF-MIB::ifDescr.100071 = STRING: 72
IF-MIB::ifDescr.100075 = STRING: 76
IF-MIB::ifDescr.100085 = STRING: 86
IF-MIB::ifDescr.100087 = STRING: 88
IF-MIB::ifDescr.100095 = STRING: 96
IF-MIB::ifDescr.100099 = STRING: 100
IF-MIB::ifDescr.300000 = STRING: 64
On Tue, May 21, 2019 at 9:02 PM Durand fabrice <[email protected] <mailto:[email protected]>> wrote: 

    So you can just change this line:

    
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Cisco/SG300.pm#L91

    with that:

    return $NAS_port - 48;

    My only concert is about other sg300 switches with let's say 24
    port ....

    Last thing, can you do a snmpwalk on the oid 1.3.6.1.2.1.2.2.1.2
    and paste the result ?

    Regards

    Fabrice


    Le 19-05-21 à 13 h 24, Stuart Gendron a écrit :

    Correct - it seems that the proper port for the SG300 switches is
    n-48 (where 48 is however many ports it has).

    Is this a global change, or can be tied to the device profile itself?

    On Tue, May 21, 2019 at 12:36 PM Fabrice Durand
    <[email protected] <mailto:[email protected]>> wrote:

        Hello Stuart,

        yes it's possible but when you plug in the port 2 is it the
        port 50 who appear in the log ?

        Regards

        Fabrice


        Le 19-05-21 à 11 h 42, Stuart Gendron a écrit :

        Logs below:

        May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql
        (sql): Closing connection (106): Hit idle_timeout, was idle
        for 431977 seconds
        May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql
        (sql): Closing connection (108): Hit idle_timeout, was idle
        for 431977 seconds
        May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql
        (sql): Closing connection (107): Hit idle_timeout, was idle
        for 431977 seconds
        May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql
        (sql): Closing connection (105): Hit idle_timeout, was idle
        for 431977 seconds
        May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql
        (sql): Opening additional connection (109), 1 of 64 pending
        slots used
        May 21 11:39:50 youi-packetfence-p1 auth[25948]: Need 2 more
        connections to reach min connections (3)
        May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql
        (sql): Opening additional connection (110), 1 of 63 pending
        slots used
        May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest
        (rest): Closing connection (98): Hit idle_timeout, was idle
        for 431989 seconds
        May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest
        (rest): Closing connection (97): Hit idle_timeout, was idle
        for 431977 seconds
        May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest
        (rest): Closing connection (99): Hit idle_timeout, was idle
        for 431977 seconds
        May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest
        (rest): Opening additional connection (100), 1 of 64 pending
        slots used
        May 21 11:39:51 youi-packetfence-p1 auth[25948]: Need 2 more
        connections to reach min connections (3)
        May 21 11:39:51 youi-packetfence-p1 auth[25948]: rlm_rest
        (rest): Opening additional connection (101), 1 of 63 pending
        slots used
        May 21 11:39:51 youi-packetfence-p1 auth[25948]: Need 1 more
        connections to reach min connections (3)
        May 21 11:39:51 youi-packetfence-p1 auth[25948]: rlm_sql
        (sql): Opening additional connection (111), 1 of 62 pending
        slots used
        May 21 11:39:51 youi-packetfence-p1 auth[25948]:
        [mac:0c:4d:e9:b9:23:ac] Rejected user: 0c4de9b923ac
        May 21 11:39:51 youi-packetfence-p1 auth[25948]: (41096)
        Rejected in post-auth: [0c4de9b923ac] (from client
        10.100.64.67 port 49 cli 0c:4d:e9:b9:23:ac)
        May 21 11:39:51 youi-packetfence-p1 auth[25948]: (41096)
        Login incorrect: [0c4de9b923ac] (from client 10.100.64.67
        port 49 cli 0c:4d:e9:b9:23:ac)
        May 21 11:40:02 youi-packetfence-p1 auth[25948]: Need 7 more
        connections to reach 10 spares
        May 21 11:40:02 youi-packetfence-p1 auth[25948]: rlm_sql
        (sql): Opening additional connection (112), 1 of 61 pending
        slots used
        May 21 11:40:02 youi-packetfence-p1 auth[25948]: Need 1 more
        connections to reach min connections (3)
        May 21 11:40:02 youi-packetfence-p1 auth[25948]: rlm_rest
        (rest): Opening additional connection (102), 1 of 62 pending
        slots used
        May 21 11:40:02 youi-packetfence-p1 auth[25948]: (41106)  
        Login OK: [testradius] (from client 10.100.64.67 port 49 cli
        0c:4d:e9:b9:23:ac via TLS tunnel)
        May 21 11:40:02 youi-packetfence-p1 auth[25948]:
        [mac:0c:4d:e9:b9:23:ac] Accepted user: testradius and
        returned VLAN 88
        May 21 11:40:02 youi-packetfence-p1 auth[25948]: (41107)
        Login OK: [testradius] (from client 10.100.64.67 port 49 cli
        0c:4d:e9:b9:23:ac)

        Looks like it's also sending port 49.

        Is there somewhere to make a modification where I can say
        $Port = $Port - 48 or something?

        On Thu, May 16, 2019 at 9:27 PM Durand fabrice
        <[email protected] <mailto:[email protected]>> wrote:

            Hello Stuart,

            it looks that the port is set to 49 in the radius request:

            May 16 11:40:01 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] handling radius autz request:
            from switch_ip => (10.100.64.67), connection_type =>
            Ethernet-NoEAP,switch_mac => (88:f0:77:d9:b2:48), mac =>
            [78:7b:8a:d3:ae:74], port => 49, username =>
            "787b8ad3ae74" (pf::radius::authorize)

            Are you able to check in the radius auditing what is the
            radius request (with all the attributes) and paste it to
            me ?

            Regards

            Fabrice


            Le 19-05-16 à 11 h 41, Stuart Gendron a écrit :

            Logs below:

            [root@youi-packetfence-p1 ~]# tail -f
            /usr/local/pf/logs/packetfence.log| grep 78:7b:8a:d3:ae:74
            May 16 11:40:01 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] handling radius autz request:
            from switch_ip => (10.100.64.67), connection_type =>
            Ethernet-NoEAP,switch_mac => (88:f0:77:d9:b2:48), mac
            => [78:7b:8a:d3:ae:74], port => 49, username =>
            "787b8ad3ae74" (pf::radius::authorize)
            May 16 11:40:01 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] Instantiate profile default
            (pf::Connection::ProfileFactory::_from_profile)
            May 16 11:40:01 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] Match rule
            mac_lan:unknown&pf_wired_mac_auth (pf::access_filter::test)
            May 16 11:40:01 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] vlan filter match ; belongs
            into REJECT VLAN (pf::role::getRegistrationRole)
            May 16 11:40:01 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] According to rules in
            fetchRoleForNode this node must be kicked out.
            Returning USERLOCK (pf::Switch::handleRadiusDeny)
            May 16 11:40:13 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] handling radius autz request:
            from switch_ip => (10.100.64.67), connection_type =>
            Ethernet-EAP,switch_mac => (88:f0:77:d9:b2:48), mac =>
            [78:7b:8a:d3:ae:74], port => 49, username =>
            "testradius" (pf::radius::authorize)
            May 16 11:40:13 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] Instantiate profile 802.1x
            (pf::Connection::ProfileFactory::_from_profile)
            May 16 11:40:13 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] Found authentication source(s)
            : 'YOUI-DC-P1' for realm 'null'
            (pf::config::util::filter_authentication_sources)
            May 16 11:40:13 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) WARN:
            [mac:78:7b:8a:d3:ae:74] Calling match with
            empty/invalid rule class. Defaulting to
            'authentication' (pf::authentication::match2)
            May 16 11:40:13 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] Using sources YOUI-DC-P1 for
            matching (pf::authentication::match2)
            May 16 11:40:13 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] LDAP testing connection
            (pf::LDAP::expire_if)
            May 16 11:40:13 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) ERROR:
            [mac:78:7b:8a:d3:ae:74] Error binding: 'Connection
            reset by peer' (pf::LDAP::log_error_msg)
            May 16 11:40:13 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) WARN:
            [mac:78:7b:8a:d3:ae:74] LDAP connection expired
            (pf::LDAP::expire_if)
            May 16 11:40:13 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] Matched rule
            (youi_tv_employees) in source YOUI-DC-P1, returning
            actions. (pf::Authentication::Source::match_rule)
            May 16 11:40:13 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] Matched rule
            (youi_tv_employees) in source YOUI-DC-P1, returning
            actions. (pf::Authentication::Source::match)
            May 16 11:40:13 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] Role has already been computed
            and we don't want to recompute it. Getting role from
            node_info (pf::role::getRegisteredRole)
            May 16 11:40:13 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] Username was defined
            "testradius" - returning role 'default'
            (pf::role::getRegisteredRole)
            May 16 11:40:13 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] PID: "testradius", Status: reg
            Returned VLAN: (undefined), Role: default
            (pf::role::fetchRoleForNode)
            May 16 11:40:13 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] (10.100.64.67) Added VLAN 88 to
            the returned RADIUS Access-Accept
            (pf::Switch::returnRadiusAccessAccept)
            May 16 11:40:13 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] violation 1300003 force-closed
            for 78:7b:8a:d3:ae:74
            (pf::violation::violation_force_close)
            May 16 11:40:13 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] Instantiate profile 802.1x
            (pf::Connection::ProfileFactory::_from_profile)
            May 16 11:40:13 youi-packetfence-p1
            packetfence_httpd.aaa: httpd.aaa(6346) INFO:
            [mac:78:7b:8a:d3:ae:74] Updating locationlog from
            accounting request (pf::api::handle_accounting_metadata)
            May 16 11:40:14 youi-packetfence-p1 pfqueue:
            pfqueue(18291) WARN: [mac:78:7b:8a:d3:ae:74] Unable to
            match MAC address to IP '10.100.90.109'
            (pf::ip4log::ip2mac)

            On Tue, May 14, 2019 at 9:18 PM Durand fabrice via
            PacketFence-users
            <[email protected]
            <mailto:[email protected]>> wrote:

                Hello Stuart,

                can you paste the log when you plug in the switch
                port ?

                tail -f /usr/local/pf/logs/packetfence.log| grep
                00:11:22:33:44:55

                with the real mac address of course.

                Regards

                Fabrice


                Le 19-05-14 à 10 h 43, Stuart Gendron via
                PacketFence-users a écrit :


                Hey there,

                Was wondering if anyone else has their ports
                showing up wrong for Cisco SG300 switches?

                This is when plugged into port 1 on a 48 port switch:

                Screen Shot 2019-05-14 at 10.42.07 AM.png

                If there's a way to fix it that'd be really
                appreciated :-)
-- 
                        *Stuart Gendron*
                IT Support Specialist

                *You.i Labs*
                307 Legget Drive, Kanata, ON, K2K 3C8
                
<https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g>
                t (613) 228-9107 x258 | c (613) 697-6853



                _______________________________________________
                PacketFence-users mailing list
                [email protected]  
<mailto:[email protected]>
                https://lists.sourceforge.net/lists/listinfo/packetfence-users

                _______________________________________________
                PacketFence-users mailing list
                [email protected]
                <mailto:[email protected]>
                https://lists.sourceforge.net/lists/listinfo/packetfence-users
-- 
                *Stuart Gendron*
            IT Support Specialist

            *You.i Labs*
            307 Legget Drive, Kanata, ON, K2K 3C8
            
<https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g>
            t (613) 228-9107 x258 | c (613) 697-6853
-- 
                *Stuart Gendron*
        IT Support Specialist

        *You.i Labs*
        307 Legget Drive, Kanata, ON, K2K 3C8
        
<https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g>
        t (613) 228-9107 x258 | c (613) 697-6853
-- Fabrice Durand 
        [email protected]  <mailto:[email protected]>  ::  +1.514.447.4918 (x135) 
::www.inverse.ca  <http://www.inverse.ca>
        Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and 
PacketFence (http://packetfence.org)
-- 
        *Stuart Gendron*
    IT Support Specialist

    *You.i Labs*
    307 Legget Drive, Kanata, ON, K2K 3C8
    
<https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g>
    t (613) 228-9107 x258 | c (613) 697-6853




--

        *Stuart Gendron*
IT Support Specialist

*You.i Labs*
307 Legget Drive, Kanata, ON, K2K 3C8 <https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g> 
t (613) 228-9107 x258 | c (613) 697-6853


_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to