Menu
▾
▴
Re: [PacketFence-users] Packetfence-ZEN-5-1 bandwidth violation
|
From: Hubert K. <ku...@un...> - 2015-07-30 04:50:22
|
Hello Louis, I turned off pfbandwidth.d as you said. pf.conf: [general] # # general.domain # # Domain name of PacketFence system. domain=our domain # # general.hostname # # Hostname of PacketFence system. This is concatenated with the domain in Apache rewriting rules and therefore must be resolvable by clients. hostname=pfence2 # # general.dnsservers # # Comma-delimited list of DNS servers. Passthroughs are created to allow queries to these servers from even "trapped" nodes. dnsservers=IPs of our dns servers,127.0.0.1 # # general.dhcpservers # # Comma-delimited list of DHCP servers. Passthroughs are created to allow DHCP transactions from even "trapped" nodes. dhcpservers=127.0.0.1,IPs of our dhcp servers # # general.timezone # # System's timezone in string format. Supported list: # http://www.php.net/manual/en/timezones.php timezone=Europe/Berlin [trapping] # # trapping.range # # Comma-delimited list of address ranges/CIDR blocks that PacketFence will monitor/detect/trap on. Gateway, network, and # broadcast addresses are ignored. range=our range [alerting] # # alerting.emailaddr # # Email address to which notifications of rogue DHCP servers, violations with an action of "email", or any other # PacketFence-related message goes to. ema...@un... [database] # # database.pass # # Password for the mysql database used by PacketFence. pass=foo # # database.user # # Username of the account with access to the mysql database used by PacketFence. user=fooadmin [expire] # # expire.node # # Time before a node is removed due to inactivity. # A value of 0D disables expiration. # example: # node=90D node=2m [services] # # services.pfsetvlan # # Should pfsetvlan be managed by PacketFence? pfsetvlan=enabled # # services.snmptrapd # # Should snmptrapd be managed by PacketFence? snmptrapd=enabled # database.pass # # Password for the mysql database used by PacketFence. pass=foo # # database.user # # Username of the account with access to the mysql database used by PacketFence. user=fooadmin [expire] # # expire.node # # Time before a node is removed due to inactivity. # A value of 0D disables expiration. # example: # node=90D node=2m [services] # # services.pfsetvlan # # Should pfsetvlan be managed by PacketFence? pfsetvlan=enabled # # services.snmptrapd # # Should snmptrapd be managed by PacketFence? snmptrapd=enabled [inline] # # inline.interfaceSNAT # Choose the interface(s) you want to use to enable snat (by default it´s the management interface) interfaceSNAT=eth0.209 # inline.accounting # # Should we handle accouting data for inline clients? # This controls inline accouting tasks in pfmon. accounting=enabled [interface eth0.37] enforcement=vlan ip=ip for vlan 37 type=management mask=255.255.255.0 [interface eth0.209] enforcement=vlan ip=ip for vlan 209 type=internal,monitor mask=255.255.255.0 [interface eth0.212] enforcement=vlan ip=ip for vlan 212 type=internal mask=255.255.255.0 [interface eth0.213] enforcement=vlan ip=ip for vlan 213 type=internal mask=255.255.255.0 Am 29.07.2015 um 15:39 schrieb Louis Munro: > Is this inline or out-of-band? > > Please post your pf.conf. > > Regards, > -- > Louis Munro > lm...@in... <mailto:lm...@in...> :: www.inverse.ca > <http://www.inverse.ca> > +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 > Inverse inc. :: Leaders behind SOGo (www.sogo.nu <http://www.sogo.nu>) > and PacketFence (www.packetfence.org <http://www.packetfence.org>) > > On Jul 29, 2015, at 3:52 , Hubert Kupper <ku...@un... > <mailto:ku...@un...>> wrote: > >> Hi Louis, >> >> pfbandwidthd is using 100% cpu time and pfbandwidthd.log shows: >> >> Jul 20 07:30:57 pfbandwidthd(5868) INFO: pfbandwidthd starting and >> writing 5871 to /usr/local/pf/var/run/pfbandwidthd.pid >> (pf::services::util::createpid) >> Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught >> SIGTERM - terminating (main::normal_sighandler) >> Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught >> SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 >> (IO::Select::can_read) >> Jul 21 02:04:13 pfbandwidthd(5868) ERROR: pfbandwidthd: caught >> SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 >> (IO::Select::can_read) >> Jul 21 02:05:24 pfbandwidthd(6848) INFO: pfbandwidthd starting and >> writing 6851 to /usr/local/pf/var/run/pfbandwidthd.pid >> (pf::services::util::createpid) >> Jul 28 08:06:24 pfbandwidthd(6848) FATAL: pfbandwidthd: caught >> SIGTERM - terminating (main::normal_sighandler) >> Jul 28 08:06:24 pfbandwidthd(6848) FATAL: pfbandwidthd: caught >> SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 >> (IO::Select::can_read) >> Jul 28 08:06:24 pfbandwidthd(6848) ERROR: pfbandwidthd: caught >> SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 >> (IO::Select::can_read) >> Jul 28 08:06:24 pfbandwidthd(6848) FATAL: panic: leave_scope >> inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. >> (main::) >> Jul 28 08:06:24 pfbandwidthd(6848) ERROR: panic: leave_scope >> inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. >> (main::) >> Jul 28 08:06:24 pfbandwidthd(6848) FATAL: panic: leave_scope >> inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. >> (main::) >> Jul 28 08:06:24 pfbandwidthd(6848) ERROR: panic: leave_scope >> inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. >> (main::) >> Jul 28 08:07:29 pfbandwidthd(10196) INFO: pfbandwidthd starting and >> writing 10199 to /usr/local/pf/var/run/pfbandwidthd.pid >> (pf::services::util::createpid) >> Jul 29 07:59:56 pfbandwidthd(10196) FATAL: pfbandwidthd: caught >> SIGTERM - terminating (main::normal_sighandler) >> Jul 29 07:59:56 pfbandwidthd(10196) FATAL: pfbandwidthd: caught >> SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 >> (main::) >> Jul 29 07:59:56 pfbandwidthd(10196) ERROR: pfbandwidthd: caught >> SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 >> (main::) >> Jul 29 08:00:56 pfbandwidthd(12316) INFO: pfbandwidthd starting and >> writing 12319 to /usr/local/pf/var/run/pfbandwidthd.pid >> (pf::services::util::createpid) >> [root@PacketFence-ZEN-5-1 logs]# >> >> Regards, >> Hubert >> >> Am 28.07.2015 um 20:23 schrieb Louis Munro: >>> >>> On Jul 28, 2015, at 8:37 , Hubert Kupper <ku...@un... >>> <mailto:ku...@un...>> wrote: >>> >>>> there is traffic on port 1813 from the cisco switch to th server. >>>> tcpdump shows it. >>>> >>>> mysql> select count(*) from radacct; shows count(*) 44 >>> >>> >>> Is the MAC of the device among those listed in radacct? >>> >>> Something like this should return more: >>> >>> mysql> select >>> callingstationid,acctinputoctets,acctoutputoctets,acctstarttime from >>> radacct; >>> >>> >>> Regards, >>> -- >>> Louis Munro >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> PacketFence-users mailing list >> Pac...@li... >> <mailto:Pac...@li...> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > PacketFence-users mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- _____________________________________________ Hubert Kupper Universitaetsrechenzentrum in Landau Fortstrasse 7, D-76829 Landau Tel: +49 6341/28031173 Fax: +49 6341/28031267 |
