[PacketFence-devel] FIX with new HP2530: packetFence 6.2.1 on Debian 8.5 + HP 2530 switch (J9776A/firmware #YA.16.02.0008)

[Juhani P. <juh...@wa...>]

This combination does not work with vanilla installation... it needs 
some fixing.

1) HP 2530 sends TRAPs with a little bit another format than older switches

2016-08-14|15:57:43|UDP: 
[192.168.254.250]:161->[192.168.254.254]:162|192.168.254.250|BEGIN TYPE 
6 END TYPE BEGIN SUBTYPE .1 END SUBTYPE BEGIN VARIABLEBINDINGS 
.1.3.6.1.4.1.11.2.14.2.10.2.1.2.1.7 = INTEGER: 
1|.1.3.6.1.4.1.11.2.14.2.10.2.1.3.1.7 = INTEGER: 
7|.1.3.6.1.4.1.11.2.14.2.10.2.1.4.1.7 = Hex-STRING: 3C 97 0E 21 40 DA 
|.1.3.6.1.4.1.11.2.14.2.10.2.1.6.1.7 = INTEGER: 
1|.1.3.6.1.4.1.11.2.14.2.10.2.1.7.1.7 = INTEGER: 1 END VARIABLEBINDINGS

2016-08-14|15:57:43|UDP: 
[192.168.254.250]:161->[192.168.254.254]:162|192.168.254.250|BEGIN TYPE 
6 END TYPE BEGIN SUBTYPE .5 END SUBTYPE BEGIN VARIABLEBINDINGS 
.1.3.6.1.4.1.11.2.14.11.1.7.2.1.4.45 = INTEGER: 
12|.1.3.6.1.4.1.11.2.14.11.1.7.2.1.5.45 = INTEGER: 
2|.1.3.6.1.4.1.11.2.14.11.1.7.2.1.6.45 = INTEGER: 
2|.1.3.6.1.4.1.11.2.14.11.1.7.3.0.45 = STRING: 
"http://192.168.254.250/cgi/fDetail?index=45"|.1.3.6.1.4.1.11.2.14.11.1.7.2.1.3.45 
= INTEGER: 7 END VARIABLEBINDING

packetfence has original regex-pattern, which does not take these trap 
lines "in" (gives error on log)
--> /usr/local/pf/sbin/pfsetvlan

# building trap-matcher regexp
my $TRAP_PATTERN = qr/
     ^\d{4}-\d{2}-\d{2}\|\d{2}:\d{2}:\d{2}\|             # date|time
     (?:UDP:\ \[)?                                       # Optional 
"UDP: [" (since v2 traps I think)
     (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})                # network 
device ip address
     (?:\]:\d+)?                                         # Optional 
"]:port" (since v2 traps I think)
     (?:\-\>\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\])?     # Optional 
"->[ip address]" (since net-snmp 5.4)
     \|([^|]*)\|                                         # Used to carry 
network device ip if it's a local trap
     (.+)$                                               # Trap message
/sx; # s for multiline support (if we encounter an Hex 0a which is 
encoded as a newline in STRING)


Pattern does not handle target port at all, so I add it there (target 
ip:port):

# building trap-matcher regexp
my $TRAP_PATTERN = qr/
     ^\d{4}-\d{2}-\d{2}\|\d{2}:\d{2}:\d{2}\|             # date|time
     (?:UDP:\ \[)?                                       # Optional 
"UDP: [" (since v2 traps I think)
     (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})                # network 
device ip address
     (?:\]:\d+)?                                         # Optional 
"]:port" (since v2 traps I think)
     (?:\-\>\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})?     # Optional "->[ip 
address]" (since net-snmp 5.4)
     (?:\]:\d+)?                                         # New target 
port "]:port"
     \|([^|]*)\|                                         # Used to carry 
network device ip if it's a local trap
     (.+)$                                               # Trap message
/sx; # s for multiline support (if we encounter an Hex 0a which is 
encoded as a newline in STRING)


That should be think a little bit more flexible regex code, with or 
without port... but anyway, the second on HP2530 with newest firmware, 
you should use model HP2600 on swithes.conf-configuration...

[192.168.254.250]
description=Local HP Switch
mode=production
type=HP::Procurve_2600


Then PF6 communication works like any other switch before...

-- 
  -ju...@wa... (Tel +358 44 767 7777)
  WasaLab, P.O.Box 365, FI-65101 Vaasa, Finland
  hel...@wa..., +358-45-130-4000