We are using Mitel VoIP phones and 3300 switches. We are setting VLAN settings via DHCP options, which sets the phone's little data switch separate and in addition to PF setting things in the switch. Are you setting the VLAN for voice and data via DHCP options as well?
It would be something like: Global config lines: option mitel-tftp-server code 128 = ip-address; option mitel-rtc-address code 129 = ip-address; option mitel-name code 130 = text; option mitel-tool code 131 = ip-address; option mitel-vlan code 132 = unsigned integer 32; option mitel-priority code 133 = unsigned integer 32; Per subnet: option mitel-vlan 32; We are doing PF for phones in production yet, but I can test it later today on a 2960 with a Mitel phone and a 3300 and see if I get the same problem. Last time I tested it with 48 port 2950 switches and 3560 switches and didn't have any issues. Nick From: Dan Nelson [mailto:[email protected]] Sent: Sunday, October 09, 2011 10:01 AM To: [email protected] Subject: Re: [Packetfence-users] Mitel voip phones register on data VLan Additional info: The phone does get the correct VLAN ip address. This is on cisco 2960s and 3560s 2960 - code version WS-C2960S-48FPS-L 12.2(58)SE2 C2960S-UNIVERSALK9-M 3560 - code version WS-C3560-48PS 12.2(50)SE C3560-IPBASE-M It was happening on older versions of code and I updated the 2960 to see if it would resolve it. If I shut the port down remove the "switchport port-security mac address" line that has the phone mac address on it and hard code it to the "vlan voice" it will accept it and work fine. Here is the log from the packetfence.log file from the time the phone got plugged in. Oct 07 09:31:05 pfsetvlan(21) INFO: secureMacAddrViolation trap already in the queue for 172.18.108.5 ifIndex 10131. Won't add another one (main::signalHandlerTrapListQueued) Oct 07 09:31:05 pfsetvlan(17) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Oct 07 09:31:05 pfsetvlan(17) INFO: secureMacAddrViolation trap received on 172.18.108.5 ifIndex 10131 for 08:00:0f:12:e6:0d (main::handleTrap) Oct 07 09:31:05 pfsetvlan(23) INFO: secureMacAddrViolation trap already in the queue for 172.18.108.5 ifIndex 10131. Won't add another one (main::signalHandlerTrapListQueued) Oct 07 09:31:05 pfsetvlan(14) INFO: nb of items in queue: 1; nb of threads running: 1 (main::startTrapHandlers) Oct 07 09:31:06 pfsetvlan(17) INFO: node 08:00:0f:12:e6:0d does not yet exist in PF database. Adding it now (main::node_update_PF) Oct 07 09:31:06 pfsetvlan(24) INFO: secureMacAddrViolation trap already in the queue for 172.18.108.5 ifIndex 10131. Won't add another one (main::signalHandlerTrapListQueued) Oct 07 09:31:06 pfsetvlan(22) INFO: secureMacAddrViolation trap already in the queue for 172.18.108.5 ifIndex 10131. Won't add another one (main::signalHandlerTrapListQueued) Oct 07 09:31:06 pfsetvlan(22) INFO: secureMacAddrViolation trap already in the queue for 172.18.108.5 ifIndex 10131. Won't add another one (main::signalHandlerTrapListQueued) Oct 07 09:31:06 pfsetvlan(17) INFO: MAC: 08:00:0f:12:e6:0d is of status unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan) Oct 07 09:31:06 pfsetvlan(17) INFO: authorizing 08:00:0f:12:e6:0d (old entry 00:1a:a0:62:bf:d9) at new location 172.18.108.5 ifIndex 10131 (main::handleTrap) Oct 07 09:31:06 pfsetvlan(20) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Oct 07 09:31:06 pfsetvlan(17) INFO: finished (main::cleanupAfterThread) Oct 07 09:31:06 pfsetvlan(20) INFO: secureMacAddrViolation trap received on 172.18.108.5 ifIndex 10131 for 08:00:0f:12:e6:0d (main::handleTrap) Oct 07 09:31:06 pfsetvlan(20) INFO: Will try to check on this node's previous switch if secured entry needs to be removed. Old Switch IP: 172.18.108.5 (main::do_port_security) Oct 07 09:31:06 pfsetvlan(20) INFO: MAC 08:00:0f:12:e6:0d is already authorized on 172.18.108.5 ifIndex 10131. Stopping secureMacAddrViolation trap handling here (main::handleTrap) Oct 07 09:31:06 pfsetvlan(20) INFO: finished (main::cleanupAfterThread) Oct 07 09:31:06 pfsetvlan(15) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Oct 07 09:31:06 pfsetvlan(15) INFO: secureMacAddrViolation trap received on 172.18.108.5 ifIndex 10131 for 08:00:0f:12:e6:0d (main::handleTrap) Oct 07 09:31:06 pfsetvlan(15) INFO: Will try to check on this node's previous switch if secured entry needs to be removed. Old Switch IP: 172.18.108.5 (main::do_port_security) Oct 07 09:31:06 pfsetvlan(15) INFO: MAC 08:00:0f:12:e6:0d is already authorized on 172.18.108.5 ifIndex 10131. Stopping secureMacAddrViolation trap handling here (main::handleTrap) Oct 07 09:31:06 pfsetvlan(15) INFO: finished (main::cleanupAfterThread) Oct 07 09:31:20 pfsetvlan(18) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Oct 07 09:31:20 pfsetvlan(18) INFO: secureMacAddrViolation trap received on 172.18.108.5 ifIndex 10131 for 00:1a:a0:62:bf:d9 (main::handleTrap) Oct 07 09:31:20 pfsetvlan(5) INFO: nb of items in queue: 1; nb of threads running: 1 (main::startTrapHandlers) Oct 07 09:31:21 pfsetvlan(18) INFO: authorizing 00:1a:a0:62:bf:d9 (old entry 08:00:0f:12:e6:0d) at new location 172.18.108.5 ifIndex 10131 (main::handleTrap) Oct 07 09:31:21 pfsetvlan(18) INFO: MAC: 00:1a:a0:62:bf:d9, PID: 1, Status: reg. Returned VLAN: 108 (pf::vlan::fetchVlanForNode) Oct 07 09:31:21 pfsetvlan(7) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Oct 07 09:31:21 pfsetvlan(18) INFO: finished (main::cleanupAfterThread) Oct 07 09:31:21 pfsetvlan(7) INFO: secureMacAddrViolation trap received on 172.18.108.5 ifIndex 10131 for 00:1a:a0:62:bf:d9 (main::handleTrap) Oct 07 09:31:21 pfsetvlan(7) INFO: Will try to check on this node's previous switch if secured entry needs to be removed. Old Switch IP: 172.18.108.5 (main::do_port_security) Oct 07 09:31:21 pfsetvlan(7) INFO: MAC 00:1a:a0:62:bf:d9 is already authorized on 172.18.108.5 ifIndex 10131. Stopping secureMacAddrViolation trap handling here (main::handleTrap) Oct 07 09:31:21 pfsetvlan(7) INFO: finished (main::cleanupAfterThread) Oct 07 09:31:22 pfsetvlan(16) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Oct 07 09:31:22 pfsetvlan(16) INFO: secureMacAddrViolation trap received on 172.18.108.5 ifIndex 10131 for 00:1a:a0:62:bf:d9 (main::handleTrap) Oct 07 09:31:22 pfsetvlan(16) INFO: Will try to check on this node's previous switch if secured entry needs to be removed. Old Switch IP: 172.18.108.5 (main::do_port_security) Oct 07 09:31:22 pfsetvlan(16) INFO: MAC 00:1a:a0:62:bf:d9 is already authorized on 172.18.108.5 ifIndex 10131. Stopping secureMacAddrViolation trap handling here (main::handleTrap) Oct 07 09:31:22 pfsetvlan(16) INFO: finished (main::cleanupAfterThread) Oct 07 09:31:24 pfsetvlan(4) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Oct 07 09:31:24 pfsetvlan(4) INFO: secureMacAddrViolation trap received on 172.18.108.5 ifIndex 10131 for 00:1a:a0:62:bf:d9 (main::handleTrap) Oct 07 09:31:24 pfsetvlan(4) INFO: Will try to check on this node's previous switch if secured entry needs to be removed. Old Switch IP: 172.18.108.5 (main::do_port_security) Oct 07 09:31:24 pfsetvlan(4) INFO: MAC 00:1a:a0:62:bf:d9 is already authorized on 172.18.108.5 ifIndex 10131. Stopping secureMacAddrViolation trap handling here (main::handleTrap) Oct 07 09:31:24 pfsetvlan(4) INFO: finished (main::cleanupAfterThread) Let me know if I can provide any other logs or info. Thanks Dan Nelson Nutraceutical Corporation Network Administrator 801-334-3702 ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
