Hello Sabrina,
what you have in packetfence.log is the trap coming from the switch to
packetfence, so it´s not snmp deauth request.
Depending of the version you are currently using (the latest one 4.3 is
better), you are able to bypass pfsetvlan (high cpu and memory usage)
and use httpd.webservices (faster and less memory usage) instead to send
the deauth trap.
In fact currently to send a deauth request, packetfence send a local
snmp trap to himself and pfsetvlan read the snmptrapd.log file and send
the snmp request to the switch.
By using the new way, packetfence will send a a deauth request on the
webservices and the webservices will send the snmp request.
Replace this file to make it work:
https://raw.githubusercontent.com/inverse-inc/packetfence/devel/lib/pf/enforcement.pm
Also it will be available by default in 4.4.
Regards
Fabrice
Le 2014-09-04 04:49, Sabrina Louison-françois a écrit :
Hello,
I use packetfence on a full HP Procurve Networking infrastructure.
Actually I try to make it work with an HP 3500 yl switch. Really,
everything work fine and I can let it that way but I want it to work
faster by using deauthentication method.
It seems that snmp request work with HP switches when I try manually.
I can see on the switch my interface going up and down:
# pfcmd_vlan -setIfAdminStatus -ifAdminStatus 1(or 2) -ifIndex 32
-switch 192.168.1.100 -verbose 4
DEBUG - instantiating new SwitchFactory object
DEBUG - cache get for namespace='switch.overlay', key='192.168.1.100',
cache='File:l1_cache', time='0ms': MISS (not in cache)
DEBUG - cache get for namespace='switch.overlay', key='192.168.1.100',
cache='File', time='0ms': MISS (not in cache)
DEBUG - creating new pf::Switch::HP::Procurve_2600 object
DEBUG - start handling 'setIfAdminStatus' command
DEBUG - opening SNMP v2c write connection to 192.168.1.100
TRACE - SNMP get_request for sysLocation: 1.3.6.1.2.1.1.6.0
TRACE - SNMP set_request for sysLocation: 1.3.6.1.2.1.1.6.0 to DO -
Bureau DSI
TRACE - SNMP set_request for ifAdminStatus: 1.3.6.1.2.1.2.2.1.7.32 = 1
DEBUG - finished handling 'setIfAdminStatus' command
But in packetfence.log, it seems that the switch doesn't accept the
incoming snmp trap:
Sep 04 09:09:49 pfsetvlan(24) DEBUG: *ignoring unknown trap*:
2014-09-04|07:09:45|UDP:
[192.168.1.100]:161->[192.168.1.50]|192.168.1.100|BEGIN TYPE 2 END
TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS
.1.3.6.1.2.1.2.2.1.1.32 = INTEGER: 32|.1.3.6.1.2.1.2.2.1.7.32 =
INTEGER: down(2)|.1.3.6.1.2.1.2.2.1.8.32 = INTEGER:
down(2)|.1.3.6.1.2.1.2.2.1.2.32 = STRING:
32|.1.3.6.1.2.1.31.1.1.1.18.32 = STRING: prise.DO-J-15 END
VARIABLEBINDINGS (main::parseTrap)
Sep 04 09:09:55 pfsetvlan(21) DEBUG:*ignoring unknown trap*:
2014-09-04|07:09:52|UDP:
[192.168.1.100]:161->[192.168.1.50]|192.168.1.100|BEGIN TYPE 3 END
TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS
.1.3.6.1.2.1.2.2.1.1.32 = INTEGER: 32|.1.3.6.1.2.1.2.2.1.7.32 =
INTEGER: up(1)|.1.3.6.1.2.1.2.2.1.8.32 = INTEGER:
up(1)|.1.3.6.1.2.1.2.2.1.2.32 = STRING: 32|.1.3.6.1.2.1.31.1.1.1.18.32
= STRING: prise.DO-J-15 END VARIABLEBINDINGS (main::parseTrap)
Is there something to modify in HP.pm to make it work andaccelerate
dynamic vlan assignement ? Thanks for your answers.
Regards,
--
Sabrina Louison-François
Ingénieure Réseaux et Télécoms
Direction des Systèmes d’Information
École normale supérieure de Cachan
61, avenue du Président Wilson
94235 Cachan cedex
tél : 01 47 40 74 24
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
[email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
