Hello Miguel, Put -1 as the registration VLAN setting under each switch you want to kick device out.
-1 returns a reject. Thanks, Ludovic Zammit Product Support Engineer Principal Lead Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Nov 17, 2023, at 12:54 PM, Miguel Correia via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > Hi, > Im trying to configure Packetfence to deny access to all devices, unless they > are registered. I pretend to use packetfence and through snmp communicate > with a cisco switch and control port-security, so if mac is allowed the right > vlan is given and mac associated to the port... > PacketFence Info: > Version: 13.0.0 > Cisco Switch: > Model: ME-C3750-24TE-M > Version: IOS 12.2 > PacketFence Configuration: > Roles: > Role "Custom Created" > Nodes: > Mannually Created, mac address added and Role "Custom" attributed. > MAC: 30:85:A9:05:80:B4 > Switches: > Added the test switch x.x.x.220 > Dynamic Uplinks enabled > Roles > VLAN ID (enabled) > registration: 1000 > isolation: 1001 > macDetection: 1006 > Custom: 99 > Default: 99 > SNMP > Version: v2c > Community Read: X > Community Write: Y > Engine ID: 8000000903000021A1B34383 > Version Trap: v2c > Community Trap: Y > Switch Configuration: > """ > vlan 99 > name test > vlan 1000 > name PacketFence > ! > vlan 1001 > name Isolation > ! > vlan 1006 > name mac-detection > ! > interface FastEthernet1/0/1 > description #####TESTES_PORTATIL##### > switchport access vlan 1000 > switchport mode access > switchport port-security > switchport port-security violation restrict > switchport port-security mac-address 0200.0000.0101 vlan access > spanning-tree portfast > spanning-tree bpduguard enable > ! > snmp-server community Y RW > snmp-server community X RO > snmp-server enable traps port-security > snmp-server enable traps port-security trap-rate 1 > snmp-server host X.X.X.2 version 2c Y port-security > """ > On PacketFence I receive the following log on > "/usr/local/pf/logs/snmptrapd.log": > """ > NET-SNMP version 5.9 > 2023-11-16|17:28:14|UDP: [X.X.X.220]:56719->[172.16.255.2]:162|0.0.0.0|BEGIN > TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS > .1.3.6.1.2.1.1.3.0 = Timeticks: (63220365) 7 days, > 7:36:43.65|.1.3.6.1.6.3.1.1.4.1.0 = OID: > .1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10001 = Wrong Type (should be > INTEGER): Gauge32: 10001|.1.3.6.1.2.1.31.1.1.1.1.10001 = STRING: > FastEthernet1/0/1|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10001 = Hex-STRING: 30 85 > A9 05 80 B4 END VARIABLEBINDINGS > """ > Could someone help me understading if there is any error with snmp or wrong > config for packetfence out of band vlan enforcing using only SNMP? > > Com os melhores cumprimentos, > > > Miguel Correia > Cybersecurity Engineer > <Outlook-Uma imagem.png> > > Email: miguel.corr...@redshift-consulting.com.pt > <mailto:miguel.corr...@redshift-consulting.com.pt> > Mobile: +351 969 416 588 > > > > LISPOLIS – Polo Tecnológico de Lisboa > Rua António Champalimaud Lote 1 sala 0.2.0 > 1600-546 Lisboa > Portugal > > Phone: +351 217 230 635 > Email: sa...@redshift.pt <mailto:sa...@redshift.pt> > www: https://redshift.global > <https://urldefense.com/v3/__https://redshift.global/__;!!GjvTz_vk!Wna9WzMo9wDGJp4ZKQz_CKdF7l85f0NRqkPJYM9wXb6hBpMyIlQZ4Bg_0Jgua8rOMS6QYzRckzaCxKyBo9Q3Kz8Oof8egTcI2rOGIA$> > Media:<Outlook-Red Websit.png><Outlook-pkvwtdvo.png> > <Outlook-Uma imagem.png><Outlook-Uma imagem.png> > O conteúdo deste e-mail é confidencial para o destinatário pretendido e não > pode ser divulgado. Embora seja credível de que este e-mail e quaisquer > anexos estejam livres de vírus, é responsabilidade do destinatário > confirmá-lo. Informamos que comunicações urgentes e de tempo limitado não > devem ser enviadas por e-mail. Por meio deste avisamos que um recibo de > entrega não constitui confirmação nem recebimento pelo (s) destinatário (s) > pretendido (s). > The contents of this e-mail are confidential to the intended recipient and > may not be disclosed. Although it is believed that this e-mail and any > attachments are virus free, it is the responsibility of the recipient to > confirm this. You are advised that urgent, time-sensitive communications > should not be sent by e-mail. We hereby give you notice that a delivery > receipt does not constitute acknowledgement nor receipt by the intended > recipient(s).. > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > <mailto:PacketFence-users@lists.sourceforge.net> > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!Wna9WzMo9wDGJp4ZKQz_CKdF7l85f0NRqkPJYM9wXb6hBpMyIlQZ4Bg_0Jgua8rOMS6QYzRckzaCxKyBo9Q3Kz8Oof8egTdnOneqdA$
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
