Discussion:
[PacketFence-devel] SNMP traps not received / can't reach (ping) the switch from PF
Kristaps Dambergs
2015-09-19 14:21:52 UTC
Permalink
Hi,



I am trying to implement PF ZEN using 801.1x + MAC. When i connect laptop
to port 3 (Registration VLAN) or any other port nothing shows up
in snmptrapd.log. I can't even ping switch from pf server.

Hoping for some help.



Thanks



PF Logs:



[***@PacketFence-ZEN-5-3 ~]# tail -f /usr/local/pf/logs/packetfence.log

Sep 19 09:09:27 pfcmd.pl(1615) INFO: Daemon carbon-relay took 1.537 seconds
to start. (pf::services::manager::launchService)

Sep 19 09:09:27 pfcmd.pl(1615) INFO: Daemon collectd took 0.196 seconds to
start. (pf::services::manager::launchService)

Sep 19 09:09:27 pfcmd.pl(1615) INFO: pf::services::manager,
/usr/local/pf/lib/pf/services/manager.pm, 178
(pf::services::manager::dhcpd::generateConfig)

Sep 19 09:09:27 pfcmd.pl(1615) INFO: Memory configuration is not valid
anymore for key interfaces::listen_ints in local cached_hash
(pfconfig::cached::is_valid)

Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an undefined
interface... (pf::cluster::members_ips)

Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an undefined
interface... (pf::cluster::members_ips)

Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an undefined
interface... (pf::cluster::members_ips)

Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an undefined
interface... (pf::cluster::members_ips)

Sep 19 09:09:27 pfcmd.pl(1615) INFO: Daemon dhcpd took 0.241 seconds to
start. (pf::services::manager::launchService)

Sep 19 09:10:07 pfcmd.pl(1615) INFO: Daemon httpd.aaa took 40.085 seconds
to start. (pf::services::manager::launchService)

Sep 19 09:11:22 pfcmd.pl(1615) INFO: Daemon httpd.graphite took 36.280
seconds to start. (pf::services::manager::launchService)





[***@PacketFence-ZEN-5-3 ~]# tail -f /usr/local/pf/logs/snmptrapd.log

NET-SNMP version 5.5

2015-09-19 08:44:42 NET-SNMP version 5.5 Stopped.

Stopping snmptrapd



NET-SNMP version 5.5

2015-09-19 09:05:12 NET-SNMP version 5.5 Stopped.

Stopping snmptrapd



NET-SNMP version 5.5

NET-SNMP version 5.5



[***@PacketFence-ZEN-5-3 ~]# tail -f /usr/local/pf/logs/snmptrapd.log

NET-SNMP version 5.5

2015-09-19 08:44:42 NET-SNMP version 5.5 Stopped.

Stopping snmptrapd



NET-SNMP version 5.5

2015-09-19 09:05:12 NET-SNMP version 5.5 Stopped.

Stopping snmptrapd



NET-SNMP version 5.5

NET-SNMP version 5.5





[***@PacketFence-ZEN-5-3 ~]# sudo vi /usr/local/pf/conf/switches.conf

RoleMap=Y

mode=testing

macSearchesMaxNb=30

macSearchesSleepInterval=2

uplink=dynamic

#

# Command Line Interface

#

# cliTransport could be: Telnet, SSH or Serial

cliTransport=Telnet

cliUser=

cliPwd=

cliEnablePwd=

#

# SNMP section

#

# PacketFence -> Switch

SNMPVersion=1

SNMPCommunityRead=public

SNMPCommunityWrite=private

#SNMPEngineID = 0000000000000

#SNMPUserNameRead = readUser

#SNMPAuthProtocolRead = MD5

#SNMPAuthPasswordRead = authpwdread

#SNMPPrivProtocolRead = DES

#SNMPPrivPasswordRead = privpwdread

#SNMPUserNameWrite = writeUser

#SNMPAuthProtocolWrite = MD5

#SNMPAuthPasswordWrite = authpwdwrite

#SNMPPrivProtocolWrite = DES

#SNMPPrivPasswordWrite = privpwdwrite

# Switch -> PacketFence

SNMPVersionTrap=1

SNMPCommunityTrap=public

#SNMPAuthProtocolTrap = MD5

#SNMPAuthPasswordTrap = authpwdread

#SNMPPrivProtocolTrap = DES

#SNMPPrivPasswordTrap = privpwdread

#

# Web Services Interface

#

# wsTransport could be: http or https

wsTransport=http

wsUser=

wsPwd=

#

# RADIUS NAS Client config

#

# RADIUS shared secret with switch

radiusSecret=



[192.168.0.3]

mode=production

deauthMethod=RADIUS

AccessListMap=N

description=2610

SNMPVersionTrap=1

type=HP::Procurve_2600

VoIPEnabled=N

radiusSecret="PASSWD"

uplink_dynamic=0

uplink=23,24





My procurve 2610 config:



Running configuration:



; J9086A Configuration Editor; Created on release #R.11.60



hostname "ProCurveSwitch"

time timezone 180

no telnet-server

interface 23

name "pfserver"

exit

trunk 23 Trk1 Trunk

timesync sntp

vlan 1

name "Default"

untagged 1-2,4-22,24-28,Trk1

ip address 192.168.0.3 255.255.255.0

no untagged 3

exit

vlan 2

name "Registration"

untagged 3

ip address 192.168.2.1 255.255.255.0

tagged Trk1

exit

vlan 3

name "Isolation"

ip address 192.168.3.1 255.255.255.0

tagged Trk1

exit

vlan 10

name "Normal"

ip address 192.168.1.1 255.255.255.0

tagged Trk1

exit

radius-server host 192.168.0.10 key Parole321

aaa server-group radius "packetfence" host 192.168.0.10

aaa authentication port-access eap-radius server-group "packetfence"

aaa authentication mac-based chap-radius server-group "packetfence"

port-security 1 learn-mode port-access action send-alarm

port-security 2 learn-mode port-access action send-alarm

port-security 3 learn-mode port-access action send-alarm

port-security 4 learn-mode port-access action send-alarm

port-security 5 learn-mode port-access action send-alarm

port-security 6 learn-mode port-access action send-alarm

port-security 7 learn-mode port-access action send-alarm

port-security 8 learn-mode port-access action send-alarm

port-security 9 learn-mode port-access action send-alarm

port-security 10 learn-mode port-access action send-alarm

port-security 11 learn-mode port-access action send-alarm

port-security 12 learn-mode port-access action send-alarm

port-security 13 learn-mode port-access action send-alarm

port-security 14 learn-mode port-access action send-alarm

port-security 15 learn-mode port-access action send-alarm

port-security 16 learn-mode port-access action send-alarm

port-security 17 learn-mode port-access action send-alarm

port-security 18 learn-mode port-access action send-alarm

port-security 19 learn-mode port-access action send-alarm

port-security 20 learn-mode port-access action send-alarm

port-security 21 learn-mode port-access action send-alarm

port-security 22 learn-mode port-access action send-alarm

snmp-server host 192.168.0.10 community "public" informs trap-level Not-INFO

no snmp-server enable traps link-change 1-22

sntp unicast

sntp server 129.6.15.30

aaa port-access authenticator 1-22

aaa port-access authenticator 1 client-limit 1

aaa port-access authenticator 2 client-limit 1

aaa port-access authenticator 3 client-limit 1

aaa port-access authenticator 4 client-limit 1

aaa port-access authenticator 5 client-limit 1

aaa port-access authenticator 6 client-limit 1

aaa port-access authenticator 7 client-limit 1

aaa port-access authenticator 8 client-limit 1

aaa port-access authenticator 9 client-limit 1

aaa port-access authenticator 10 client-limit 1

aaa port-access authenticator 11 client-limit 1

aaa port-access authenticator 12 client-limit 1

aaa port-access authenticator 13 client-limit 1

aaa port-access authenticator 14 client-limit 1

aaa port-access authenticator 15 client-limit 1

aaa port-access authenticator 16 client-limit 1

aaa port-access authenticator 17 client-limit 1

aaa port-access authenticator 18 client-limit 1

aaa port-access authenticator 19 client-limit 1

aaa port-access authenticator 20 client-limit 1

aaa port-access authenticator 21 client-limit 1

aaa port-access authenticator 22 client-limit 1

aaa port-access authenticator active

aaa port-access mac-based 1-22

aaa port-access mac-based 1 addr-moves

aaa port-access mac-based 1 reauth-period 14400

aaa port-access mac-based 2 addr-moves

aaa port-access mac-based 2 reauth-period 14400

aaa port-access mac-based 3 addr-moves

aaa port-access mac-based 3 reauth-period 14400

aaa port-access mac-based 4 addr-moves

aaa port-access mac-based 4 reauth-period 14400

aaa port-access mac-based 5 addr-moves

aaa port-access mac-based 5 reauth-period 14400

aaa port-access mac-based 6 addr-moves

aaa port-access mac-based 6 reauth-period 14400

aaa port-access mac-based 7 addr-moves

aaa port-access mac-based 7 reauth-period 14400

aaa port-access mac-based 8 addr-moves

aaa port-access mac-based 8 reauth-period 14400

aaa port-access mac-based 9 addr-moves

aaa port-access mac-based 9 reauth-period 14400

aaa port-access mac-based 10 addr-moves

aaa port-access mac-based 10 reauth-period 14400

aaa port-access mac-based 11 addr-moves

aaa port-access mac-based 11 reauth-period 14400

aaa port-access mac-based 12 addr-moves

aaa port-access mac-based 12 reauth-period 14400

aaa port-access mac-based 13 addr-moves

aaa port-access mac-based 13 reauth-period 14400

aaa port-access mac-based 14 addr-moves

aaa port-access mac-based 14 reauth-period 14400

aaa port-access mac-based 15 addr-moves

aaa port-access mac-based 15 reauth-period 14400

aaa port-access mac-based 16 addr-moves

aaa port-access mac-based 16 reauth-period 14400

aaa port-access mac-based 17 addr-moves

aaa port-access mac-based 17 reauth-period 14400

aaa port-access mac-based 18 addr-moves

aaa port-access mac-based 18 reauth-period 14400

aaa port-access mac-based 19 addr-moves

aaa port-access mac-based 19 reauth-period 14400

aaa port-access mac-based 20 addr-moves

aaa port-access mac-based 20 reauth-period 14400

aaa port-access mac-based 21 addr-moves

aaa port-access mac-based 21 reauth-period 14400

aaa port-access mac-based 22 addr-moves

aaa port-access mac-based 22 reauth-period 14400

aaa port-access 1 controlled-direction in

aaa port-access 2 controlled-direction in

aaa port-access 3 controlled-direction in

aaa port-access 4 controlled-direction in

aaa port-access 5 controlled-direction in

aaa port-access 6 controlled-direction in

aaa port-access 7 controlled-direction in

aaa port-access 8 controlled-direction in

aaa port-access 9 controlled-direction in

aaa port-access 10 controlled-direction in

aaa port-access 11 controlled-direction in

aaa port-access 12 controlled-direction in

aaa port-access 13 controlled-direction in

aaa port-access 14 controlled-direction in

aaa port-access 15 controlled-direction in

aaa port-access 16 controlled-direction in

aaa port-access 17 controlled-direction in

aaa port-access 18 controlled-direction in

aaa port-access 19 controlled-direction in

aaa port-access 20 controlled-direction in

aaa port-access 21 controlled-direction in

aaa port-access 22 controlled-direction in

spanning-tree Trk1 priority 4

ip ssh

password manager

password operator
Louis Munro
2015-09-21 20:03:52 UTC
Permalink
Please ask the packetfence-users mailing list.

This list is for PacketFence development related questions.

A hint though:
802.1x and SNMP are mutually exclusive.

--
Louis Munro
***@inverse.ca :: www.inverse.ca
+1.514.447.4918 x125 :: +1 (866) 353-6153 x125
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)
Hi,
I am trying to implement PF ZEN using 801.1x + MAC. When i connect laptop to port 3 (Registration VLAN) or any other port nothing shows up in snmptrapd.log. I can't even ping switch from pf server.
Hoping for some help.
Thanks
Sep 19 09:09:27 pfcmd.pl(1615) INFO: Daemon carbon-relay took 1.537 seconds to start. (pf::services::manager::launchService)
Sep 19 09:09:27 pfcmd.pl(1615) INFO: Daemon collectd took 0.196 seconds to start. (pf::services::manager::launchService)
Sep 19 09:09:27 pfcmd.pl(1615) INFO: pf::services::manager, /usr/local/pf/lib/pf/services/manager.pm, 178 (pf::services::manager::dhcpd::generateConfig)
Sep 19 09:09:27 pfcmd.pl(1615) INFO: Memory configuration is not valid anymore for key interfaces::listen_ints in local cached_hash (pfconfig::cached::is_valid)
Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an undefined interface... (pf::cluster::members_ips)
Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an undefined interface... (pf::cluster::members_ips)
Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an undefined interface... (pf::cluster::members_ips)
Sep 19 09:09:27 pfcmd.pl(1615) WARN: requesting member ips for an undefined interface... (pf::cluster::members_ips)
Sep 19 09:09:27 pfcmd.pl(1615) INFO: Daemon dhcpd took 0.241 seconds to start. (pf::services::manager::launchService)
Sep 19 09:10:07 pfcmd.pl(1615) INFO: Daemon httpd.aaa took 40.085 seconds to start. (pf::services::manager::launchService)
Sep 19 09:11:22 pfcmd.pl(1615) INFO: Daemon httpd.graphite took 36.280 seconds to start. (pf::services::manager::launchService)
NET-SNMP version 5.5
2015-09-19 08:44:42 NET-SNMP version 5.5 Stopped.
Stopping snmptrapd
NET-SNMP version 5.5
2015-09-19 09:05:12 NET-SNMP version 5.5 Stopped.
Stopping snmptrapd
NET-SNMP version 5.5
NET-SNMP version 5.5
NET-SNMP version 5.5
2015-09-19 08:44:42 NET-SNMP version 5.5 Stopped.
Stopping snmptrapd
NET-SNMP version 5.5
2015-09-19 09:05:12 NET-SNMP version 5.5 Stopped.
Stopping snmptrapd
NET-SNMP version 5.5
NET-SNMP version 5.5
RoleMap=Y
mode=testing
macSearchesMaxNb=30
macSearchesSleepInterval=2
uplink=dynamic
#
# Command Line Interface
#
# cliTransport could be: Telnet, SSH or Serial
cliTransport=Telnet
cliUser=
cliPwd=
cliEnablePwd=
#
# SNMP section
#
# PacketFence -> Switch
SNMPVersion=1
SNMPCommunityRead=public
SNMPCommunityWrite=private
#SNMPEngineID = 0000000000000
#SNMPUserNameRead = readUser
#SNMPAuthProtocolRead = MD5
#SNMPAuthPasswordRead = authpwdread
#SNMPPrivProtocolRead = DES
#SNMPPrivPasswordRead = privpwdread
#SNMPUserNameWrite = writeUser
#SNMPAuthProtocolWrite = MD5
#SNMPAuthPasswordWrite = authpwdwrite
#SNMPPrivProtocolWrite = DES
#SNMPPrivPasswordWrite = privpwdwrite
# Switch -> PacketFence
SNMPVersionTrap=1
SNMPCommunityTrap=public
#SNMPAuthProtocolTrap = MD5
#SNMPAuthPasswordTrap = authpwdread
#SNMPPrivProtocolTrap = DES
#SNMPPrivPasswordTrap = privpwdread
#
# Web Services Interface
#
# wsTransport could be: http or https
wsTransport=http
wsUser=
wsPwd=
#
# RADIUS NAS Client config
#
# RADIUS shared secret with switch
radiusSecret=
[192.168.0.3]
mode=production
deauthMethod=RADIUS
AccessListMap=N
description=2610
SNMPVersionTrap=1
type=HP::Procurve_2600
VoIPEnabled=N
radiusSecret="PASSWD"
uplink_dynamic=0
uplink=23,24
; J9086A Configuration Editor; Created on release #R.11.60
hostname "ProCurveSwitch"
time timezone 180
no telnet-server
interface 23
name "pfserver"
exit
trunk 23 Trk1 Trunk
timesync sntp
vlan 1
name "Default"
untagged 1-2,4-22,24-28,Trk1
ip address 192.168.0.3 255.255.255.0
no untagged 3
exit
vlan 2
name "Registration"
untagged 3
ip address 192.168.2.1 255.255.255.0
tagged Trk1
exit
vlan 3
name "Isolation"
ip address 192.168.3.1 255.255.255.0
tagged Trk1
exit
vlan 10
name "Normal"
ip address 192.168.1.1 255.255.255.0
tagged Trk1
exit
radius-server host 192.168.0.10 key Parole321
aaa server-group radius "packetfence" host 192.168.0.10
aaa authentication port-access eap-radius server-group "packetfence"
aaa authentication mac-based chap-radius server-group "packetfence"
port-security 1 learn-mode port-access action send-alarm
port-security 2 learn-mode port-access action send-alarm
port-security 3 learn-mode port-access action send-alarm
port-security 4 learn-mode port-access action send-alarm
port-security 5 learn-mode port-access action send-alarm
port-security 6 learn-mode port-access action send-alarm
port-security 7 learn-mode port-access action send-alarm
port-security 8 learn-mode port-access action send-alarm
port-security 9 learn-mode port-access action send-alarm
port-security 10 learn-mode port-access action send-alarm
port-security 11 learn-mode port-access action send-alarm
port-security 12 learn-mode port-access action send-alarm
port-security 13 learn-mode port-access action send-alarm
port-security 14 learn-mode port-access action send-alarm
port-security 15 learn-mode port-access action send-alarm
port-security 16 learn-mode port-access action send-alarm
port-security 17 learn-mode port-access action send-alarm
port-security 18 learn-mode port-access action send-alarm
port-security 19 learn-mode port-access action send-alarm
port-security 20 learn-mode port-access action send-alarm
port-security 21 learn-mode port-access action send-alarm
port-security 22 learn-mode port-access action send-alarm
snmp-server host 192.168.0.10 community "public" informs trap-level Not-INFO
no snmp-server enable traps link-change 1-22
sntp unicast
sntp server 129.6.15.30
aaa port-access authenticator 1-22
aaa port-access authenticator 1 client-limit 1
aaa port-access authenticator 2 client-limit 1
aaa port-access authenticator 3 client-limit 1
aaa port-access authenticator 4 client-limit 1
aaa port-access authenticator 5 client-limit 1
aaa port-access authenticator 6 client-limit 1
aaa port-access authenticator 7 client-limit 1
aaa port-access authenticator 8 client-limit 1
aaa port-access authenticator 9 client-limit 1
aaa port-access authenticator 10 client-limit 1
aaa port-access authenticator 11 client-limit 1
aaa port-access authenticator 12 client-limit 1
aaa port-access authenticator 13 client-limit 1
aaa port-access authenticator 14 client-limit 1
aaa port-access authenticator 15 client-limit 1
aaa port-access authenticator 16 client-limit 1
aaa port-access authenticator 17 client-limit 1
aaa port-access authenticator 18 client-limit 1
aaa port-access authenticator 19 client-limit 1
aaa port-access authenticator 20 client-limit 1
aaa port-access authenticator 21 client-limit 1
aaa port-access authenticator 22 client-limit 1
aaa port-access authenticator active
aaa port-access mac-based 1-22
aaa port-access mac-based 1 addr-moves
aaa port-access mac-based 1 reauth-period 14400
aaa port-access mac-based 2 addr-moves
aaa port-access mac-based 2 reauth-period 14400
aaa port-access mac-based 3 addr-moves
aaa port-access mac-based 3 reauth-period 14400
aaa port-access mac-based 4 addr-moves
aaa port-access mac-based 4 reauth-period 14400
aaa port-access mac-based 5 addr-moves
aaa port-access mac-based 5 reauth-period 14400
aaa port-access mac-based 6 addr-moves
aaa port-access mac-based 6 reauth-period 14400
aaa port-access mac-based 7 addr-moves
aaa port-access mac-based 7 reauth-period 14400
aaa port-access mac-based 8 addr-moves
aaa port-access mac-based 8 reauth-period 14400
aaa port-access mac-based 9 addr-moves
aaa port-access mac-based 9 reauth-period 14400
aaa port-access mac-based 10 addr-moves
aaa port-access mac-based 10 reauth-period 14400
aaa port-access mac-based 11 addr-moves
aaa port-access mac-based 11 reauth-period 14400
aaa port-access mac-based 12 addr-moves
aaa port-access mac-based 12 reauth-period 14400
aaa port-access mac-based 13 addr-moves
aaa port-access mac-based 13 reauth-period 14400
aaa port-access mac-based 14 addr-moves
aaa port-access mac-based 14 reauth-period 14400
aaa port-access mac-based 15 addr-moves
aaa port-access mac-based 15 reauth-period 14400
aaa port-access mac-based 16 addr-moves
aaa port-access mac-based 16 reauth-period 14400
aaa port-access mac-based 17 addr-moves
aaa port-access mac-based 17 reauth-period 14400
aaa port-access mac-based 18 addr-moves
aaa port-access mac-based 18 reauth-period 14400
aaa port-access mac-based 19 addr-moves
aaa port-access mac-based 19 reauth-period 14400
aaa port-access mac-based 20 addr-moves
aaa port-access mac-based 20 reauth-period 14400
aaa port-access mac-based 21 addr-moves
aaa port-access mac-based 21 reauth-period 14400
aaa port-access mac-based 22 addr-moves
aaa port-access mac-based 22 reauth-period 14400
aaa port-access 1 controlled-direction in
aaa port-access 2 controlled-direction in
aaa port-access 3 controlled-direction in
aaa port-access 4 controlled-direction in
aaa port-access 5 controlled-direction in
aaa port-access 6 controlled-direction in
aaa port-access 7 controlled-direction in
aaa port-access 8 controlled-direction in
aaa port-access 9 controlled-direction in
aaa port-access 10 controlled-direction in
aaa port-access 11 controlled-direction in
aaa port-access 12 controlled-direction in
aaa port-access 13 controlled-direction in
aaa port-access 14 controlled-direction in
aaa port-access 15 controlled-direction in
aaa port-access 16 controlled-direction in
aaa port-access 17 controlled-direction in
aaa port-access 18 controlled-direction in
aaa port-access 19 controlled-direction in
aaa port-access 20 controlled-direction in
aaa port-access 21 controlled-direction in
aaa port-access 22 controlled-direction in
spanning-tree Trk1 priority 4
ip ssh
password manager
password operator
------------------------------------------------------------------------------
_______________________________________________
PacketFence-devel mailing list
https://lists.sourceforge.net/lists/listinfo/packetfence-devel
Loading...