I assume I could make a copy of the SG300.pm file and have separate ones for 24 and 48 port switches?
Here's the info you requested: IF-MIB::ifDescr.49 = STRING: gigabitethernet1 IF-MIB::ifDescr.50 = STRING: gigabitethernet2 IF-MIB::ifDescr.51 = STRING: gigabitethernet3 IF-MIB::ifDescr.52 = STRING: gigabitethernet4 IF-MIB::ifDescr.53 = STRING: gigabitethernet5 IF-MIB::ifDescr.54 = STRING: gigabitethernet6 IF-MIB::ifDescr.55 = STRING: gigabitethernet7 IF-MIB::ifDescr.56 = STRING: gigabitethernet8 IF-MIB::ifDescr.57 = STRING: gigabitethernet9 IF-MIB::ifDescr.58 = STRING: gigabitethernet10 IF-MIB::ifDescr.59 = STRING: gigabitethernet11 IF-MIB::ifDescr.60 = STRING: gigabitethernet12 IF-MIB::ifDescr.61 = STRING: gigabitethernet13 IF-MIB::ifDescr.62 = STRING: gigabitethernet14 IF-MIB::ifDescr.63 = STRING: gigabitethernet15 IF-MIB::ifDescr.64 = STRING: gigabitethernet16 IF-MIB::ifDescr.65 = STRING: gigabitethernet17 IF-MIB::ifDescr.66 = STRING: gigabitethernet18 IF-MIB::ifDescr.67 = STRING: gigabitethernet19 IF-MIB::ifDescr.68 = STRING: gigabitethernet20 IF-MIB::ifDescr.69 = STRING: gigabitethernet21 IF-MIB::ifDescr.70 = STRING: gigabitethernet22 IF-MIB::ifDescr.71 = STRING: gigabitethernet23 IF-MIB::ifDescr.72 = STRING: gigabitethernet24 IF-MIB::ifDescr.73 = STRING: gigabitethernet25 IF-MIB::ifDescr.74 = STRING: gigabitethernet26 IF-MIB::ifDescr.75 = STRING: gigabitethernet27 IF-MIB::ifDescr.76 = STRING: gigabitethernet28 IF-MIB::ifDescr.77 = STRING: gigabitethernet29 IF-MIB::ifDescr.78 = STRING: gigabitethernet30 IF-MIB::ifDescr.79 = STRING: gigabitethernet31 IF-MIB::ifDescr.80 = STRING: gigabitethernet32 IF-MIB::ifDescr.81 = STRING: gigabitethernet33 IF-MIB::ifDescr.82 = STRING: gigabitethernet34 IF-MIB::ifDescr.83 = STRING: gigabitethernet35 IF-MIB::ifDescr.84 = STRING: gigabitethernet36 IF-MIB::ifDescr.85 = STRING: gigabitethernet37 IF-MIB::ifDescr.86 = STRING: gigabitethernet38 IF-MIB::ifDescr.87 = STRING: gigabitethernet39 IF-MIB::ifDescr.88 = STRING: gigabitethernet40 IF-MIB::ifDescr.89 = STRING: gigabitethernet41 IF-MIB::ifDescr.90 = STRING: gigabitethernet42 IF-MIB::ifDescr.91 = STRING: gigabitethernet43 IF-MIB::ifDescr.92 = STRING: gigabitethernet44 IF-MIB::ifDescr.93 = STRING: gigabitethernet45 IF-MIB::ifDescr.94 = STRING: gigabitethernet46 IF-MIB::ifDescr.95 = STRING: gigabitethernet47 IF-MIB::ifDescr.96 = STRING: gigabitethernet48 IF-MIB::ifDescr.97 = STRING: gigabitethernet49 IF-MIB::ifDescr.98 = STRING: gigabitethernet50 IF-MIB::ifDescr.99 = STRING: gigabitethernet51 IF-MIB::ifDescr.100 = STRING: gigabitethernet52 IF-MIB::ifDescr.1000 = STRING: Po1 IF-MIB::ifDescr.1001 = STRING: Po2 IF-MIB::ifDescr.1002 = STRING: Po3 IF-MIB::ifDescr.1003 = STRING: Po4 IF-MIB::ifDescr.1004 = STRING: Po5 IF-MIB::ifDescr.1005 = STRING: Po6 IF-MIB::ifDescr.1006 = STRING: Po7 IF-MIB::ifDescr.1007 = STRING: Po8 IF-MIB::ifDescr.3000 = STRING: tunnel1 IF-MIB::ifDescr.7000 = STRING: loopback1 IF-MIB::ifDescr.20000 = STRING: Logical-int 1 IF-MIB::ifDescr.100000 = STRING: 1 IF-MIB::ifDescr.100063 = STRING: 64 IF-MIB::ifDescr.100067 = STRING: 68 IF-MIB::ifDescr.100071 = STRING: 72 IF-MIB::ifDescr.100075 = STRING: 76 IF-MIB::ifDescr.100085 = STRING: 86 IF-MIB::ifDescr.100087 = STRING: 88 IF-MIB::ifDescr.100095 = STRING: 96 IF-MIB::ifDescr.100099 = STRING: 100 IF-MIB::ifDescr.300000 = STRING: 64 On Tue, May 21, 2019 at 9:02 PM Durand fabrice <fdur...@inverse.ca> wrote: > So you can just change this line: > > > https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Cisco/SG300.pm#L91 > > with that: > > return $NAS_port - 48; > > My only concert is about other sg300 switches with let's say 24 port .... > > Last thing, can you do a snmpwalk on the oid 1.3.6.1.2.1.2.2.1.2 and paste > the result ? > > Regards > > Fabrice > > > Le 19-05-21 à 13 h 24, Stuart Gendron a écrit : > > Correct - it seems that the proper port for the SG300 switches is n-48 > (where 48 is however many ports it has). > > Is this a global change, or can be tied to the device profile itself? > > On Tue, May 21, 2019 at 12:36 PM Fabrice Durand <fdur...@inverse.ca> > wrote: > >> Hello Stuart, >> >> yes it's possible but when you plug in the port 2 is it the port 50 who >> appear in the log ? >> >> Regards >> >> Fabrice >> >> >> Le 19-05-21 à 11 h 42, Stuart Gendron a écrit : >> >> Logs below: >> >> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Closing >> connection (106): Hit idle_timeout, was idle for 431977 seconds >> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Closing >> connection (108): Hit idle_timeout, was idle for 431977 seconds >> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Closing >> connection (107): Hit idle_timeout, was idle for 431977 seconds >> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Closing >> connection (105): Hit idle_timeout, was idle for 431977 seconds >> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Opening >> additional connection (109), 1 of 64 pending slots used >> May 21 11:39:50 youi-packetfence-p1 auth[25948]: Need 2 more connections >> to reach min connections (3) >> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Opening >> additional connection (110), 1 of 63 pending slots used >> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Closing >> connection (98): Hit idle_timeout, was idle for 431989 seconds >> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Closing >> connection (97): Hit idle_timeout, was idle for 431977 seconds >> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Closing >> connection (99): Hit idle_timeout, was idle for 431977 seconds >> May 21 11:39:50 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Opening >> additional connection (100), 1 of 64 pending slots used >> May 21 11:39:51 youi-packetfence-p1 auth[25948]: Need 2 more connections >> to reach min connections (3) >> May 21 11:39:51 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Opening >> additional connection (101), 1 of 63 pending slots used >> May 21 11:39:51 youi-packetfence-p1 auth[25948]: Need 1 more connections >> to reach min connections (3) >> May 21 11:39:51 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Opening >> additional connection (111), 1 of 62 pending slots used >> May 21 11:39:51 youi-packetfence-p1 auth[25948]: [mac:0c:4d:e9:b9:23:ac] >> Rejected user: 0c4de9b923ac >> May 21 11:39:51 youi-packetfence-p1 auth[25948]: (41096) Rejected in >> post-auth: [0c4de9b923ac] (from client 10.100.64.67 port 49 cli >> 0c:4d:e9:b9:23:ac) >> May 21 11:39:51 youi-packetfence-p1 auth[25948]: (41096) Login incorrect: >> [0c4de9b923ac] (from client 10.100.64.67 port 49 cli 0c:4d:e9:b9:23:ac) >> May 21 11:40:02 youi-packetfence-p1 auth[25948]: Need 7 more connections >> to reach 10 spares >> May 21 11:40:02 youi-packetfence-p1 auth[25948]: rlm_sql (sql): Opening >> additional connection (112), 1 of 61 pending slots used >> May 21 11:40:02 youi-packetfence-p1 auth[25948]: Need 1 more connections >> to reach min connections (3) >> May 21 11:40:02 youi-packetfence-p1 auth[25948]: rlm_rest (rest): Opening >> additional connection (102), 1 of 62 pending slots used >> May 21 11:40:02 youi-packetfence-p1 auth[25948]: (41106) Login OK: >> [testradius] (from client 10.100.64.67 port 49 cli 0c:4d:e9:b9:23:ac via >> TLS tunnel) >> May 21 11:40:02 youi-packetfence-p1 auth[25948]: [mac:0c:4d:e9:b9:23:ac] >> Accepted user: testradius and returned VLAN 88 >> May 21 11:40:02 youi-packetfence-p1 auth[25948]: (41107) Login OK: >> [testradius] (from client 10.100.64.67 port 49 cli 0c:4d:e9:b9:23:ac) >> >> Looks like it's also sending port 49. >> >> Is there somewhere to make a modification where I can say $Port = $Port - >> 48 or something? >> >> On Thu, May 16, 2019 at 9:27 PM Durand fabrice <fdur...@inverse.ca> >> wrote: >> >>> Hello Stuart, >>> >>> it looks that the port is set to 49 in the radius request: >>> >>> May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] handling radius autz request: >>> from switch_ip => (10.100.64.67), connection_type => >>> Ethernet-NoEAP,switch_mac => (88:f0:77:d9:b2:48), mac => >>> [78:7b:8a:d3:ae:74], port => 49, username => "787b8ad3ae74" >>> (pf::radius::authorize) >>> >>> Are you able to check in the radius auditing what is the radius request >>> (with all the attributes) and paste it to me ? >>> >>> Regards >>> >>> Fabrice >>> >>> >>> Le 19-05-16 à 11 h 41, Stuart Gendron a écrit : >>> >>> Logs below: >>> >>> [root@youi-packetfence-p1 ~]# tail -f >>> /usr/local/pf/logs/packetfence.log| grep 78:7b:8a:d3:ae:74 >>> May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] handling radius autz request: >>> from switch_ip => (10.100.64.67), connection_type => >>> Ethernet-NoEAP,switch_mac => (88:f0:77:d9:b2:48), mac => >>> [78:7b:8a:d3:ae:74], port => 49, username => "787b8ad3ae74" >>> (pf::radius::authorize) >>> May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Instantiate profile default >>> (pf::Connection::ProfileFactory::_from_profile) >>> May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Match rule >>> mac_lan:unknown&pf_wired_mac_auth (pf::access_filter::test) >>> May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] vlan filter match ; belongs >>> into REJECT VLAN (pf::role::getRegistrationRole) >>> May 16 11:40:01 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] According to rules in >>> fetchRoleForNode this node must be kicked out. Returning USERLOCK >>> (pf::Switch::handleRadiusDeny) >>> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] handling radius autz request: >>> from switch_ip => (10.100.64.67), connection_type => >>> Ethernet-EAP,switch_mac => (88:f0:77:d9:b2:48), mac => [78:7b:8a:d3:ae:74], >>> port => 49, username => "testradius" (pf::radius::authorize) >>> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Instantiate profile 802.1x >>> (pf::Connection::ProfileFactory::_from_profile) >>> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Found authentication >>> source(s) : 'YOUI-DC-P1' for realm 'null' >>> (pf::config::util::filter_authentication_sources) >>> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) WARN: [mac:78:7b:8a:d3:ae:74] Calling match with >>> empty/invalid rule class. Defaulting to 'authentication' >>> (pf::authentication::match2) >>> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Using sources YOUI-DC-P1 for >>> matching (pf::authentication::match2) >>> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] LDAP testing connection >>> (pf::LDAP::expire_if) >>> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) ERROR: [mac:78:7b:8a:d3:ae:74] Error binding: 'Connection >>> reset by peer' (pf::LDAP::log_error_msg) >>> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) WARN: [mac:78:7b:8a:d3:ae:74] LDAP connection expired >>> (pf::LDAP::expire_if) >>> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Matched rule >>> (youi_tv_employees) in source YOUI-DC-P1, returning actions. >>> (pf::Authentication::Source::match_rule) >>> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Matched rule >>> (youi_tv_employees) in source YOUI-DC-P1, returning actions. >>> (pf::Authentication::Source::match) >>> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Role has already been >>> computed and we don't want to recompute it. Getting role from node_info >>> (pf::role::getRegisteredRole) >>> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Username was defined >>> "testradius" - returning role 'default' (pf::role::getRegisteredRole) >>> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] PID: "testradius", Status: >>> reg Returned VLAN: (undefined), Role: default (pf::role::fetchRoleForNode) >>> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] (10.100.64.67) Added VLAN 88 >>> to the returned RADIUS Access-Accept (pf::Switch::returnRadiusAccessAccept) >>> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] violation 1300003 >>> force-closed for 78:7b:8a:d3:ae:74 (pf::violation::violation_force_close) >>> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Instantiate profile 802.1x >>> (pf::Connection::ProfileFactory::_from_profile) >>> May 16 11:40:13 youi-packetfence-p1 packetfence_httpd.aaa: >>> httpd.aaa(6346) INFO: [mac:78:7b:8a:d3:ae:74] Updating locationlog from >>> accounting request (pf::api::handle_accounting_metadata) >>> May 16 11:40:14 youi-packetfence-p1 pfqueue: pfqueue(18291) WARN: >>> [mac:78:7b:8a:d3:ae:74] Unable to match MAC address to IP '10.100.90.109' >>> (pf::ip4log::ip2mac) >>> >>> On Tue, May 14, 2019 at 9:18 PM Durand fabrice via PacketFence-users < >>> packetfence-users@lists.sourceforge.net> wrote: >>> >>>> Hello Stuart, >>>> >>>> can you paste the log when you plug in the switch port ? >>>> >>>> tail -f /usr/local/pf/logs/packetfence.log| grep 00:11:22:33:44:55 >>>> >>>> with the real mac address of course. >>>> >>>> Regards >>>> >>>> Fabrice >>>> >>>> >>>> Le 19-05-14 à 10 h 43, Stuart Gendron via PacketFence-users a écrit : >>>> >>>> >>>> Hey there, >>>> >>>> Was wondering if anyone else has their ports showing up wrong for Cisco >>>> SG300 switches? >>>> >>>> This is when plugged into port 1 on a 48 port switch: >>>> >>>> [image: Screen Shot 2019-05-14 at 10.42.07 AM.png] >>>> >>>> If there's a way to fix it that'd be really appreciated :-) >>>> >>>> >>>> -- >>>> >>>> *Stuart Gendron* >>>> IT Support Specialist >>>> >>>> *You.i Labs* >>>> 307 Legget Drive, Kanata, ON, K2K 3C8 >>>> <https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g> >>>> t (613) 228-9107 x258 | c (613) 697-6853 >>>> >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing >>>> listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> PacketFence-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> >>> >>> >>> -- >>> >>> *Stuart Gendron* >>> IT Support Specialist >>> >>> *You.i Labs* >>> 307 Legget Drive, Kanata, ON, K2K 3C8 >>> <https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g> >>> t (613) 228-9107 x258 | c (613) 697-6853 >>> >>> >> >> -- >> >> *Stuart Gendron* >> IT Support Specialist >> >> *You.i Labs* >> 307 Legget Drive, Kanata, ON, K2K 3C8 >> <https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g> >> t (613) 228-9107 x258 | c (613) 697-6853 >> >> -- >> Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) :: >> www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> > > -- > > *Stuart Gendron* > IT Support Specialist > > *You.i Labs* > 307 Legget Drive, Kanata, ON, K2K 3C8 > <https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g> > t (613) 228-9107 x258 | c (613) 697-6853 > > -- *Stuart Gendron* IT Support Specialist *You.i Labs* 307 Legget Drive, Kanata, ON, K2K 3C8 <https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g> t (613) 228-9107 x258 | c (613) 697-6853
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
