Hi Julien, Thanks for the quick reply, I configure the SNMP and rigth now is working. I think that is possible to put a reminder or a note in the Network device's configuration Guide to help others with it
Best Regards, On Wed, Aug 13, 2014 at 7:02 AM, Julien Semaan <[email protected]> wrote: > Hi Juan, > > Even though PacketFence will disconnect the device using RADIUS, it is > still using SNMP to determine the type of the interface. That's why > 'doWeActOnThisTrap' returns false. > > You will still need to configure SNMP at least for read-only when using > RADIUS authentication/disconnection. > > Regards, > > > On 14-08-12 06:17 PM, Juan Camilo Valencia wrote: > > Hi Guys, > > I recently move my configuration from port-security to MAB in a Cisco > 2960. In the port-security area, SNMP and SNMP-TRAPS were involve in all > the process to change the VLAN, now what I understand is that for MAB is > only RADIUS and RADIUS CoA involve in the change of the VLAN. > > However what I'm seeing from packetfence.log is that for an unknown > reason Packetefence is trying to create a SNMP read connection, even if I > specifically said that the deauthentication method for the switch is RADIUS. > > Here are the logs, > > > Aug 12 16:48:47 httpd.portal(820) INFO: re-evaluating access for node > 00:23:ae:10:d3:e8 (manage_register called) > (pf::enforcement::reevaluate_access) > Aug 12 16:48:47 httpd.portal(820) INFO: switch port for 00:23:ae:10:d3:e8 > is 10.11.62.15 ifIndex 10003 connection type: Wired MAC Auth > (pf::enforcement::_vlan_reevaluation) > Aug 12 16:48:51 pfsetvlan(41) INFO: local (127.0.0.1) trap for switch > 10.11.62.15 (main::parseTrap) > Aug 12 16:48:52 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads > running: 0 (main::startTrapHandlers) > Aug 12 16:48:59 pfsetvlan(1) ERROR: error creating SNMP v3 read connection > to 10.11.62.15: No response from remote host "10.11.62.15" > (pf::Switch::connectRead) > Aug 12 16:48:59 pfsetvlan(1) INFO: reAssignVlan trap received on > 10.11.62.15 ifindex 10003 which is not ethernetCsmacd > (pf::vlan::doWeActOnThisTrap) > Aug 12 16:48:59 pfsetvlan(1) INFO: doWeActOnThisTrap returns false. Stop > reAssignVlan handling (main::handleTrap) > Aug 12 16:48:59 pfsetvlan(1) INFO: finished (main::cleanupAfterThread) > Aug 12 16:49:03 httpd.portal(3307) INFO: mac : 00:23:ae:10:d3:e8 > (captiveportal::PacketFence::Controller::CaptivePortal::validateMac) > Aug 12 16:49:03 httpd.portal(3307) INFO: MAC 00:23:ae:10:d3:e8 shouldn't > reach here. Calling access re-evaluation. Make sure your network device > configuration is correct. > (captiveportal::PacketFence::Controller::CaptivePortal::unknownState) > Aug 12 16:49:03 httpd.portal(3307) INFO: re-evaluating access for node > 00:23:ae:10:d3:e8 (redir.cgi called) (pf::enforcement::reevaluate_access) > Aug 12 16:49:03 httpd.portal(3307) INFO: switch port for 00:23:ae:10:d3:e8 > is 10.11.62.15 ifIndex 10003 connection type: Wired MAC Auth > (pf::enforcement::_vlan_reevaluation) > Aug 12 16:49:07 pfsetvlan(42) INFO: local (127.0.0.1) trap for switch > 10.11.62.15 (main::parseTrap) > Aug 12 16:49:08 pfsetvlan(3) INFO: nb of items in queue: 1; nb of threads > running: 0 (main::startTrapHandlers) > Aug 12 16:49:16 pfsetvlan(3) ERROR: error creating SNMP v3 read connection > to 10.11.62.15: No response from remote host "10.11.62.15" > (pf::Switch::connectRead) > Aug 12 16:49:16 pfsetvlan(3) INFO: reAssignVlan trap received on > 10.11.62.15 ifindex 10003 which is not ethernetCsmacd > (pf::vlan::doWeActOnThisTrap) > Aug 12 16:49:16 pfsetvlan(3) INFO: doWeActOnThisTrap returns false. Stop > reAssignVlan handling (main::handleTrap) > Aug 12 16:49:16 pfsetvlan(3) INFO: finished (main::cleanupAfterThread) > > I tough that maybe during the changes made to the configuration from > SNMP to RADIUS there was something in the cache of the system, so I tryed > several pfcmd commands to clear the cache of the system to be sure that is > not something like that. The version that i'm running is 4.3.0 with the > latest patches. So here are my questions, > > 1. Is packetfence alway going to create an SNMP connection even if the > entire procedure relays on RADIUS only? > > 2. If not, where can I look if I have something wrong? > > 3. Is there any possibility something in the cache? > > 4. I saw the code for the 2960 and there a few lines that put the > default method of deauthentication to SNMP, could be this the problem? (I > changed and didnto work anyway) > > > I hope if somebody can help me figure out what is going on > > Best Regards from Colombia > Best Regards > -- > > *“Choose a job you love, and you will never have to work a day in your > life”* > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > PacketFence-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users > > > -- > Julien [email protected] :: +1.514.447.4918 *155 :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- *“Choose a job you love, and you will never have to work a day in your life”*
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
