Hi,
Im trying to configure Packetfence to deny access to all devices, unless they
are registered. I pretend to use packetfence and through snmp communicate with
a cisco switch and control port-security, so if mac is allowed the right vlan
is given and mac associated to the port...
PacketFence Info:
Version: 13.0.0
Cisco Switch:
Model: ME-C3750-24TE-M
Version: IOS 12.2
PacketFence Configuration:
Roles:
* Role "Custom Created"
Nodes:
* Mannually Created, mac address added and Role "Custom" attributed.
* MAC: 30:85:A9:05:80:B4
Switches:
* Added the test switch x.x.x.220
* Dynamic Uplinks enabled
* Roles
* VLAN ID (enabled)
* registration: 1000
* isolation: 1001
* macDetection: 1006
* Custom: 99
* Default: 99
* SNMP
* Version: v2c
* Community Read: X
* Community Write: Y
* Engine ID: 8000000903000021A1B34383
* Version Trap: v2c
* Community Trap: Y
Switch Configuration:
"""
vlan 99
name test
vlan 1000
name PacketFence
!
vlan 1001
name Isolation
!
vlan 1006
name mac-detection
!
interface FastEthernet1/0/1
description #####TESTES_PORTATIL#####
switchport access vlan 1000
switchport mode access
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address 0200.0000.0101 vlan access
spanning-tree portfast
spanning-tree bpduguard enable
!
snmp-server community Y RW
snmp-server community X RO
snmp-server enable traps port-security
snmp-server enable traps port-security trap-rate 1
snmp-server host X.X.X.2 version 2c Y port-security
"""
On PacketFence I receive the following log on
"/usr/local/pf/logs/snmptrapd.log":
"""
NET-SNMP version 5.9
2023-11-16|17:28:14|UDP: [X.X.X.220]:56719->[172.16.255.2]:162|0.0.0.0|BEGIN
TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS
.1.3.6.1.2.1.1.3.0 = Timeticks: (63220365) 7 days,
7:36:43.65|.1.3.6.1.6.3.1.1.4.1.0 = OID:
.1.3.6.1.4.1.9.9.315.0.0.1|.1.3.6.1.2.1.2.2.1.1.10001 = Wrong Type (should be
INTEGER): Gauge32: 10001|.1.3.6.1.2.1.31.1.1.1.1.10001 = STRING:
FastEthernet1/0/1|.1.3.6.1.4.1.9.9.315.1.2.1.1.10.10001 = Hex-STRING: 30 85 A9
05 80 B4 END VARIABLEBINDINGS
"""
Could someone help me understading if there is any error with snmp or wrong
config for packetfence out of band vlan enforcing using only SNMP?
Com os melhores cumprimentos,
Miguel Correia
Cybersecurity Engineer
[Uma imagem com Tipo de letra, Gráficos, logótipo, texto Descrição gerada
automaticamente]
Email:
[email protected]<mailto:[email protected]>
Mobile: +351 969 416 588
LISPOLIS – Polo Tecnológico de Lisboa
Rua António Champalimaud Lote 1 sala 0.2.0
1600-546 Lisboa
Portugal
Phone: +351 217 230 635
Email: [email protected]<mailto:[email protected]>
www: https://redshift.global<https://redshift.global/>
Media:[Red Website Logo - LogoDix][cid:fecc3a3a-0cb1-4eb8-8cbd-1d0e4dc99677]
[Uma imagem com logótipo, Tipo de letra, símbolo, Gráficos Descrição gerada
automaticamente][Uma imagem com logótipo, Tipo de letra, texto, símbolo
Descrição gerada automaticamente]
O conteúdo deste e-mail é confidencial para o destinatário pretendido e não
pode ser divulgado. Embora seja credível de que este e-mail e quaisquer anexos
estejam livres de vírus, é responsabilidade do destinatário confirmá-lo.
Informamos que comunicações urgentes e de tempo limitado não devem ser enviadas
por e-mail. Por meio deste avisamos que um recibo de entrega não constitui
confirmação nem recebimento pelo (s) destinatário (s) pretendido (s).
The contents of this e-mail are confidential to the intended recipient and may
not be disclosed. Although it is believed that this e-mail and any attachments
are virus free, it is the responsibility of the recipient to confirm this. You
are advised that urgent, time-sensitive communications should not be sent by
e-mail. We hereby give you notice that a delivery receipt does not constitute
acknowledgement nor receipt by the intended recipient(s)..
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
