Hello Louis, As requested here are the config files and arp output. >>>arp -a from my centos PF server:
root@centos ~]# arp -a WIN-2008.packetfence.local (172.16.202.20) at 08:00:27:8d:10:10 [ether] on eth0 ? (172.16.202.10) at c8:9c:1d:f4:82:c1 [ether] on eth0 >>>arp -a from my Windows 7 host: Interface : 172.16.202.3 --- 0xb Adresse Internet Adresse physique Type 172.16.202.10 c8-9c-1d-f4-82-c1 dynamique 172.16.202.255 ff-ff-ff-ff-ff-ff statique 224.0.0.22 01-00-5e-00-00-16 statique 224.0.0.252 01-00-5e-00-00-fc statique 239.255.255.250 01-00-5e-7f-ff-fa statique 255.255.255.255 ff-ff-ff-ff-ff-ff statique >>>arp -a from my client in the registration vlan with a static ip 172.16.210.25: Interface : 172.16.210.25 --- 0xd Adresse Internet Adresse physique Type 172.16.210.10 c8-9c-1d-f4-82-c4 dynamique 172.16.210.255 ff-ff-ff-ff-ff-ff statique 224.0.0.22 01-00-5e-00-00-16 statique 224.0.0.252 01-00-5e-00-00-fc statique 239.255.255.250 01-00-5e-7f-ff-fa statique >>>show ip arp from my Cisco Catalyst switch: Cisco3560#show ip arp Protocol Address Age (min) Hardware Addr Type Interface Internet 172.16.202.3 75 2c41.38b4.9e50 ARPA Vlan2 Internet 172.16.202.4 49 7c05.0756.f545 ARPA Vlan2 Internet 172.16.202.5 0 0800.27f5.3567 ARPA Vlan2 Internet 172.16.202.10 - c89c.1df4.82c1 ARPA Vlan2 Internet 172.16.202.20 0 0800.278d.1010 ARPA Vlan2 Internet 172.16.207.10 - c89c.1df4.82c2 ARPA Vlan7 Internet 172.16.210.10 - c89c.1df4.82c4 ARPA Vlan10 Internet 172.16.210.25 0 7c05.0756.f545 ARPA Vlan10 Internet 172.16.211.10 - c89c.1df4.82c3 ARPA Vlan11 >>>pf.conf [general] # # general.domain # # Domain name of PacketFence system. domain=packetfence.local # # general.hostname # # Hostname of PacketFence system. This is concatenated with the domain in Apache rewriting rules and therefore must be resolvable by clients. hostname=centos # # general.dnsservers # # Comma-delimited list of DNS servers. Passthroughs are created to allow queries to these servers from even "trapped" nodes. dnsservers=127.0.0.1, 172.16.202. # # general.dhcpservers # # Comma-delimited list of DHCP servers. Passthroughs are created to allow DHCP transactions from even "trapped" nodes. dhcpservers=127.0.0.1,138.21.217.45,172.16.202.10 [trapping] # # trapping.range # # Comma-delimited list of address ranges/CIDR blocks that Snort/Suricata will monitor/detect/trap on. Gateway, network, and # broadcast addresses are ignored. range=172.16.202.0/24, 172.16.210.0/24, 172.16.211.0/24 [alerting] # # alerting.emailaddr # # Email address to which notifications of rogue DHCP servers, violations with an action of "email", or any other # PacketFence-related message goes to. [email protected] [database] # # database.pass # # Password for the mysql database used by PacketFence. pass=***** [advanced] # # advanced.hash_passwords # # The algorithm to use to hash the passwords in the local database. hash_passwords=plaintext [interface eth0] ip=172.16.202.5 type=management mask=255.255.255.0 [interface eth0.10] enforcement=vlan ip=172.16.210.10 type=internal mask=255.255.255.0 [interface eth0.11] enforcement=vlan ip=172.16.211.10 type=internal mask=255.255.255.0 >>>networks.conf [172.16.210.0] dns=172.16.210.10 dhcp_start=172.16.210.1 gateway=172.16.210.10 domain-name=vlan-registration.centos.packetfence.local nat_enabled=disabled named=enabled dhcp_max_lease_time=30 fake_mac_enabled=disabled dhcpd=enabled dhcp_end=172.16.210.246 type=vlan-registration netmask=255.255.255.0 dhcp_default_lease_time=30 [172.16.211.0] dns=172.16.211.10 dhcp_start=172.16.211.1 gateway=172.16.211.10 domain-name=vlan-isolation.centos.packetfence.local nat_enabled=disabled named=enabled dhcp_max_lease_time=30 fake_mac_enabled=disabled dhcpd=enabled dhcp_end=172.16.211.246 type=vlan-isolation netmask=255.255.255.0 dhcp_default_lease_time=30 >>>switches.conf (I don't know if my SNMP configuration is right) # # Copyright (C) 2005-2015 Inverse inc. # # See the enclosed file COPYING for license information (GPL). # If you did not receive this file, see # http://www.fsf.org/licensing/licenses/gpl.html [default] description=Switches Default Values vlans=1,2,3,4,5,10,11,6 normalVlan=1 registrationVlan=10 isolationVlan=11 macDetectionVlan=4 voiceVlan=3 inlineVlan=5 inlineTrigger= normalRole=normal registrationRole=registration isolationRole=isolation macDetectionRole=macDetection voiceRole=voice inlineRole=inline VoIPEnabled=N VlanMap=Y RoleMap=Y mode=testing macSearchesMaxNb=30 macSearchesSleepInterval=2 uplink=dynamic # # Command Line Interface # # cliTransport could be: Telnet, SSH or Serial cliTransport=Telnet # # SNMP section # # PacketFence -> Switch SNMPVersion=1 SNMPCommunityRead=public SNMPCommunityWrite=private #SNMPEngineID = 0000000000000 #SNMPUserNameRead = readUser #SNMPAuthProtocolRead = MD5 #SNMPAuthPasswordRead = authpwdread #SNMPPrivProtocolRead = DES #SNMPPrivPasswordRead = privpwdread #SNMPUserNameWrite = writeUser #SNMPAuthProtocolWrite = MD5 #SNMPAuthPasswordWrite = authpwdwrite #SNMPPrivProtocolWrite = DES #SNMPPrivPasswordWrite = privpwdwrite # Switch -> PacketFence SNMPVersionTrap=1 SNMPCommunityTrap=public # # RADIUS NAS Client config # # RADIUS shared secret with switch radiusSecret=fcb defaultRole=default defaultVlan=2 AccessListMap=N type=Accton::ES3526XA [172.16.202.10] RoleMap=N mode=production description=Cisco3560 type=Cisco::Catalyst_3560 cliUser=admin SNMPVersionTrap=2c cliPwd=letmein SNMPVersion=2c cliEnablePwd=cisco radiusSecret=hola # PacketFence -> Switch #SNMPVersion = 3 #SNMPEngineID = 0000000000000 SNMPUserNameRead = readUser SNMPAuthProtocolRead = MD5 SNMPAuthPasswordRead = authpwdread SNMPPrivProtocolRead = AES SNMPPrivPasswordRead = privpwdread SNMPUserNameWrite = writeUser SNMPAuthProtocolWrite = MD5 SNMPAuthPasswordWrite = authpwdwrite SNMPPrivProtocolWrite = AES SNMPPrivPasswordWrite = privpwdwrite # Switch -> PacketFence SNMPVersionTrap = 3 SNMPUserNameTrap = readUser SNMPAuthProtocolTrap = MD5 SNMPAuthPasswordTrap = authpwdread SNMPPrivProtocolTrap = AES SNMPPrivPasswordTrap = privpwdread
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
