Found it! 2 weeks ago I upgrade the ios on the cisco switch to de latest. This version reconfigs the port configuration with: switchport port-security mac-address sticky xxxx.xxxx.xxxx
The word sticky must not be there before the mac. after issues with PF I downgrade back but the config stays the same.. I read the config before the upgrade and is was: switchport port-security mac-address xxxx.xxxx.xxxx is changed the to the line without sticky and everything is working now. So it was not PF but Cisco ☹ [http://www.dezb.nl/content/dam/zeeland/zeeuwse/bestanden/logo-zb-email.jpg] M. Langendoen Networkadministrator mlangend...@dezb.nl<mailto:mlangend...@dezb.nl> +31(0)118654307 i...@dezb.nl<mailto:i...@dezb.nl> [http://www.dezb.nl/icoontjes-social-media/facebook.jpg]<https://www.facebook.com/dezbnl>[http://www.dezb.nl/icoontjes-social-media/twitter.jpg]<https://www.twitter.com/dezbnl>[cid:image003.jpg@01D756C8.534381E0]<https://www.linkedin.com/company/dezbnl>[http://www.dezb.nl/icoontjes-social-media/instagram.jpg]<https://www.instagram.com/dezbnl> www.dezb.nl<http://www.dezb.nl/> Kousteensedijk 7 4331 JE Middelburg Postbus 8004 4330 EA Middelburg Ik werk op: ma,wo halve dag di,do,vr hele dag Van: Martijn Langendoen via PacketFence-users <packetfence-users@lists.sourceforge.net> Verzonden: 31 May 2021 16:27 Aan: 'packetfence-users@lists.sourceforge.net' <packetfence-users@lists.sourceforge.net> CC: Martijn Langendoen <mlangend...@dezb.nl> Onderwerp: [PacketFence-users] snmptrap security stops working for one switch Hi all, I run PF with 50 Cisco switches all in one group so the settings is all the same. Suddenly on one switch mac security with snmp traps stops working. In de snmptrapd.log i see many lines like this: 2021-05-31|07:06:40|UDP: [10.10.0.81]:60240->[10.10.0.251]:162|10.10.0.81|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .1 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.2.2.1.1.10128 = Wrong Type (should be INTEGER): Gauge32: 10128|.1.3.6.1.2.1.31.1.1.1.1.10128 = STRING: GigabitEthernet1/0/28|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10128 = Hex-STRING: 7C 8A E1 71 95 C3 END VARIABLEBINDINGS Packetfence.log says for a mac: May 31 13:29:23 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(592) INFO: [mac:7c:8a:e1:71:95:c3] Instantiate profile Guests (pf::Connection::ProfileFactory::_from_profile) May 31 13:29:23 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(592) INFO: [mac:7c:8a:e1:71:95:c3] User default has authenticated on the portal. (Class::MOP::Class:::after) May 31 13:29:23 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(592) WARN: [mac:7c:8a:e1:71:95:c3] Unknown network type for network 10.10.0.0 (pf::config::get_network_type) May 31 13:29:24 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(592) INFO: [mac:7c:8a:e1:71:95:c3] Device is registered and still on the portal, attempting to release it again. (captiveportal::PacketFence::DynamicRouting::Module::Root::unknown_state) May 31 13:29:24 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(594) WARN: [mac:7c:8a:e1:71:95:c3] locale from the URL is not supported (pf::Portal::Session::getLanguages) May 31 13:29:24 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(594) INFO: [mac:7c:8a:e1:71:95:c3] Instantiate profile Guests (pf::Connection::ProfileFactory::_from_profile) May 31 13:29:24 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(594) WARN: [mac:7c:8a:e1:71:95:c3] locale from the URL is not supported (captiveportal::PacketFence::Controller::Root::getLanguages) May 31 13:29:24 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(594) INFO: [mac:7c:8a:e1:71:95:c3] Releasing device (captiveportal::PacketFence::DynamicRouting::Module::Root::release) May 31 13:29:24 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(594) INFO: [mac:7c:8a:e1:71:95:c3] User default has authenticated on the portal. (Class::MOP::Class:::after) May 31 13:29:24 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(594) WARN: [mac:7c:8a:e1:71:95:c3] Unknown network type for network 10.10.0.0 (pf::config::get_network_type) May 31 13:29:24 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(594) WARN: [mac:7c:8a:e1:71:95:c3] locale from the URL is not supported (pf::Portal::Session::getLanguages) May 31 13:29:24 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(594) INFO: [mac:7c:8a:e1:71:95:c3] re-evaluating access (manage_register called) (pf::enforcement::reevaluate_access) May 31 13:29:24 PacketFence-ZEN packetfence_httpd.portal: httpd.portal(594) WARN: [mac:7c:8a:e1:71:95:c3] Can't re-evaluate access because no open locationlog entry was found (pf::enforcement::reevaluate_access) May 31 13:29:24 PacketFence-ZEN pfqueue: pfqueue(32432) WARN: [mac:7c:8a:e1:71:95:c3] Unable to pull accounting history for device 7c:8a:e1:71:95:c3. The history set doesn't exist yet. (pf::accounting_events_history::latest_mac_history) May 31 13:29:41 PacketFence-ZEN pfqueue: pfqueue(1347) INFO: [mac:7c:8a:e1:71:95:c3] Instantiate profile Guests (pf::Connection::ProfileFactory::_from_profile) The mac has a role configured and that is not guests like the logging says. Switching roles triggers nothing on the switch. I restarted the switch already. What can it be? [http://www.dezb.nl/content/dam/zeeland/zeeuwse/bestanden/logo-zb-email.jpg] M. Langendoen Networkadministrator mlangend...@dezb.nl<mailto:mlangend...@dezb.nl> +31(0)118654307 i...@dezb.nl<mailto:i...@dezb.nl> [http://www.dezb.nl/icoontjes-social-media/facebook.jpg]<https://www.facebook.com/dezbnl>[http://www.dezb.nl/icoontjes-social-media/twitter.jpg]<https://www.twitter.com/dezbnl>[cid:image003.jpg@01D756C8.534381E0]<https://www.linkedin.com/company/dezbnl>[http://www.dezb.nl/icoontjes-social-media/instagram.jpg]<https://www.instagram.com/dezbnl> www.dezb.nl<http://www.dezb.nl/> Kousteensedijk 7 4331 JE Middelburg Postbus 8004 4330 EA Middelburg Ik werk op: ma,wo halve dag di,do,vr hele dag
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
