Menu
▾
▴
Re: [PacketFence-users] Packetfence-ZEN-5-1 bandwidth violation
|
From: Hubert K. <ku...@un...> - 2015-08-03 12:28:54
|
Hi Fabrice, when I configure accounting interim update on the 2960 it works without deattaching but the wrong vlan (registration instead of isolation) will be assigned to the node. In vilations.conf vlan=isolation. Regards Hubert Am 31.07.2015 um 13:36 schrieb Durand fabrice: > Hi Hubert, > > Interim update has to be configured on the AP side, not on PacketFence > side. > > Regards > Fabrice > > > Le 2015-07-31 00:13, Hubert Kupper a écrit : >> Hi Fabrice, >> >> should I use PF ZEN 5.3.1 and how to upgrade from ZEN 5.1.? How to do >> a interim update of radius in ZEN? >> >> Regards >> Hubert >> >> Am 30.07.2015 um 14:19 schrieb Fabrice DURAND: >>> Hi Hubert, >>> >>> It works when you disconnect because a radius accounting stop is >>> sent, so it probably miss radius interim update. >>> >>> Regards >>> Fabrice >>> >>> Le 2015-07-30 07:29, Hubert Kupper a écrit : >>>> Hi Louis, >>>> >>>> I had a copy of the original violations.conf and copied it into the >>>> pf/conf directory. I edited the bandwidth exampel of the new >>>> violations.conf and now it works! The violation occours when I >>>> download more than 2GB/day but only if I disattach my device from >>>> network. What can be the reason of this? >>>> >>>> Regards, >>>> Hubert >>>> >>>> Am 30.07.2015 um 06:50 schrieb Hubert Kupper: >>>>> Hello Louis, >>>>> >>>>> I turned off pfbandwidth.d as you said. >>>>> >>>>> pf.conf: >>>>> >>>>> [general] >>>>> # >>>>> # general.domain >>>>> # >>>>> # Domain name of PacketFence system. >>>>> domain=our domain >>>>> # >>>>> # general.hostname >>>>> # >>>>> # Hostname of PacketFence system. This is concatenated with the >>>>> domain in Apache rewriting rules and therefore must be resolvable >>>>> by clients. >>>>> hostname=pfence2 >>>>> # >>>>> # general.dnsservers >>>>> # >>>>> # Comma-delimited list of DNS servers. Passthroughs are created >>>>> to allow queries to these servers from even "trapped" nodes. >>>>> dnsservers=IPs of our dns servers,127.0.0.1 >>>>> # >>>>> # general.dhcpservers >>>>> # >>>>> # Comma-delimited list of DHCP servers. Passthroughs are created >>>>> to allow DHCP transactions from even "trapped" nodes. >>>>> dhcpservers=127.0.0.1,IPs of our dhcp servers >>>>> # >>>>> # general.timezone >>>>> # >>>>> # System's timezone in string format. Supported list: >>>>> # http://www.php.net/manual/en/timezones.php >>>>> timezone=Europe/Berlin >>>>> >>>>> [trapping] >>>>> # >>>>> # trapping.range >>>>> # >>>>> # Comma-delimited list of address ranges/CIDR blocks that >>>>> PacketFence will monitor/detect/trap on. Gateway, network, and >>>>> # broadcast addresses are ignored. >>>>> range=our range >>>>> >>>>> [alerting] >>>>> # >>>>> # alerting.emailaddr >>>>> # >>>>> # Email address to which notifications of rogue DHCP servers, >>>>> violations with an action of "email", or any other >>>>> # PacketFence-related message goes to. >>>>> ema...@un... >>>>> >>>>> [database] >>>>> # >>>>> # database.pass >>>>> # >>>>> # Password for the mysql database used by PacketFence. >>>>> pass=foo >>>>> # >>>>> # database.user >>>>> # >>>>> # Username of the account with access to the mysql database used >>>>> by PacketFence. >>>>> user=fooadmin >>>>> >>>>> [expire] >>>>> # >>>>> # expire.node >>>>> # >>>>> # Time before a node is removed due to inactivity. >>>>> # A value of 0D disables expiration. >>>>> # example: >>>>> # node=90D >>>>> node=2m >>>>> >>>>> [services] >>>>> # >>>>> # services.pfsetvlan >>>>> # >>>>> # Should pfsetvlan be managed by PacketFence? >>>>> pfsetvlan=enabled >>>>> # >>>>> # services.snmptrapd >>>>> # >>>>> # Should snmptrapd be managed by PacketFence? >>>>> snmptrapd=enabled >>>>> # database.pass >>>>> # >>>>> # Password for the mysql database used by PacketFence. >>>>> pass=foo >>>>> # >>>>> # database.user >>>>> # >>>>> # Username of the account with access to the mysql database used >>>>> by PacketFence. >>>>> user=fooadmin >>>>> >>>>> [expire] >>>>> # >>>>> # expire.node >>>>> # >>>>> # Time before a node is removed due to inactivity. >>>>> # A value of 0D disables expiration. >>>>> # example: >>>>> # node=90D >>>>> node=2m >>>>> >>>>> [services] >>>>> # >>>>> # services.pfsetvlan >>>>> # >>>>> # Should pfsetvlan be managed by PacketFence? >>>>> pfsetvlan=enabled >>>>> # >>>>> # services.snmptrapd >>>>> # >>>>> # Should snmptrapd be managed by PacketFence? >>>>> snmptrapd=enabled >>>>> >>>>> [inline] >>>>> # >>>>> # inline.interfaceSNAT >>>>> # Choose the interface(s) you want to use to enable snat (by >>>>> default it´s the management interface) >>>>> interfaceSNAT=eth0.209 >>>>> # inline.accounting >>>>> # >>>>> # Should we handle accouting data for inline clients? >>>>> # This controls inline accouting tasks in pfmon. >>>>> accounting=enabled >>>>> >>>>> >>>>> [interface eth0.37] >>>>> enforcement=vlan >>>>> ip=ip for vlan 37 >>>>> type=management >>>>> mask=255.255.255.0 >>>>> >>>>> [interface eth0.209] >>>>> enforcement=vlan >>>>> ip=ip for vlan 209 >>>>> type=internal,monitor >>>>> mask=255.255.255.0 >>>>> >>>>> [interface eth0.212] >>>>> enforcement=vlan >>>>> ip=ip for vlan 212 >>>>> type=internal >>>>> mask=255.255.255.0 >>>>> >>>>> [interface eth0.213] >>>>> enforcement=vlan >>>>> ip=ip for vlan 213 >>>>> type=internal >>>>> mask=255.255.255.0 >>>>> >>>>> Am 29.07.2015 um 15:39 schrieb Louis Munro: >>>>>> Is this inline or out-of-band? >>>>>> >>>>>> Please post your pf.conf. >>>>>> >>>>>> Regards, >>>>>> -- >>>>>> Louis Munro >>>>>> lm...@in... <mailto:lm...@in...> :: www.inverse.ca >>>>>> <http://www.inverse.ca> >>>>>> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 >>>>>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu >>>>>> <http://www.sogo.nu>) and PacketFence (www.packetfence.org >>>>>> <http://www.packetfence.org>) >>>>>> >>>>>> On Jul 29, 2015, at 3:52 , Hubert Kupper <ku...@un... >>>>>> <mailto:ku...@un...>> wrote: >>>>>> >>>>>>> Hi Louis, >>>>>>> >>>>>>> pfbandwidthd is using 100% cpu time and pfbandwidthd.log shows: >>>>>>> >>>>>>> Jul 20 07:30:57 pfbandwidthd(5868) INFO: pfbandwidthd starting >>>>>>> and writing 5871 to /usr/local/pf/var/run/pfbandwidthd.pid >>>>>>> (pf::services::util::createpid) >>>>>>> Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught >>>>>>> SIGTERM - terminating (main::normal_sighandler) >>>>>>> Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught >>>>>>> SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 >>>>>>> (IO::Select::can_read) >>>>>>> Jul 21 02:04:13 pfbandwidthd(5868) ERROR: pfbandwidthd: caught >>>>>>> SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 >>>>>>> (IO::Select::can_read) >>>>>>> Jul 21 02:05:24 pfbandwidthd(6848) INFO: pfbandwidthd starting >>>>>>> and writing 6851 to /usr/local/pf/var/run/pfbandwidthd.pid >>>>>>> (pf::services::util::createpid) >>>>>>> Jul 28 08:06:24 pfbandwidthd(6848) FATAL: pfbandwidthd: caught >>>>>>> SIGTERM - terminating (main::normal_sighandler) >>>>>>> Jul 28 08:06:24 pfbandwidthd(6848) FATAL: pfbandwidthd: caught >>>>>>> SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 >>>>>>> (IO::Select::can_read) >>>>>>> Jul 28 08:06:24 pfbandwidthd(6848) ERROR: pfbandwidthd: caught >>>>>>> SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 >>>>>>> (IO::Select::can_read) >>>>>>> Jul 28 08:06:24 pfbandwidthd(6848) FATAL: panic: leave_scope >>>>>>> inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. >>>>>>> (main::) >>>>>>> Jul 28 08:06:24 pfbandwidthd(6848) ERROR: panic: leave_scope >>>>>>> inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. >>>>>>> (main::) >>>>>>> Jul 28 08:06:24 pfbandwidthd(6848) FATAL: panic: leave_scope >>>>>>> inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. >>>>>>> (main::) >>>>>>> Jul 28 08:06:24 pfbandwidthd(6848) ERROR: panic: leave_scope >>>>>>> inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. >>>>>>> (main::) >>>>>>> Jul 28 08:07:29 pfbandwidthd(10196) INFO: pfbandwidthd starting >>>>>>> and writing 10199 to /usr/local/pf/var/run/pfbandwidthd.pid >>>>>>> (pf::services::util::createpid) >>>>>>> Jul 29 07:59:56 pfbandwidthd(10196) FATAL: pfbandwidthd: caught >>>>>>> SIGTERM - terminating (main::normal_sighandler) >>>>>>> Jul 29 07:59:56 pfbandwidthd(10196) FATAL: pfbandwidthd: caught >>>>>>> SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 >>>>>>> (main::) >>>>>>> Jul 29 07:59:56 pfbandwidthd(10196) ERROR: pfbandwidthd: caught >>>>>>> SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 >>>>>>> (main::) >>>>>>> Jul 29 08:00:56 pfbandwidthd(12316) INFO: pfbandwidthd starting >>>>>>> and writing 12319 to /usr/local/pf/var/run/pfbandwidthd.pid >>>>>>> (pf::services::util::createpid) >>>>>>> [root@PacketFence-ZEN-5-1 logs]# >>>>>>> >>>>>>> Regards, >>>>>>> Hubert >>>>>>> >>>>>>> Am 28.07.2015 um 20:23 schrieb Louis Munro: >>>>>>>> >>>>>>>> On Jul 28, 2015, at 8:37 , Hubert Kupper <ku...@un... >>>>>>>> <mailto:ku...@un...>> wrote: >>>>>>>> >>>>>>>>> there is traffic on port 1813 from the cisco switch to th >>>>>>>>> server. tcpdump shows it. >>>>>>>>> >>>>>>>>> mysql> select count(*) from radacct; shows count(*) 44 >>>>>>>> >>>>>>>> >>>>>>>> Is the MAC of the device among those listed in radacct? >>>>>>>> >>>>>>>> Something like this should return more: >>>>>>>> >>>>>>>> mysql> select >>>>>>>> callingstationid,acctinputoctets,acctoutputoctets,acctstarttime >>>>>>>> from radacct; >>>>>>>> >>>>>>>> >>>>>>>> Regards, >>>>>>>> -- >>>>>>>> Louis Munro >>>>>>> >>>>>>> >> >> >> >> ------------------------------------------------------------------------------ >> >> >> _______________________________________________ >> PacketFence-users mailing list >> Pac...@li... >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > PacketFence-users mailing list > Pac...@li... > https://lists.sourceforge.net/lists/listinfo/packetfence-users |
