[PacketFence-users] Unknown switch error after upgrade from 9.2 to 10

Jeff Linden via PacketFence-users Fri, 02 Oct 2020 08:03:13 -0700

Good day,

I upgraded PacketFence from version 9.2 to version 10 and am finding a new, 
odd, behavior I hope can be explained and eliminated.


The first lines below are from packetfence.log during an authentication 
attempt.  The first line is new where there is a warning about not finding a 
switch configuration that is named by MAC address.  All my switch definitions 
are by IP address (the second set of data below is a switch definition from 
switches.conf).

After that, the switch configuration is located by IP, the authentication 
source is identified, the connection profile is selected, the user is validated 
and the role is computed and returned.

But, then, there are more errors about "Unknown Switch(es)" as it is trying to 
be found by MAC address, not IP.  There is an error reported by radius.pm and 
there is a message stating the "request will be failed".


Despite the errors, I am successfully authenticated and provided with network 
access.

Having the error messages in the log is confusing and I expect will make 
troubleshooting difficult when a device is NOT provided access.

Any thoughts on why these errors occur and how to eliminate them?

Thank you,

Jeff


Oct  2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) ERROR: 
[mac:11:11:11:11:11:11] WARNING ! Unknown switch(es) 22:22:22:22:22:22 
(pf::SwitchFactory::instantiate)
Oct  2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) ERROR: 
[mac:11:11:11:11:11:11] Can not instantiate switch 22:22:22:22:22:22 ! 
(pf::radius::_handleStaticPortSecurityMovement)
Oct  2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) INFO: 
[mac:11:11:11:11:11:11] handling radius autz request: from switch_ip => 
(10.22.0.1), connection_type => Ethernet-EAP,switch_mac => (22:22:22:22:22:22), 
mac => [11:11:11:11:11:11], port => ge-1/0/32.0, username => "DOMAIN\user" 
(pf::radius::authorize)
Oct  2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) INFO: 
[mac:11:11:11:11:11:11] Instantiate profile 802.1x_Ethernet-EAP 
(pf::Connection::ProfileFactory::_from_profile)
Oct  2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) INFO: 
[mac:11:11:11:11:11:11] Found authentication source(s) : 
'DOMAIN,DOMAIN-Machine' for realm 'domain' 
(pf::config::util::filter_authentication_sources)
Oct  2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) INFO: 
[mac:11:11:11:11:11:11] (10.1.1.1) Added VLAN vlan1 to the returned RADIUS 
Access-Accept (pf::Switch::returnRadiusAccessAccept)
Oct  2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) INFO: 
[mac:11:11:11:11:11:11] Using sources DOMAIN, DOMAIN-Machine for matching 
(pf::authentication::match2)
Oct  2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) WARN: 
[mac:11:11:11:11:11:11] [DOMAIN catchAll] Searching for (sAMAccountName=user), 
from dc=jerviswebb,dc=com, with scope sub 
(pf::Authentication::Source::LDAPSource::match_in_subclass)
Oct  2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) INFO: 
[mac:11:11:11:11:11:11] Matched rule (catchAll) in source DOMAIN, returning 
actions. (pf::Authentication::Source::match_rule)
Oct  2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) INFO: 
[mac:11:11:11:11:11:11] Matched rule (catchAll) in source DOMAIN, returning 
actions. (pf::Authentication::Source::match)
Oct  2 09:06:08 nadc1-pfence-01 packetfence_httpd.aaa: httpd.aaa(1355) INFO: 
[mac:11:11:11:11:11:11] person DOMAIN\user modified to DOMAIN\user 
(pf::person::person_modify)
Oct  2 09:06:08 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: 
[mac:11:11:11:11:11:11] Found authentication source(s) : DOMAIN,DOMAIN-Machine' 
for realm 'domain' (pf::config::util::filter_authentication_sources)
Oct  2 09:06:08 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: 
[mac:11:11:11:11:11:11] Role has already been computed and we don't want to 
recompute it. Getting role from node_info (pf::role::getRegisteredRole)
Oct  2 09:06:08 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: 
[mac:11:11:11:11:11:11] Username was defined "DOMAIN\user" - returning role 
'default' (pf::role::getRegisteredRole)
Oct  2 09:06:08 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: 
[mac:11:11:11:11:11:11] PID: "DOMAIN\user", Status: reg Returned VLAN: 
(undefined), Role: default (pf::role::fetchRoleForNode)
Oct  2 09:06:08 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: 
[mac:11:11:11:11:11:11] (10.1.1.1) Added VLAN vlan1 to the returned RADIUS 
Access-Accept (pf::Switch::returnRadiusAccessAccept)
Oct  2 09:06:08 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: 
[mac:11:11:11:11:11:11] security_event 1300003 force-closed for 
11:11:11:11:11:11 (pf::security_event::security_event_force_close)
Oct  2 09:06:08 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: 
[mac:11:11:11:11:11:11] Instantiate profile 802.1x_Ethernet-EAP 
(pf::Connection::ProfileFactory::_from_profile)
Oct  2 09:06:08 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: 
[mac:11:11:11:11:11:11] security_event 1300003 force-closed for 
11:11:11:11:11:11 (pf::security_event::security_event_force_close)
Oct  2 09:06:08 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: 
[mac:11:11:11:11:11:11] Instantiate profile 802.1x_Ethernet-EAP 
(pf::Connection::ProfileFactory::_from_profile)
Oct  2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) INFO: 
[mac:11:11:11:11:11:11] Updating locationlog from accounting request 
(pf::api::handle_accounting_metadata)
Oct  2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) ERROR: 
[mac:11:11:11:11:11:11] WARNING ! Unknown switch(es) 22:22:22:22:22:22 
(pf::SwitchFactory::instantiate)
Oct  2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) WARN: 
[mac:11:11:11:11:11:11] Use of uninitialized value $switch_ip in concatenation 
(.) or string at /usr/local/pf/lib/pf/radius.pm line 527.
(pf::radius::update_locationlog_accounting)
Oct  2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) WARN: 
[mac:11:11:11:11:11:11] Can't instantiate switch (). This request will be 
failed. Are you sure your switches.conf is correct? 
(pf::radius::update_locationlog_accounting)
Oct  2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) ERROR: 
[mac:11:11:11:11:11:11] WARNING ! Unknown switch(es) 22:22:22:22:22:22 
(pf::SwitchFactory::instantiate)
Oct  2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) WARN: 
[mac:11:11:11:11:11:11] Use of uninitialized value $switch_ip in concatenation 
(.) or string at /usr/local/pf/lib/pf/radius.pm line 527.
(pf::radius::update_locationlog_accounting)
Oct  2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) WARN: 
[mac:11:11:11:11:11:11] Can't instantiate switch (). This request will be 
failed. Are you sure your switches.conf is correct? 
(pf::radius::update_locationlog_accounting)
Oct  2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) ERROR: 
[mac:11:11:11:11:11:11] WARNING ! Unknown switch(es) 22:22:22:22:22:22 
(pf::SwitchFactory::instantiate)
Oct  2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) WARN: 
[mac:11:11:11:11:11:11] Use of uninitialized value $switch_ip in concatenation 
(.) or string at /usr/local/pf/lib/pf/radius.pm line 527.
(pf::radius::update_locationlog_accounting)
Oct  2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) WARN: 
[mac:11:11:11:11:11:11] Can't instantiate switch (). This request will be 
failed. Are you sure your switches.conf is correct? 
(pf::radius::update_locationlog_accounting)
Oct  2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) ERROR: 
[mac:11:11:11:11:11:11] WARNING ! Unknown switch(es) 22:22:22:22:22:22 
(pf::SwitchFactory::instantiate)
Oct  2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) WARN: 
[mac:11:11:11:11:11:11] Use of uninitialized value $switch_ip in concatenation 
(.) or string at /usr/local/pf/lib/pf/radius.pm line 527.
(pf::radius::update_locationlog_accounting)
Oct  2 09:06:09 ServerName packetfence_httpd.aaa: httpd.aaa(1355) WARN: 
[mac:11:11:11:11:11:11] Can't instantiate switch (). This request will be 
failed. Are you sure your switches.conf is correct? 
(pf::radius::update_locationlog_accounting)



[10.1.1.1]
always_trigger=1
isolationVlan=PFIsolation
guestVlan=PFGuest
registrationVlan=PFRegistration
description=VC1
SNMPCommunityRead=community
radiusSecret=<secret>
SNMPCommunityWrite=community
group=group1
deauthMethod=RADIUS
defaultVlan=vlan1
SNMPCommunityTrap=community
inlineVlan=PFNULL
voiceVlan=Voice
cliUser=user
cliPwd=pass
gamingVlan=PFNULL
cliTransport=SSH
cliAccess=Y
type=Juniper::EX2300

PRIVACY NOTICE: The information contained in this e-mail, including any 
attachments, is confidential and intended only for the named recipient(s). 
Unauthorized use, disclosure, forwarding, or copying is strictly prohibited and 
may be unlawful. If you are not the intended recipient, please delete the 
e-mail and any attachments and notify us immediately by return e-mail.

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

[PacketFence-users] Unknown switch error after upgrade from 9.2 to 10

Reply via email to