So, please see my two previous posts prior to reading this one.
Per Olivier's post on this page:
http://www.packetfence.org/bugs/view.php?id=1098, I changed the following
line in services.pm to -Onx:
$flags{'snmptrapd'} = "-n -c $generated_conf_dir/snmptrapd.conf -C -A -Lf
$install_dir/logs/snmptrapd.log -p $install_dir/var/run/snmptrapd.pid -Onx"
Still having trouble with pfsetvlan, here is my log:
Dec 15 08:25:08 pfdhcplistener(24217) INFO: 00:16:ea:b9:d1:cc requested an
IP. DHCP Fingerprint: OS::505 (Ubuntu/Debian 5/Knoppix 6). Modified node
with last_dhcp = 2011-12-15 08:25:08,computername =
ad14057,dhcp_fingerprint = 1,28,2,3,15,6,119,12,44,47,26,121,42
(main::listen_dhcp)
Dec 15 08:25:08 pfdhcplistener(24217) INFO: 00:16:ea:b9:d1:cc requested an
IP. DHCP Fingerprint: OS::505 (Ubuntu/Debian 5/Knoppix 6). Modified node
with last_dhcp = 2011-12-15 08:25:08,computername =
ad14057,dhcp_fingerprint = 1,28,2,3,15,6,119,12,44,47,26,121,42
(main::listen_dhcp)
Dec 15 08:25:09 pfdhcplistener(24217) INFO: DHCPOFFER from 10.39.8.3
(00:0c:29:31:7e:e5) to host 00:16:ea:b9:d1:cc (10.39.13.253)
(main::listen_dhcp)
Dec 15 08:25:09 pfdhcplistener(24217) INFO: DHCPREQUEST from
00:16:ea:b9:d1:cc (10.39.13.253) (main::listen_dhcp)
Dec 15 08:25:09 pfdhcplistener(24217) INFO: could not resolve 10.39.13.253
to mac in ARP table (pf::iplog::ip2macinarp)
Dec 15 08:25:09 pfsetvlan(23) INFO: ignoring unknown trap:
2011-12-15|14:25:08|UDP: [10.39.4.248]:162|10.39.4.248|BEGIN TYPE 6 END
TYPE BEGIN SUBTYPE .59 END SUBTYPE BEGIN VARIABLEBINDINGS
.1.3.6.1.4.1.45.6.1.2.54.0 = Hex-STRING: 4E 4E 54 4D 4A 4C 35 31 30 36 50
38 |.1.3.6.1.4.1.45.6.1.2.3.0 = Hex-STRING: 00 00 00 00 00 00
|.1.3.6.1.4.1.45.6.1.2.87.0 = Gauge32: 0|.1.3.6.1.4.1.45.6.1.2.60.0 =
Hex-STRING: 41 50 2D 55 4E 4B 4E 4F 57 4E |.1.3.6.1.4.1.45.6.1.2.61.0 =
INTEGER: 6|.1.3.6.1.4.1.45.6.1.2.62.0 = INTEGER:
3|.1.3.6.1.4.1.45.6.1.2.67.0 = INTEGER: 2 END VARIABLEBINDINGS
(main::parseTrap)
Dec 15 08:25:09 pfdhcplistener(24217) INFO: resolved 10.39.13.253 to mac
(00:16:ea:b9:d1:cc) in ARP table (pf::iplog::ip2macinarp)
Dec 15 08:25:09 pfdhcplistener(24217) INFO: oldip (10.39.8.10) and newip
(10.39.13.253) are different for 00:16:ea:b9:d1:cc - closing iplog entry
(main::update_iplog)
Dec 15 08:25:09 pfdhcplistener(24217) INFO: 00:16:ea:b9:d1:cc requested an
IP. DHCP Fingerprint: OS::505 (Ubuntu/Debian 5/Knoppix 6). Modified node
with last_dhcp = 2011-12-15 08:25:09,computername =
ad14057,dhcp_fingerprint = 1,28,2,3,15,6,119,12,44,47,26,121,42
(main::listen_dhcp)
Dec 15 08:25:09 pfdhcplistener(24217) INFO: DHCPREQUEST from
00:16:ea:b9:d1:cc (10.39.13.253) (main::listen_dhcp)
Dec 15 08:25:09 pfdhcplistener(24217) INFO: 00:16:ea:b9:d1:cc requested an
IP. DHCP Fingerprint: OS::505 (Ubuntu/Debian 5/Knoppix 6). Modified node
with last_dhcp = 2011-12-15 08:25:09,computername =
ad14057,dhcp_fingerprint = 1,28,2,3,15,6,119,12,44,47,26,121,42
(main::listen_dhcp)
Dec 15 08:25:09 pfdhcplistener(24217) INFO: DHCPACK from 10.39.8.3
(00:0c:29:31:7e:e5) to host 00:16:ea:b9:d1:cc (10.39.13.253)
(main::listen_dhcp)
Dec 15 08:25:09 pfdhcplistener(24217) INFO: DHCPACK from 10.39.8.3
(00:0c:29:31:7e:e5) to host 00:16:ea:b9:d1:cc (10.39.13.253)
(main::listen_dhcp)
Dec 15 08:25:10 pfsetvlan(25) INFO: ignoring unknown trap:
2011-12-15|14:25:09|UDP: [10.39.4.248]:162|10.39.4.248|BEGIN TYPE 6 END
TYPE BEGIN SUBTYPE .39 END SUBTYPE BEGIN VARIABLEBINDINGS
.1.3.6.1.4.1.45.6.1.2.10.0 = Hex-STRING: 6D 6D 69 6E 63 65 79
|.1.3.6.1.4.1.45.6.1.2.15.0 = Hex-STRING: 53 45 53 53 2D 32 33 34 39 2D 66
38 34 33 32 30
2D 39 35 38 38 37 33 2D 34 33 31 62 |.1.3.6.1.4.1.45.6.1.2.4.0 =
Hex-STRING: 00 16 EA B9 D1 CC |.1.3.6.1.4.1.45.6.1.2.14.0 = IpAddress:
10.39.13.253|.1.3.6.1.4.1.45.6.1.2.17.0 = Hex-STRING: 64 65 66 61 75 6C 74
|.1.3.6.1.4.1.45.6.1.2.12.0 = INTEGER: 4|.1.3.6.1.4.1.45.6.1.2.11.0 =
IpAddress: 10.39.8.3|.1.3.6.1.4.1.45.6.1.2.16.0 = INTEGER:
7|.1.3.6.1.4.1.45.6.1.2.31.0 = INTEGER: 2|.1.3.6.1.4.1.45.6.1.2.6.0 =
INTEGER: 0|.1.3.6.1.4.1.45.6.1.2.7.0 = INTEGER:
1|.1.3.6.1.4.1.45.6.1.2.13.0 = INTEGER: 106|.1.3.6.1.4.1.45.6.1.2.38.0 =
Hex-STRING: 53 49 53 44 2D 4E 65 74 77 6F 72 6B |.1.3.6.1.4.1.45.6.1.2.46.0
= INTEGER: 3|.1.3.6.1.4.1.45.6.1.2.48.0 = INTEGER:
2349|.1.3.6.1.4.1.45.6.1.2.69.0 = INTEGER: 2 END VARIABLEBINDINGS
(main::parseTrap)
On Wed, Dec 14, 2011 at 3:41 PM, lint <[email protected]> wrote:
> Please see previous post prior to this one.
>
> So, I have things back to how they were behaving previously.
>
> I connect to 802.1x, packetfence provides an IP on the normal VLAN, I can
> ping addresses outside of the VLAN, but cannot get on the internet.
>
> It does not change my device into the correct VLAN.
>
> I have set the trap on my wireless controller and send notifications to
> packetfence.
>
> It looks like it is similar to the bug on this page:
> http://www.packetfence.org/bugs/view.php?id=1098
>
> I am trying to read Olivier's post very carefully to understand.
>
> Here is my log:
>
> Dec 14 15:24:45 pfdhcplistener(31076) INFO: DHCPREQUEST from
> 00:16:ea:b9:d1:cc (10.39.13.253) (main::listen_dhcp)
> Dec 14 15:24:45 pfdhcplistener(31076) INFO: 00:16:ea:b9:d1:cc requested an
> IP. DHCP Fingerprint: OS::505 (Ubuntu/Debian 5/Knoppix 6). Modified node
> with last_dhcp = 2011-12-14 15:24:45,computername =
> ad14057,dhcp_fingerprint = 1,28,2,3,15,6,119,12,44,47,26,121,42
> (main::listen_dhcp)
> Dec 14 15:24:45 pfdhcplistener(31076) INFO: DHCPACK from 10.39.8.3
> (00:0c:29:31:7e:e5) to host 00:16:ea:b9:d1:cc (10.39.13.253)
> (main::listen_dhcp)
> Dec 14 15:24:45 pfdhcplistener(31076) INFO: DHCPACK from 10.39.8.3
> (00:0c:29:31:7e:e5) to host 00:16:ea:b9:d1:cc (10.39.13.253)
> (main::listen_dhcp)
> Dec 14 15:24:46 pfsetvlan(23) INFO: ignoring unknown trap:
> 2011-12-14|21:24:45|UDP: [10.39.4.248]:162|10.39.4.248|BEGIN TYPE 6 END
> TYPE BEGIN SUBTYPE .67 END SUBTYPE BEGIN VARIABLEBINDINGS
> .1.3.6.1.4.1.45.6.1.2.10.0 = STRING: "test"|.1.3.6.1.4.1.45.6.1.2.15.0 =
> STRING: "SESS-1023-f84320-897913-08d5"|.1.3.6.1.4.1.45.6.1.2.4.0 =
> Hex-STRING: 00 16 EA B9 D1 CC |.1.3.6.1.4.1.45.6.1.2.14.0 = IpAddress:
> 0.0.0.0|.1.3.6.1.4.1.45.6.1.2.17.0 = STRING:
> "default"|.1.3.6.1.4.1.45.6.1.2.12.0 = INTEGER:
> 4|.1.3.6.1.4.1.45.6.1.2.11.0 = IpAddress:
> 10.39.8.3|.1.3.6.1.4.1.45.6.1.2.16.0 = INTEGER:
> 7|.1.3.6.1.4.1.45.6.1.2.90.0 = INTEGER: 2|.1.3.6.1.4.1.45.6.1.2.92.0 =
> Gauge32: 0|.1.3.6.1.4.1.45.6.1.2.87.0 = Gauge32:
> 106|.1.3.6.1.4.1.45.6.1.2.7.0 = INTEGER: 1|.1.3.6.1.4.1.45.6.1.2.38.0 =
> STRING: "Network"|.1.3.6.1.4.1.45.6.1.2.101.0 = INTEGER:
> 4|.1.3.6.1.4.1.45.6.1.2.46.0 = INTEGER: 3|.1.3.6.1.4.1.45.6.1.2.48.0 =
> INTEGER: 1023|.1.3.6.1.4.1.45.6.1.2.91.0 = INTEGER: 2 END VARIABLEBINDINGS
> (main::parseTrap)
> Dec 14 15:24:46 pfsetvlan(25) INFO: ignoring unknown trap:
> 2011-12-14|21:24:45|UDP: [10.39.4.248]:162|10.39.4.248|BEGIN TYPE 6 END
> TYPE BEGIN SUBTYPE .39 END SUBTYPE BEGIN VARIABLEBINDINGS
> .1.3.6.1.4.1.45.6.1.2.10.0 = STRING: "test"|.1.3.6.1.4.1.45.6.1.2.15.0 =
> STRING: "SESS-1023-f84320-897913-08d5"|.1.3.6.1.4.1.45.6.1.2.4.0 =
> Hex-STRING: 00 16 EA B9 D1 CC |.1.3.6.1.4.1.45.6.1.2.14.0 = IpAddress:
> 10.39.13.253|.1.3.6.1.4.1.45.6.1.2.17.0 = STRING:
> "default"|.1.3.6.1.4.1.45.6.1.2.12.0 = INTEGER:
> 4|.1.3.6.1.4.1.45.6.1.2.11.0 = IpAddress:
> 10.39.8.3|.1.3.6.1.4.1.45.6.1.2.16.0 = INTEGER:
> 7|.1.3.6.1.4.1.45.6.1.2.31.0 = INTEGER: 2|.1.3.6.1.4.1.45.6.1.2.6.0 =
> INTEGER: 0|.1.3.6.1.4.1.45.6.1.2.7.0 = INTEGER:
> 1|.1.3.6.1.4.1.45.6.1.2.13.0 = INTEGER: 106|.1.3.6.1.4.1.45.6.1.2.38.0 =
> STRING: "Network"|.1.3.6.1.4.1.45.6.1.2.46.0 = INTEGER:
> 3|.1.3.6.1.4.1.45.6.1.2.48.0 = INTEGER: 1023|.1.3.6.1.4.1.45.6.1.2.69.0 =
> INTEGER: 1 END VARIABLEBINDINGS (main::parseTrap)
>
> I have been stuck on this for a while :(
>
>
>
> On Wed, Dec 14, 2011 at 12:22 PM, lint <[email protected]> wrote:
>
>> Yes, I did restart the service.
>>
>> I have redesigned everything now as well. I eliminated one VLAN
>> interface so that I only have VLANs 96-100 now.
>>
>> VLAN 100 normal, management
>> VLAN 99 registration
>> VLAN 98 isolation
>> VLAN 97 mac detection (no ip configured)
>> VLAN 96 inline
>>
>> I am not using inline mode as I am out of band.
>>
>> Can you verify my logic?
>>
>> Switch has a trunked port for VLANs 96-100 (IPs are .1 in each VLAN)
>> Wireless switch has VLANs 96-100 (IPs are .2 in each VLAN
>> Server has VLANs 96-100 (IPs are .3 in each VLAN)
>>
>> Traffic flows from AP to controller (via a tunnel), then controller sends
>> 802.1x to packetfence/radius, then packetfence should assign DHCP with the
>> correct VLAN.
>>
>> Problem: 802.1x is complete, but the IP is assigned from the wrong VLAN.
>>
>> Do I understand things correctly?
>>
>>
>> On Wed, Dec 14, 2011 at 11:53 AM, Francois Gaudreault <
>> [email protected]> wrote:
>>
>>> **
>>> When you fixed your switches.conf, did you restart packetfence?
>>>
>>>
>>> On 11-12-14 11:14 AM, lint wrote:
>>>
>>> I believe I need to focus on why the VLANs are not changing. Basically,
>>> why it places me into the normal VLAN when PacketFence knows that I am
>>> unregistered. I can access the portal automatically by using local DNS, so
>>> I know that is not the issue.
>>>
>>> Any ideas why I am being placed into the normal VLAN instead of the
>>> registration?
>>>
>>> On Tue, Dec 13, 2011 at 11:44 AM, lint <[email protected]> wrote:
>>>
>>>> PacketFence is behaving differently now.
>>>>
>>>> I receive an IP from PacketFence. It still places me into the normal
>>>> VLAN though (not sure why). Then, I can only ping the devices in the
>>>> normal VLAN. Captive portal page does load by default. I must type the
>>>> URL manually, and can only access by IP. DNS is not allowed because the
>>>> IP of the DNS server is on the management network.
>>>>
>>>> The switch, wireless controller and PacketFence are all aware of the
>>>> VLANs. Switch is x.x.x.1, wireless is x.x.x.2, and PacketFence is x.x.x.3
>>>> on each.
>>>>
>>>> I know that my design must be flawed somewhere. Any thoughts?
>>>>
>>>>
>>> ------------------------------------------------------------------------------
>>> Cloud Computing - Latest Buzzword or a Glimpse of the Future?
>>> This paper surveys cloud computing today: What are the benefits?
>>> Why are businesses embracing it? What are its payoffs and
>>> pitfalls?http://www.accelacomm.com/jaw/sdnl/114/51425149/
>>>
>>>
>>> _______________________________________________
>>> Packetfence-users mailing
>>> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>>
>>> --
>>> Francois Gaudreault, ing. [email protected] :: +1.514.447.4918
>>> (x130) :: www.inverse.ca
>>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
>>> (www.packetfence.org)
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Cloud Computing - Latest Buzzword or a Glimpse of the Future?
>>> This paper surveys cloud computing today: What are the benefits?
>>> Why are businesses embracing it? What are its payoffs and pitfalls?
>>> http://www.accelacomm.com/jaw/sdnl/114/51425149/
>>> _______________________________________________
>>> Packetfence-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>>>
>>>
>>
>
------------------------------------------------------------------------------
10 Tips for Better Server Consolidation
Server virtualization is being driven by many needs.
But none more important than the need to reduce IT complexity
while improving strategic productivity. Learn More!
http://www.accelacomm.com/jaw/sdnl/114/51507609/
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
