Menu
▾
▴
Re: [Packetfence-users] pfsetvlan trouble: ignoring unknown trap
|
From: Jasper S. <ja...@si...> - 2009-12-16 13:10:27
|
[I'm resending this E-Mail because the first time it doesn't seem to have been delivered to the list. If the first E-Mail has been received by the list apologies in advance for resending it] Hi all, Took me sometime before I had a chance to look into the issue with the 3Com S4500. I also tested PacketFence with a Cisco Catalyst 2950 switch which worked great. However I had to add 'spanning-tree portfast' to every non-trunk port on the switch. Otherwise PacketFence didn't work. What happened was that if you don't specify 'spanning-tree portfast' on every edge port was that the mac/port table got flushed everytime a port was connected / disconnected (The 'mac-address-table aging-time 3600' was completely ignored). This caused an error when PacketFence asked the switch for example; What MAC is connected to port 5. The switch doesn't know because the MAC table got flushed. Specifying 'spanning-tree portfast' on non trunk ports is probably a good idea anyway. But it seems to be a requirement for using PacketFence. Perhaps it should be put in the manual ? Now to get back to the 3Com S4500. I'm still experiencing problems with it. When the switch sees that a port has been disconnected it logs the following (The dates are wrong, I just resetted it for testing): -----8<---------------------------------------------- %May 30 21:11:41:320 2000 oranos L2INF/2/PORT LINK STATUS CHANGE:- 1 - Trap 1.3.6.1.6.3.1.1.5.3(linkDown): portIndex is 4227930, ifAdminStatus is 1, ifOperStatus is 2 %May 30 21:11:41:531 2000 oranos L2INF/5/PORT LINK STATUS CHANGE:- 1 - Ethernet1/0/39 is DOWN -----8<---------------------------------------------- And pfsetvlan logs the something like this: -----8<---------------------------------------------- Dec 11 17:42:07 pfsetvlan(22) INFO: ignoring unknown trap: 2009-12-11|16:42:04|UDP: [10.200.1.3]:1024|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (474638401) 54 days, 22:26:24.01|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.6.3.1.1.5.3|.1.3.6.1.2.1.2.2.1.1.4227794 = INTEGER: 4227794|.1.3.6.1.2.1.2.2.1.7.4227794 = INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.4227794 = INTEGER: down(2) END VARIABLEBINDINGS (main::parseTrap) -----8<---------------------------------------------- As you can see the link down mib (.1.3.6.1.6.3.1.1.5.3) is there. But is seems to be 'wrapped' together with a uptime (.1.3.6.1.2.1.1.3.0) mib ? This is BTW the result of using the factory default settings and the settings in the 'PacketFence_Administration_Guide-1.8.6' manual. Kind regards, Jasper On Thu, 22 Oct 2009 09:18:00 -0400, Regis Balzard <rba...@in...> wrote: > Jasper, > > as Olivier mentioned in his last email, "pfcmd_vlan -getType" does not > support 3Com switches so forget about this command. > > With regards to your 'unknown trap' issue, based on the trap OID > (1.3.6.1.4.1.43.45.1.6.10.1.1.7.1 which translation > gives > iso.org.dod.internet.private.enterprises.a3Com.jv-mib.huawei.huaweiUtility.h3cConfig.h3cConfigManObjects.h3cCfgLog.h3cCfgLogTable.h3cCfgLogEntry), > > > this is obviously neither a linkup nor a mac-security trap. > > So you need to look at your config and your documentation and make sure > you enable mac-security traps (this is the only > trap supported by PF for 3Com 4500). > > Regards. > > Regis Balzard > rba...@in... :: +1.514.447.4918 (x110) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (www.scalableogo.org) and PacketFence > (www.packetfence.org) > > > Jasper Siepkes wrote: >> Hi all, >> >> This is the output from snmpwalk: >> >> # snmpwalk -c 'public' -v 2c 10.200.1.3 1.3.6.1.2.1.1.1.0 >> SNMPv2-MIB::sysDescr.0 = STRING: 3Com Switch 4500 50-Port Software >> Version >> 3Com OS V3.03.02s168p04 >> >> # snmpwalk -c 'public' -v 2c 10.200.1.3 >> 1.3.6.1.4.1.674.10895.3000.1.2.100.1.0 >> SNMPv2-SMI::enterprises.674.10895.3000.1.2.100.1.0 = No Such Object >> available on this agent at this OID >> >> Last one seems to give an error. There are no ACL's inplace to prevent it >> from being queried for as far as I can see. I'm no SNMP expert (not even >> an >> SNMP novice for that matter :-) so what was the expected output ? >> >> Regards, >> >> Jasper >> >> On Tue, 20 Oct 2009 14:01:17 -0400, Olivier Bilodeau >> <obi...@in...> >> wrote: >>> Regis Balzard wrote: >>>> Jasper Siepkes wrote: >>>>> Hmm that's weird because thats the only trap the switch sends when >>>>> something is plugged into it. I guess this is only the linkup or >>>>> linkdown trap. Should the MAC trap be sent several seconds after a >>>>> linkup trap ? I thought I enabled all kinds of available traps in the >>>>> 3Com switch. Ill need to check that out to be sure. >>> Translating your trap OID: 1.3.6.1.4.1.43.45.1.6.10.1.1.7.1 gives: >>> >> .iso.org.dod.internet.private.enterprises.a3Com.jv-mib.huawei.huaweiUtility.h3cConfig.h3cConfigManObjects.h3cCfgLog.h3cCfgLogTable.h3cCfgLogEntry >>> This is not a linkUp/linkDown or port security trap looks more like >>> logging trap or something. Double-check your switch's config. >>> >>> >>>> I looked at the code and we may have an issue here with the OS version >> of >>>> your switch. I may have to add some code to >>>> handle this case in the future... >>>> >>>> So could you, please, execute the 2 following commands and send us the >>>> results (you need to install openldap-clients on >>>> the linux box): >>> Regis here meant net-snmp not openldap-clients. >>> >>>> snmpwalk -c 'readonly_community _name' -v 2c 10.200.1.3 >> 1.3.6.1.2.1.1.1.0 >>>> snmpwalk -c 'readonly_community _name' -v 2c 10.200.1.3 >>>> 1.3.6.1.4.1.674.10895.3000.1.2.100.1.0 >>>> >>>> Of course you replace readonly_community_name with the real readonly >>>> community name defined in your switch. >>>> >>> Forget about the results you got with pfcmd_vlan. -getType was not >>> implemented to recognize 3Coms. >>> >>> What you need to do first is make sure correct traps are sent to >>> packetfence. Check in logs/snmptrapd.log. >>> >>> Have a nice day! >>> >> >> ------------------------------------------------------------------------------ >> Come build with us! The BlackBerry(R) Developer Conference in SF, CA >> is the only developer event you need to attend this year. Jumpstart your >> developing skills, take BlackBerry mobile applications to market and >> stay >> ahead of the curve. Join us from November 9 - 12, 2009. Register now! >> http://p.sf.net/sfu/devconference >> _______________________________________________ >> Packetfence-users mailing list >> Pac...@li... >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > http://p.sf.net/sfu/devconference > _______________________________________________ > Packetfence-users mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-users |