Re: [PacketFence-users] Packetfence-ZEN-5-1 bandwidth violation
Hi Fabrice, should I use PF ZEN 5.3.1 and how to upgrade from ZEN 5.1.? How to do a interim update of radius in ZEN? Regards Hubert Am 30.07.2015 um 14:19 schrieb Fabrice DURAND: Hi Hubert, It works when you disconnect because a radius accounting stop is sent, so it probably miss radius interim update. Regards Fabrice Le 2015-07-30 07:29, Hubert Kupper a écrit : Hi Louis, I had a copy of the original violations.conf and copied it into the pf/conf directory. I edited the bandwidth exampel of the new violations.conf and now it works! The violation occours when I download more than 2GB/day but only if I disattach my device from network. What can be the reason of this? Regards, Hubert Am 30.07.2015 um 06:50 schrieb Hubert Kupper: Hello Louis, I turned off pfbandwidth.d as you said. pf.conf: [general] # # general.domain # # Domain name of PacketFence system. domain=our domain # # general.hostname # # Hostname of PacketFence system. This is concatenated with the domain in Apache rewriting rules and therefore must be resolvable by clients. hostname=pfence2 # # general.dnsservers # # Comma-delimited list of DNS servers. Passthroughs are created to allow queries to these servers from even trapped nodes. dnsservers=IPs of our dns servers,127.0.0.1 # # general.dhcpservers # # Comma-delimited list of DHCP servers. Passthroughs are created to allow DHCP transactions from even trapped nodes. dhcpservers=127.0.0.1,IPs of our dhcp servers # # general.timezone # # System's timezone in string format. Supported list: # http://www.php.net/manual/en/timezones.php timezone=Europe/Berlin [trapping] # # trapping.range # # Comma-delimited list of address ranges/CIDR blocks that PacketFence will monitor/detect/trap on. Gateway, network, and # broadcast addresses are ignored. range=our range [alerting] # # alerting.emailaddr # # Email address to which notifications of rogue DHCP servers, violations with an action of email, or any other # PacketFence-related message goes to. emailaddr=f...@uni-landau.de [database] # # database.pass # # Password for the mysql database used by PacketFence. pass=foo # # database.user # # Username of the account with access to the mysql database used by PacketFence. user=fooadmin [expire] # # expire.node # # Time before a node is removed due to inactivity. # A value of 0D disables expiration. # example: # node=90D node=2m [services] # # services.pfsetvlan # # Should pfsetvlan be managed by PacketFence? pfsetvlan=enabled # # services.snmptrapd # # Should snmptrapd be managed by PacketFence? snmptrapd=enabled # database.pass # # Password for the mysql database used by PacketFence. pass=foo # # database.user # # Username of the account with access to the mysql database used by PacketFence. user=fooadmin [expire] # # expire.node # # Time before a node is removed due to inactivity. # A value of 0D disables expiration. # example: # node=90D node=2m [services] # # services.pfsetvlan # # Should pfsetvlan be managed by PacketFence? pfsetvlan=enabled # # services.snmptrapd # # Should snmptrapd be managed by PacketFence? snmptrapd=enabled [inline] # # inline.interfaceSNAT # Choose the interface(s) you want to use to enable snat (by default it´s the management interface) interfaceSNAT=eth0.209 # inline.accounting # # Should we handle accouting data for inline clients? # This controls inline accouting tasks in pfmon. accounting=enabled [interface eth0.37] enforcement=vlan ip=ip for vlan 37 type=management mask=255.255.255.0 [interface eth0.209] enforcement=vlan ip=ip for vlan 209 type=internal,monitor mask=255.255.255.0 [interface eth0.212] enforcement=vlan ip=ip for vlan 212 type=internal mask=255.255.255.0 [interface eth0.213] enforcement=vlan ip=ip for vlan 213 type=internal mask=255.255.255.0 Am 29.07.2015 um 15:39 schrieb Louis Munro: Is this inline or out-of-band? Please post your pf.conf. Regards, -- Louis Munro lmu...@inverse.ca mailto:lmu...@inverse.ca :: www.inverse.ca http://www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu http://www.sogo.nu) and PacketFence (www.packetfence.org http://www.packetfence.org) On Jul 29, 2015, at 3:52 , Hubert Kupper kup...@uni-landau.de mailto:kup...@uni-landau.de wrote: Hi Louis, pfbandwidthd is using 100% cpu time and pfbandwidthd.log shows: Jul 20 07:30:57 pfbandwidthd(5868) INFO: pfbandwidthd starting and writing 5871 to /usr/local/pf/var/run/pfbandwidthd.pid (pf::services::util::createpid) Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught SIGTERM - terminating (main::normal_sighandler) Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 21 02:04:13 pfbandwidthd(5868) ERROR: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 21 02:05:24
Re: [PacketFence-users] Packetfence-ZEN-5-1 bandwidth violation
Hi Hubert, Interim update has to be configured on the AP side, not on PacketFence side. Regards Fabrice Le 2015-07-31 00:13, Hubert Kupper a écrit : Hi Fabrice, should I use PF ZEN 5.3.1 and how to upgrade from ZEN 5.1.? How to do a interim update of radius in ZEN? Regards Hubert Am 30.07.2015 um 14:19 schrieb Fabrice DURAND: Hi Hubert, It works when you disconnect because a radius accounting stop is sent, so it probably miss radius interim update. Regards Fabrice Le 2015-07-30 07:29, Hubert Kupper a écrit : Hi Louis, I had a copy of the original violations.conf and copied it into the pf/conf directory. I edited the bandwidth exampel of the new violations.conf and now it works! The violation occours when I download more than 2GB/day but only if I disattach my device from network. What can be the reason of this? Regards, Hubert Am 30.07.2015 um 06:50 schrieb Hubert Kupper: Hello Louis, I turned off pfbandwidth.d as you said. pf.conf: [general] # # general.domain # # Domain name of PacketFence system. domain=our domain # # general.hostname # # Hostname of PacketFence system. This is concatenated with the domain in Apache rewriting rules and therefore must be resolvable by clients. hostname=pfence2 # # general.dnsservers # # Comma-delimited list of DNS servers. Passthroughs are created to allow queries to these servers from even trapped nodes. dnsservers=IPs of our dns servers,127.0.0.1 # # general.dhcpservers # # Comma-delimited list of DHCP servers. Passthroughs are created to allow DHCP transactions from even trapped nodes. dhcpservers=127.0.0.1,IPs of our dhcp servers # # general.timezone # # System's timezone in string format. Supported list: # http://www.php.net/manual/en/timezones.php timezone=Europe/Berlin [trapping] # # trapping.range # # Comma-delimited list of address ranges/CIDR blocks that PacketFence will monitor/detect/trap on. Gateway, network, and # broadcast addresses are ignored. range=our range [alerting] # # alerting.emailaddr # # Email address to which notifications of rogue DHCP servers, violations with an action of email, or any other # PacketFence-related message goes to. emailaddr=f...@uni-landau.de [database] # # database.pass # # Password for the mysql database used by PacketFence. pass=foo # # database.user # # Username of the account with access to the mysql database used by PacketFence. user=fooadmin [expire] # # expire.node # # Time before a node is removed due to inactivity. # A value of 0D disables expiration. # example: # node=90D node=2m [services] # # services.pfsetvlan # # Should pfsetvlan be managed by PacketFence? pfsetvlan=enabled # # services.snmptrapd # # Should snmptrapd be managed by PacketFence? snmptrapd=enabled # database.pass # # Password for the mysql database used by PacketFence. pass=foo # # database.user # # Username of the account with access to the mysql database used by PacketFence. user=fooadmin [expire] # # expire.node # # Time before a node is removed due to inactivity. # A value of 0D disables expiration. # example: # node=90D node=2m [services] # # services.pfsetvlan # # Should pfsetvlan be managed by PacketFence? pfsetvlan=enabled # # services.snmptrapd # # Should snmptrapd be managed by PacketFence? snmptrapd=enabled [inline] # # inline.interfaceSNAT # Choose the interface(s) you want to use to enable snat (by default it´s the management interface) interfaceSNAT=eth0.209 # inline.accounting # # Should we handle accouting data for inline clients? # This controls inline accouting tasks in pfmon. accounting=enabled [interface eth0.37] enforcement=vlan ip=ip for vlan 37 type=management mask=255.255.255.0 [interface eth0.209] enforcement=vlan ip=ip for vlan 209 type=internal,monitor mask=255.255.255.0 [interface eth0.212] enforcement=vlan ip=ip for vlan 212 type=internal mask=255.255.255.0 [interface eth0.213] enforcement=vlan ip=ip for vlan 213 type=internal mask=255.255.255.0 Am 29.07.2015 um 15:39 schrieb Louis Munro: Is this inline or out-of-band? Please post your pf.conf. Regards, -- Louis Munro lmu...@inverse.ca mailto:lmu...@inverse.ca :: www.inverse.ca http://www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu http://www.sogo.nu) and PacketFence (www.packetfence.org http://www.packetfence.org) On Jul 29, 2015, at 3:52 , Hubert Kupper kup...@uni-landau.de mailto:kup...@uni-landau.de wrote: Hi Louis, pfbandwidthd is using 100% cpu time and pfbandwidthd.log shows: Jul 20 07:30:57 pfbandwidthd(5868) INFO: pfbandwidthd starting and writing 5871 to /usr/local/pf/var/run/pfbandwidthd.pid (pf::services::util::createpid) Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught SIGTERM - terminating (main::normal_sighandler) Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 21 02:04:13
Re: [PacketFence-users] Packetfence-ZEN-5-1 bandwidth violation
Hi Hubert, It works when you disconnect because a radius accounting stop is sent, so it probably miss radius interim update. Regards Fabrice Le 2015-07-30 07:29, Hubert Kupper a écrit : Hi Louis, I had a copy of the original violations.conf and copied it into the pf/conf directory. I edited the bandwidth exampel of the new violations.conf and now it works! The violation occours when I download more than 2GB/day but only if I disattach my device from network. What can be the reason of this? Regards, Hubert Am 30.07.2015 um 06:50 schrieb Hubert Kupper: Hello Louis, I turned off pfbandwidth.d as you said. pf.conf: [general] # # general.domain # # Domain name of PacketFence system. domain=our domain # # general.hostname # # Hostname of PacketFence system. This is concatenated with the domain in Apache rewriting rules and therefore must be resolvable by clients. hostname=pfence2 # # general.dnsservers # # Comma-delimited list of DNS servers. Passthroughs are created to allow queries to these servers from even trapped nodes. dnsservers=IPs of our dns servers,127.0.0.1 # # general.dhcpservers # # Comma-delimited list of DHCP servers. Passthroughs are created to allow DHCP transactions from even trapped nodes. dhcpservers=127.0.0.1,IPs of our dhcp servers # # general.timezone # # System's timezone in string format. Supported list: # http://www.php.net/manual/en/timezones.php timezone=Europe/Berlin [trapping] # # trapping.range # # Comma-delimited list of address ranges/CIDR blocks that PacketFence will monitor/detect/trap on. Gateway, network, and # broadcast addresses are ignored. range=our range [alerting] # # alerting.emailaddr # # Email address to which notifications of rogue DHCP servers, violations with an action of email, or any other # PacketFence-related message goes to. emailaddr=f...@uni-landau.de [database] # # database.pass # # Password for the mysql database used by PacketFence. pass=foo # # database.user # # Username of the account with access to the mysql database used by PacketFence. user=fooadmin [expire] # # expire.node # # Time before a node is removed due to inactivity. # A value of 0D disables expiration. # example: # node=90D node=2m [services] # # services.pfsetvlan # # Should pfsetvlan be managed by PacketFence? pfsetvlan=enabled # # services.snmptrapd # # Should snmptrapd be managed by PacketFence? snmptrapd=enabled # database.pass # # Password for the mysql database used by PacketFence. pass=foo # # database.user # # Username of the account with access to the mysql database used by PacketFence. user=fooadmin [expire] # # expire.node # # Time before a node is removed due to inactivity. # A value of 0D disables expiration. # example: # node=90D node=2m [services] # # services.pfsetvlan # # Should pfsetvlan be managed by PacketFence? pfsetvlan=enabled # # services.snmptrapd # # Should snmptrapd be managed by PacketFence? snmptrapd=enabled [inline] # # inline.interfaceSNAT # Choose the interface(s) you want to use to enable snat (by default it´s the management interface) interfaceSNAT=eth0.209 # inline.accounting # # Should we handle accouting data for inline clients? # This controls inline accouting tasks in pfmon. accounting=enabled [interface eth0.37] enforcement=vlan ip=ip for vlan 37 type=management mask=255.255.255.0 [interface eth0.209] enforcement=vlan ip=ip for vlan 209 type=internal,monitor mask=255.255.255.0 [interface eth0.212] enforcement=vlan ip=ip for vlan 212 type=internal mask=255.255.255.0 [interface eth0.213] enforcement=vlan ip=ip for vlan 213 type=internal mask=255.255.255.0 Am 29.07.2015 um 15:39 schrieb Louis Munro: Is this inline or out-of-band? Please post your pf.conf. Regards, -- Louis Munro lmu...@inverse.ca mailto:lmu...@inverse.ca :: www.inverse.ca http://www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu http://www.sogo.nu) and PacketFence (www.packetfence.org http://www.packetfence.org) On Jul 29, 2015, at 3:52 , Hubert Kupper kup...@uni-landau.de mailto:kup...@uni-landau.de wrote: Hi Louis, pfbandwidthd is using 100% cpu time and pfbandwidthd.log shows: Jul 20 07:30:57 pfbandwidthd(5868) INFO: pfbandwidthd starting and writing 5871 to /usr/local/pf/var/run/pfbandwidthd.pid (pf::services::util::createpid) Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught SIGTERM - terminating (main::normal_sighandler) Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 21 02:04:13 pfbandwidthd(5868) ERROR: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 21 02:05:24 pfbandwidthd(6848) INFO: pfbandwidthd starting and
Re: [PacketFence-users] Packetfence-ZEN-5-1 bandwidth violation
Hi Louis, I had a copy of the original violations.conf and copied it into the pf/conf directory. I edited the bandwidth exampel of the new violations.conf and now it works! The violation occours when I download more than 2GB/day but only if I disattach my device from network. What can be the reason of this? Regards, Hubert Am 30.07.2015 um 06:50 schrieb Hubert Kupper: Hello Louis, I turned off pfbandwidth.d as you said. pf.conf: [general] # # general.domain # # Domain name of PacketFence system. domain=our domain # # general.hostname # # Hostname of PacketFence system. This is concatenated with the domain in Apache rewriting rules and therefore must be resolvable by clients. hostname=pfence2 # # general.dnsservers # # Comma-delimited list of DNS servers. Passthroughs are created to allow queries to these servers from even trapped nodes. dnsservers=IPs of our dns servers,127.0.0.1 # # general.dhcpservers # # Comma-delimited list of DHCP servers. Passthroughs are created to allow DHCP transactions from even trapped nodes. dhcpservers=127.0.0.1,IPs of our dhcp servers # # general.timezone # # System's timezone in string format. Supported list: # http://www.php.net/manual/en/timezones.php timezone=Europe/Berlin [trapping] # # trapping.range # # Comma-delimited list of address ranges/CIDR blocks that PacketFence will monitor/detect/trap on. Gateway, network, and # broadcast addresses are ignored. range=our range [alerting] # # alerting.emailaddr # # Email address to which notifications of rogue DHCP servers, violations with an action of email, or any other # PacketFence-related message goes to. emailaddr=f...@uni-landau.de [database] # # database.pass # # Password for the mysql database used by PacketFence. pass=foo # # database.user # # Username of the account with access to the mysql database used by PacketFence. user=fooadmin [expire] # # expire.node # # Time before a node is removed due to inactivity. # A value of 0D disables expiration. # example: # node=90D node=2m [services] # # services.pfsetvlan # # Should pfsetvlan be managed by PacketFence? pfsetvlan=enabled # # services.snmptrapd # # Should snmptrapd be managed by PacketFence? snmptrapd=enabled # database.pass # # Password for the mysql database used by PacketFence. pass=foo # # database.user # # Username of the account with access to the mysql database used by PacketFence. user=fooadmin [expire] # # expire.node # # Time before a node is removed due to inactivity. # A value of 0D disables expiration. # example: # node=90D node=2m [services] # # services.pfsetvlan # # Should pfsetvlan be managed by PacketFence? pfsetvlan=enabled # # services.snmptrapd # # Should snmptrapd be managed by PacketFence? snmptrapd=enabled [inline] # # inline.interfaceSNAT # Choose the interface(s) you want to use to enable snat (by default it´s the management interface) interfaceSNAT=eth0.209 # inline.accounting # # Should we handle accouting data for inline clients? # This controls inline accouting tasks in pfmon. accounting=enabled [interface eth0.37] enforcement=vlan ip=ip for vlan 37 type=management mask=255.255.255.0 [interface eth0.209] enforcement=vlan ip=ip for vlan 209 type=internal,monitor mask=255.255.255.0 [interface eth0.212] enforcement=vlan ip=ip for vlan 212 type=internal mask=255.255.255.0 [interface eth0.213] enforcement=vlan ip=ip for vlan 213 type=internal mask=255.255.255.0 Am 29.07.2015 um 15:39 schrieb Louis Munro: Is this inline or out-of-band? Please post your pf.conf. Regards, -- Louis Munro lmu...@inverse.ca mailto:lmu...@inverse.ca :: www.inverse.ca http://www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu http://www.sogo.nu) and PacketFence (www.packetfence.org http://www.packetfence.org) On Jul 29, 2015, at 3:52 , Hubert Kupper kup...@uni-landau.de mailto:kup...@uni-landau.de wrote: Hi Louis, pfbandwidthd is using 100% cpu time and pfbandwidthd.log shows: Jul 20 07:30:57 pfbandwidthd(5868) INFO: pfbandwidthd starting and writing 5871 to /usr/local/pf/var/run/pfbandwidthd.pid (pf::services::util::createpid) Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught SIGTERM - terminating (main::normal_sighandler) Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 21 02:04:13 pfbandwidthd(5868) ERROR: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 21 02:05:24 pfbandwidthd(6848) INFO: pfbandwidthd starting and writing 6851 to /usr/local/pf/var/run/pfbandwidthd.pid (pf::services::util::createpid) Jul 28 08:06:24 pfbandwidthd(6848) FATAL: pfbandwidthd: caught SIGTERM - terminating (main::normal_sighandler) Jul 28 08:06:24 pfbandwidthd(6848) FATAL: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285
Re: [PacketFence-users] Packetfence-ZEN-5-1 bandwidth violation
Hello Louis, I turned off pfbandwidth.d as you said. pf.conf: [general] # # general.domain # # Domain name of PacketFence system. domain=our domain # # general.hostname # # Hostname of PacketFence system. This is concatenated with the domain in Apache rewriting rules and therefore must be resolvable by clients. hostname=pfence2 # # general.dnsservers # # Comma-delimited list of DNS servers. Passthroughs are created to allow queries to these servers from even trapped nodes. dnsservers=IPs of our dns servers,127.0.0.1 # # general.dhcpservers # # Comma-delimited list of DHCP servers. Passthroughs are created to allow DHCP transactions from even trapped nodes. dhcpservers=127.0.0.1,IPs of our dhcp servers # # general.timezone # # System's timezone in string format. Supported list: # http://www.php.net/manual/en/timezones.php timezone=Europe/Berlin [trapping] # # trapping.range # # Comma-delimited list of address ranges/CIDR blocks that PacketFence will monitor/detect/trap on. Gateway, network, and # broadcast addresses are ignored. range=our range [alerting] # # alerting.emailaddr # # Email address to which notifications of rogue DHCP servers, violations with an action of email, or any other # PacketFence-related message goes to. emailaddr=f...@uni-landau.de [database] # # database.pass # # Password for the mysql database used by PacketFence. pass=foo # # database.user # # Username of the account with access to the mysql database used by PacketFence. user=fooadmin [expire] # # expire.node # # Time before a node is removed due to inactivity. # A value of 0D disables expiration. # example: # node=90D node=2m [services] # # services.pfsetvlan # # Should pfsetvlan be managed by PacketFence? pfsetvlan=enabled # # services.snmptrapd # # Should snmptrapd be managed by PacketFence? snmptrapd=enabled # database.pass # # Password for the mysql database used by PacketFence. pass=foo # # database.user # # Username of the account with access to the mysql database used by PacketFence. user=fooadmin [expire] # # expire.node # # Time before a node is removed due to inactivity. # A value of 0D disables expiration. # example: # node=90D node=2m [services] # # services.pfsetvlan # # Should pfsetvlan be managed by PacketFence? pfsetvlan=enabled # # services.snmptrapd # # Should snmptrapd be managed by PacketFence? snmptrapd=enabled [inline] # # inline.interfaceSNAT # Choose the interface(s) you want to use to enable snat (by default it´s the management interface) interfaceSNAT=eth0.209 # inline.accounting # # Should we handle accouting data for inline clients? # This controls inline accouting tasks in pfmon. accounting=enabled [interface eth0.37] enforcement=vlan ip=ip for vlan 37 type=management mask=255.255.255.0 [interface eth0.209] enforcement=vlan ip=ip for vlan 209 type=internal,monitor mask=255.255.255.0 [interface eth0.212] enforcement=vlan ip=ip for vlan 212 type=internal mask=255.255.255.0 [interface eth0.213] enforcement=vlan ip=ip for vlan 213 type=internal mask=255.255.255.0 Am 29.07.2015 um 15:39 schrieb Louis Munro: Is this inline or out-of-band? Please post your pf.conf. Regards, -- Louis Munro lmu...@inverse.ca mailto:lmu...@inverse.ca :: www.inverse.ca http://www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu http://www.sogo.nu) and PacketFence (www.packetfence.org http://www.packetfence.org) On Jul 29, 2015, at 3:52 , Hubert Kupper kup...@uni-landau.de mailto:kup...@uni-landau.de wrote: Hi Louis, pfbandwidthd is using 100% cpu time and pfbandwidthd.log shows: Jul 20 07:30:57 pfbandwidthd(5868) INFO: pfbandwidthd starting and writing 5871 to /usr/local/pf/var/run/pfbandwidthd.pid (pf::services::util::createpid) Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught SIGTERM - terminating (main::normal_sighandler) Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 21 02:04:13 pfbandwidthd(5868) ERROR: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 21 02:05:24 pfbandwidthd(6848) INFO: pfbandwidthd starting and writing 6851 to /usr/local/pf/var/run/pfbandwidthd.pid (pf::services::util::createpid) Jul 28 08:06:24 pfbandwidthd(6848) FATAL: pfbandwidthd: caught SIGTERM - terminating (main::normal_sighandler) Jul 28 08:06:24 pfbandwidthd(6848) FATAL: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 28 08:06:24 pfbandwidthd(6848) ERROR: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 28 08:06:24 pfbandwidthd(6848) FATAL: panic: leave_scope inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. (main::) Jul 28 08:06:24 pfbandwidthd(6848) ERROR: panic: leave_scope inconsistency
Re: [PacketFence-users] Packetfence-ZEN-5-1 bandwidth violation
Turn off pfbandwithd. If you have RADIUS accounting you don’t need it. Regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On Jul 29, 2015, at 3:52 , Hubert Kupper kup...@uni-landau.de wrote: Hi Louis, pfbandwidthd is using 100% cpu time and pfbandwidthd.log shows: Jul 20 07:30:57 pfbandwidthd(5868) INFO: pfbandwidthd starting and writing 5871 to /usr/local/pf/var/run/pfbandwidthd.pid (pf::services::util::createpid) Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught SIGTERM - terminating (main::normal_sighandler) Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 21 02:04:13 pfbandwidthd(5868) ERROR: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 21 02:05:24 pfbandwidthd(6848) INFO: pfbandwidthd starting and writing 6851 to /usr/local/pf/var/run/pfbandwidthd.pid (pf::services::util::createpid) Jul 28 08:06:24 pfbandwidthd(6848) FATAL: pfbandwidthd: caught SIGTERM - terminating (main::normal_sighandler) Jul 28 08:06:24 pfbandwidthd(6848) FATAL: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 28 08:06:24 pfbandwidthd(6848) ERROR: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 28 08:06:24 pfbandwidthd(6848) FATAL: panic: leave_scope inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. (main::) Jul 28 08:06:24 pfbandwidthd(6848) ERROR: panic: leave_scope inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. (main::) Jul 28 08:06:24 pfbandwidthd(6848) FATAL: panic: leave_scope inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. (main::) Jul 28 08:06:24 pfbandwidthd(6848) ERROR: panic: leave_scope inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. (main::) Jul 28 08:07:29 pfbandwidthd(10196) INFO: pfbandwidthd starting and writing 10199 to /usr/local/pf/var/run/pfbandwidthd.pid (pf::services::util::createpid) Jul 29 07:59:56 pfbandwidthd(10196) FATAL: pfbandwidthd: caught SIGTERM - terminating (main::normal_sighandler) Jul 29 07:59:56 pfbandwidthd(10196) FATAL: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (main::) Jul 29 07:59:56 pfbandwidthd(10196) ERROR: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (main::) Jul 29 08:00:56 pfbandwidthd(12316) INFO: pfbandwidthd starting and writing 12319 to /usr/local/pf/var/run/pfbandwidthd.pid (pf::services::util::createpid) [root@PacketFence-ZEN-5-1 logs]# Regards, Hubert Am 28.07.2015 um 20:23 schrieb Louis Munro: On Jul 28, 2015, at 8:37 , Hubert Kupper kup...@uni-landau.de wrote: there is traffic on port 1813 from the cisco switch to th server. tcpdump shows it. mysql select count(*) from radacct; shows count(*) 44 Is the MAC of the device among those listed in radacct? Something like this should return more: mysql select callingstationid,acctinputoctets,acctoutputoctets,acctstarttime from radacct; Regards, -- Louis Munro -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Packetfence-ZEN-5-1 bandwidth violation
Yes, the MAC ist listed in radacct. mysql select callingstationid,acctinputoctets,acctoutputoctets,acctstarttime from radacct; +--+-+--+-+ | callingstationid | acctinputoctets | acctoutputoctets | acctstarttime | +--+-+--+-+ | MAC of Device | 305985 | 2136314 | 2015-06-11 05:31:10 | | MAC of Device | 135939 | 321679 | 2015-06-11 07:32:13 | | MAC of Device | 544740 | 2168492 | 2015-06-11 07:34:03 | | MAC of Device | 411509 | 1880426 | 2015-06-16 04:39:54 | | MAC of Device | 316077 | 1993235 | 2015-07-01 07:59:10 | | MAC of Device | 315078 | 1101516 | 2015-07-02 00:29:02 | | MAC of Device | 226604 | 761901 | 2015-07-02 01:43:50 | | MAC of Device | 15288 |11989 | 2015-07-02 01:47:19 | | MAC of Device | 22990 |54229 | 2015-07-02 04:06:15 | | MAC of Device | 60292 | 165055 | 2015-07-02 04:07:26 | | MAC of Device | 0 |0 | 2015-07-02 04:30:46 | | MAC of Device | 196851 | 811680 | 2015-07-02 04:38:57 | | MAC of Device | 34725 |34158 | 2015-07-02 07:07:31 | | MAC of Device | 17383 |24721 | 2015-07-02 07:17:34 | | MAC of Device | 39313 |65616 | 2015-07-02 07:24:14 | | MAC of Device | 354304 | 1158021 | 2015-07-03 01:13:53 | | MAC of Device | 334114 | 570187 | 2015-07-03 01:51:05 | | MAC of Device | 212704 | 422752 | 2015-07-03 04:55:47 | | MAC of Device | 301328 | 1245402 | 2015-07-07 07:36:40 | | MAC of Device | 91855 | 267978 | 2015-07-07 08:16:18 | | MAC of Device | 118911 | 324120 | 2015-07-07 08:36:41 | | MAC of Device | 86473 | 329396 | 2015-07-08 01:55:24 | | MAC of Device | 442385 | 3770689 | 2015-07-08 01:56:13 | | MAC of Device | 124448991 | 5465876903 | 2015-07-09 01:12:29 | | MAC of Device | 127366974 | 9757331459 | 2015-07-09 01:42:45 | | MAC of Device | 131368744 | 9744742120 | 2015-07-09 03:04:56 | | MAC of Device |80610925 | 4877655570 | 2015-07-09 04:53:02 | | MAC of Device | 110464498 | 5096069898 | 2015-07-09 05:30:39 | | MAC of Device | 133285 | 870032 | 2015-07-14 01:28:06 | | MAC of Device | 251748459 | 10893782952 | 2015-07-14 01:28:54 | | MAC of Device | 39804 |99565 | 2015-07-14 03:39:47 | | MAC of Device | 349453 | 6216738 | 2015-07-14 03:45:53 | | MAC of Device | 13428 |32963 | 2015-07-14 04:12:49 | | MAC of Device | 165034 | 634026 | 2015-07-20 05:22:59 | | MAC of Device |82744904 | 5757677242 | 2015-07-20 05:26:20 | | MAC of Device | 6286503 |436994840 | 2015-07-20 05:41:35 | | MAC of Device | 8937332 |531312039 | 2015-07-20 07:36:45 | | MAC of Device | 5974933 |453600467 | 2015-07-20 07:41:06 | | MAC of Device | 1696527 |115864972 | 2015-07-20 07:55:07 | | MAC of Device | 15832 | 246426 | 2015-07-20 08:01:41 | | MAC of Device | 3415249 |208973612 | 2015-07-21 03:05:05 | | MAC of Device | 2701508 |153512871 | 2015-07-21 03:08:54 | | MAC of Device | 21482 | 6456 | 2015-07-28 09:51:14 | | MAC of Device |8756 |13620 | 2015-07-28 09:54:30 | +--+-+--+-+ 44 rows in set (0.00 sec) Regards, Hubert Am 28.07.2015 um 20:23 schrieb Louis Munro: On Jul 28, 2015, at 8:37 , Hubert Kupper kup...@uni-landau.de mailto:kup...@uni-landau.de wrote: there is traffic on port 1813 from the cisco switch to th server. tcpdump shows it. mysql select count(*) from radacct; shows count(*) 44 Is the MAC of the device among those listed in radacct? Something like this should return more: mysql select callingstationid,acctinputoctets,acctoutputoctets,acctstarttime from radacct; Regards, -- Louis Munro lmu...@inverse.ca mailto:lmu...@inverse.ca :: www.inverse.ca http://www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu http://www.sogo.nu) and PacketFence (www.packetfence.org http://www.packetfence.org) --
Re: [PacketFence-users] Packetfence-ZEN-5-1 bandwidth violation
Hi Louis, pfbandwidthd is using 100% cpu time and pfbandwidthd.log shows: Jul 20 07:30:57 pfbandwidthd(5868) INFO: pfbandwidthd starting and writing 5871 to /usr/local/pf/var/run/pfbandwidthd.pid (pf::services::util::createpid) Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught SIGTERM - terminating (main::normal_sighandler) Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 21 02:04:13 pfbandwidthd(5868) ERROR: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 21 02:05:24 pfbandwidthd(6848) INFO: pfbandwidthd starting and writing 6851 to /usr/local/pf/var/run/pfbandwidthd.pid (pf::services::util::createpid) Jul 28 08:06:24 pfbandwidthd(6848) FATAL: pfbandwidthd: caught SIGTERM - terminating (main::normal_sighandler) Jul 28 08:06:24 pfbandwidthd(6848) FATAL: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 28 08:06:24 pfbandwidthd(6848) ERROR: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 28 08:06:24 pfbandwidthd(6848) FATAL: panic: leave_scope inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. (main::) Jul 28 08:06:24 pfbandwidthd(6848) ERROR: panic: leave_scope inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. (main::) Jul 28 08:06:24 pfbandwidthd(6848) FATAL: panic: leave_scope inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. (main::) Jul 28 08:06:24 pfbandwidthd(6848) ERROR: panic: leave_scope inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. (main::) Jul 28 08:07:29 pfbandwidthd(10196) INFO: pfbandwidthd starting and writing 10199 to /usr/local/pf/var/run/pfbandwidthd.pid (pf::services::util::createpid) Jul 29 07:59:56 pfbandwidthd(10196) FATAL: pfbandwidthd: caught SIGTERM - terminating (main::normal_sighandler) Jul 29 07:59:56 pfbandwidthd(10196) FATAL: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (main::) Jul 29 07:59:56 pfbandwidthd(10196) ERROR: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (main::) Jul 29 08:00:56 pfbandwidthd(12316) INFO: pfbandwidthd starting and writing 12319 to /usr/local/pf/var/run/pfbandwidthd.pid (pf::services::util::createpid) [root@PacketFence-ZEN-5-1 logs]# Regards, Hubert Am 28.07.2015 um 20:23 schrieb Louis Munro: On Jul 28, 2015, at 8:37 , Hubert Kupper kup...@uni-landau.de mailto:kup...@uni-landau.de wrote: there is traffic on port 1813 from the cisco switch to th server. tcpdump shows it. mysql select count(*) from radacct; shows count(*) 44 Is the MAC of the device among those listed in radacct? Something like this should return more: mysql select callingstationid,acctinputoctets,acctoutputoctets,acctstarttime from radacct; Regards, -- Louis Munromailto:lmu...@inverse.ca -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Packetfence-ZEN-5-1 bandwidth violation
Is this inline or out-of-band? Please post your pf.conf. Regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On Jul 29, 2015, at 3:52 , Hubert Kupper kup...@uni-landau.de wrote: Hi Louis, pfbandwidthd is using 100% cpu time and pfbandwidthd.log shows: Jul 20 07:30:57 pfbandwidthd(5868) INFO: pfbandwidthd starting and writing 5871 to /usr/local/pf/var/run/pfbandwidthd.pid (pf::services::util::createpid) Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught SIGTERM - terminating (main::normal_sighandler) Jul 21 02:04:13 pfbandwidthd(5868) FATAL: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 21 02:04:13 pfbandwidthd(5868) ERROR: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 21 02:05:24 pfbandwidthd(6848) INFO: pfbandwidthd starting and writing 6851 to /usr/local/pf/var/run/pfbandwidthd.pid (pf::services::util::createpid) Jul 28 08:06:24 pfbandwidthd(6848) FATAL: pfbandwidthd: caught SIGTERM - terminating (main::normal_sighandler) Jul 28 08:06:24 pfbandwidthd(6848) FATAL: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 28 08:06:24 pfbandwidthd(6848) ERROR: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (IO::Select::can_read) Jul 28 08:06:24 pfbandwidthd(6848) FATAL: panic: leave_scope inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. (main::) Jul 28 08:06:24 pfbandwidthd(6848) ERROR: panic: leave_scope inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. (main::) Jul 28 08:06:24 pfbandwidthd(6848) FATAL: panic: leave_scope inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. (main::) Jul 28 08:06:24 pfbandwidthd(6848) ERROR: panic: leave_scope inconsistency at /usr/local/pf/sbin/pfbandwidthd line 157. (main::) Jul 28 08:07:29 pfbandwidthd(10196) INFO: pfbandwidthd starting and writing 10199 to /usr/local/pf/var/run/pfbandwidthd.pid (pf::services::util::createpid) Jul 29 07:59:56 pfbandwidthd(10196) FATAL: pfbandwidthd: caught SIGTERM - terminating (main::normal_sighandler) Jul 29 07:59:56 pfbandwidthd(10196) FATAL: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (main::) Jul 29 07:59:56 pfbandwidthd(10196) ERROR: pfbandwidthd: caught SIGTERM - terminating at /usr/local/pf/sbin/pfbandwidthd line 285 (main::) Jul 29 08:00:56 pfbandwidthd(12316) INFO: pfbandwidthd starting and writing 12319 to /usr/local/pf/var/run/pfbandwidthd.pid (pf::services::util::createpid) [root@PacketFence-ZEN-5-1 logs]# Regards, Hubert Am 28.07.2015 um 20:23 schrieb Louis Munro: On Jul 28, 2015, at 8:37 , Hubert Kupper kup...@uni-landau.de wrote: there is traffic on port 1813 from the cisco switch to th server. tcpdump shows it. mysql select count(*) from radacct; shows count(*) 44 Is the MAC of the device among those listed in radacct? Something like this should return more: mysql select callingstationid,acctinputoctets,acctoutputoctets,acctstarttime from radacct; Regards, -- Louis Munro -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Packetfence-ZEN-5-1 bandwidth violation
Hi Louis, there is traffic on port 1813 from the cisco switch to th server. tcpdump shows it. mysql select count(*) from radacct; shows count(*) 44 Regards, Hubert Am 23.07.2015 um 15:08 schrieb Louis Munro: Hi Hubert, Can you see if there is actually traffic on port 1813 coming to the server then? # tcpdump -iany -tnl -c 100 port 1813 And if there is, is there anything in the accounting tables of the database? mysql select count(*) from radacct; Regards, -- Louis Munro lmu...@inverse.ca mailto:lmu...@inverse.ca :: www.inverse.ca http://www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu http://www.sogo.nu) and PacketFence (www.packetfence.org http://www.packetfence.org) On Jul 23, 2015, at 1:02 , Hubert Kupper kup...@uni-landau.de mailto:kup...@uni-landau.de wrote: Yes, I have done this. On the 2960G: aaa authentication dot1x default group radius aaa accounting dot1x default start-stop group radius Regards, Hubert Am 22.07.2015 um 20:16 schrieb Louis Munro: It may not be your config that’s wrong. It may be that the switch is not sending accounting data to PacketFence. Have you configured RADIUS accounting on the 2960? Regards, -- Louis Munro lmu...@inverse.ca mailto:lmu...@inverse.ca :: www.inverse.ca http://www.inverse.ca/ +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu http://www.sogo.nu/) and PacketFence (www.packetfence.org http://www.packetfence.org/) On Jul 22, 2015, at 1:11 , Hubert Kupper kup...@uni-landau.de mailto:kup...@uni-landau.de wrote: Hello, I have running Packetfence-ZEN-5-1 fine. I created a test bandwidth violation of 2MB/Day but nothing happens when a client uses more than 2MB traffic. The web interface shows there is not enough data to create the graph and violation.log shows only DHCP violations. I added the following line to the Cisco 2960G in switches.conf: deauthMethod=RADIUS In violations.conf: [1100013] desc=Bandwidth Limit test (2MB/day) template=bandwidth_limit #hk090715 trigger=Accounting::BandwidthExpired trigger=Accounting::TOT2MBD window=dynamic enabled=Y actions=trap,log priority=1 auto_enable=N whitelisted_categories= vlan=isolation So what is wrong with my config? Best regards, Hubert -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net mailto:PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Packetfence-ZEN-5-1 bandwidth violation
On Jul 28, 2015, at 8:37 , Hubert Kupper kup...@uni-landau.de wrote: there is traffic on port 1813 from the cisco switch to th server. tcpdump shows it. mysql select count(*) from radacct; shows count(*) 44 Is the MAC of the device among those listed in radacct? Something like this should return more: mysql select callingstationid,acctinputoctets,acctoutputoctets,acctstarttime from radacct; Regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Packetfence-ZEN-5-1 bandwidth violation
Hi Hubert, Can you see if there is actually traffic on port 1813 coming to the server then? # tcpdump -iany -tnl -c 100 port 1813 And if there is, is there anything in the accounting tables of the database? mysql select count(*) from radacct; Regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On Jul 23, 2015, at 1:02 , Hubert Kupper kup...@uni-landau.de wrote: Yes, I have done this. On the 2960G: aaa authentication dot1x default group radius aaa accounting dot1x default start-stop group radius Regards, Hubert Am 22.07.2015 um 20:16 schrieb Louis Munro: It may not be your config that’s wrong. It may be that the switch is not sending accounting data to PacketFence. Have you configured RADIUS accounting on the 2960? Regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On Jul 22, 2015, at 1:11 , Hubert Kupper kup...@uni-landau.de wrote: Hello, I have running Packetfence-ZEN-5-1 fine. I created a test bandwidth violation of 2MB/Day but nothing happens when a client uses more than 2MB traffic. The web interface shows there is not enough data to create the graph and violation.log shows only DHCP violations. I added the following line to the Cisco 2960G in switches.conf: deauthMethod=RADIUS In violations.conf: [1100013] desc=Bandwidth Limit test (2MB/day) template=bandwidth_limit #hk090715 trigger=Accounting::BandwidthExpired trigger=Accounting::TOT2MBD window=dynamic enabled=Y actions=trap,log priority=1 auto_enable=N whitelisted_categories= vlan=isolation So what is wrong with my config? Best regards, Hubert -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- _ Hubert Kupper Universitaetsrechenzentrum in Landau Fortstrasse 7, D-76829 Landau Tel: +49 6341/28031173 Fax: +49 6341/28031267 -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Packetfence-ZEN-5-1 bandwidth violation
Yes, I have done this. On the 2960G: aaa authentication dot1x default group radius aaa accounting dot1x default start-stop group radius Regards, Hubert Am 22.07.2015 um 20:16 schrieb Louis Munro: It may not be your config that’s wrong. It may be that the switch is not sending accounting data to PacketFence. Have you configured RADIUS accounting on the 2960? Regards, -- Louis Munro lmu...@inverse.ca mailto:lmu...@inverse.ca :: www.inverse.ca http://www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu http://www.sogo.nu) and PacketFence (www.packetfence.org http://www.packetfence.org) On Jul 22, 2015, at 1:11 , Hubert Kupper kup...@uni-landau.de mailto:kup...@uni-landau.de wrote: Hello, I have running Packetfence-ZEN-5-1 fine. I created a test bandwidth violation of 2MB/Day but nothing happens when a client uses more than 2MB traffic. The web interface shows there is not enough data to create the graph and violation.log shows only DHCP violations. I added the following line to the Cisco 2960G in switches.conf: deauthMethod=RADIUS In violations.conf: [1100013] desc=Bandwidth Limit test (2MB/day) template=bandwidth_limit #hk090715 trigger=Accounting::BandwidthExpired trigger=Accounting::TOT2MBD window=dynamic enabled=Y actions=trap,log priority=1 auto_enable=N whitelisted_categories= vlan=isolation So what is wrong with my config? Best regards, Hubert -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net mailto:PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- _ Hubert Kupper Universitaetsrechenzentrum in Landau Fortstrasse 7, D-76829 Landau Tel: +49 6341/28031173 Fax: +49 6341/28031267 -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
Re: [PacketFence-users] Packetfence-ZEN-5-1 bandwidth violation
It may not be your config that’s wrong. It may be that the switch is not sending accounting data to PacketFence. Have you configured RADIUS accounting on the 2960? Regards, -- Louis Munro lmu...@inverse.ca :: www.inverse.ca +1.514.447.4918 x125 :: +1 (866) 353-6153 x125 Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) On Jul 22, 2015, at 1:11 , Hubert Kupper kup...@uni-landau.de wrote: Hello, I have running Packetfence-ZEN-5-1 fine. I created a test bandwidth violation of 2MB/Day but nothing happens when a client uses more than 2MB traffic. The web interface shows there is not enough data to create the graph and violation.log shows only DHCP violations. I added the following line to the Cisco 2960G in switches.conf: deauthMethod=RADIUS In violations.conf: [1100013] desc=Bandwidth Limit test (2MB/day) template=bandwidth_limit #hk090715 trigger=Accounting::BandwidthExpired trigger=Accounting::TOT2MBD window=dynamic enabled=Y actions=trap,log priority=1 auto_enable=N whitelisted_categories= vlan=isolation So what is wrong with my config? Best regards, Hubert -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users -- ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
