Discussion:
[PacketFence-devel] configure HP Procurve 2530 on Packetfence 6.1.1
Kiefer, Jonas
2016-07-20 12:04:11 UTC
Permalink
Hello everybody,

i have problems with the configuration of packetfence and HP Procurve switches (J9774A).
I trie the out-of-band configuration with snmp traps from the administration guide 6.2.1.


Paketfence: v.6.1.1
Firmware oft he switch: YA.16.01.0007

My problem is that the snmp traps always ignored by the pfsetvlan service.

Logfile:
Jul 20 13:52:12 pfsetvlan(8) INFO: ignoring non trap line: 2016-07-20|11:52:09|UDP: [192.168.6.211]:161->[192.168.1.122]:162|192.168.6.211|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .1 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.4.1.11.2.14.2.10.2.1.2.1.1 = INTEGER: 1|.1.3.6.1.4.1.11.2.14.2.10.2.1.3.1.1 = INTEGER: 1|.1.3.6.1.4.1.11.2.14.2.10.2.1.4.1.1 = Hex-STRING: 40 A8 F0 50 7F E7 |.1.3.6.1.4.1.11.2.14.2.10.2.1.6.1.1 = INTEGER: 1|.1.3.6.1.4.1.11.2.14.2.10.2.1.7.1.1 = INTEGER: 1 END VARIABLEBINDINGS (main::parseTrap)

I also tried to modify the /usr/local/pf/lib/pf/Switch/HP.pm file like this:
} elsif ($trapString
=~ /BEGIN VARIABLEBINDINGS \.1\.3\.6\.1\.4\.1\.11\.2\.14\.2\.10\.2\.1\.2\.1\.\d+ = INTEGER: 1\|\.1\.3\.6\.1\.4\.1\.11\.2\.14\.2\.10\.2\.1\.3\.1\.\d+ = INTEGER: \d+\|\.1\.3\.6\.1\.4\.1\.11\.2\.14\.2\.10\.2\.1\.4\.1\.\d+ = Hex-String: $SNMP::MAC_ADDRESS_FORMAT/ ) {

$trapHashRef->{'trapType'} = 'secureMacAddrViolation';
$trapHashRef->{'trapIfIndex'} = $1;
$trapHashRef->{'trapMac'} = parse_mac_from_trap($2);
$trapHashRef->{'trapVlan'} = $self->getVlan( $trapHashRef->{'trapIfIndex'} );

But it still does not works...

Can someone help?


Regards
Jonas
Fabrice Durand
2016-07-20 12:24:01 UTC
Permalink
Hello Jonas,

can you try this patch:
https://github.com/inverse-inc/packetfence/commit/a6e6889f00ada38cc14eeb6630560da5b3c6d762.diff

Regards
Fabrice
Post by Kiefer, Jonas
Hello everybody,
i have problems with the configuration of packetfence and HP Procurve switches (J9774A).
I trie the out-of-band configuration with snmp traps from the
administration guide 6.2.1.
Paketfence: v.6.1.1
Firmware oft he switch: YA.16.01.0007
My problem is that the snmp traps always ignored by the pfsetvlan service.
[192.168.6.211]:161->[192.168.1.122]:162|192.168.6.211|BEGIN TYPE 6
END TYPE BEGIN SUBTYPE .1 END SUBTYPE BEGIN VARIABLEBINDINGS
1|.1.3.6.1.4.1.11.2.14.2.10.2.1.4.1.1 = Hex-STRING: 40 A8 F0 50 7F E7
1|.1.3.6.1.4.1.11.2.14.2.10.2.1.7.1.1 = INTEGER: 1 END
VARIABLEBINDINGS (main::parseTrap)
} elsif ($trapString
=~ /BEGIN VARIABLEBINDINGS
\d+\|\.1\.3\.6\.1\.4\.1\.11\.2\.14\.2\.10\.2\.1\.4\.1\.\d+ =
Hex-String: $SNMP::MAC_ADDRESS_FORMAT/ ) {
$trapHashRef->{'trapType'} = 'secureMacAddrViolation';
$trapHashRef->{'trapIfIndex'} = $1;
$trapHashRef->{'trapMac'} = parse_mac_from_trap($2);
$trapHashRef->{'trapVlan'} = $self->getVlan(
$trapHashRef->{'trapIfIndex'} );
But it still does not worksÂ…
Can someone help?
Regards
Jonas
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
PacketFence-devel mailing list
https://lists.sourceforge.net/lists/listinfo/packetfence-devel
--
Fabrice Durand
***@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
Loading...