Anonymous | Login | 2024-11-22 19:43 EST |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
ID | Project | Category | View Status | Date Submitted | Last Update | |||
0001766 | PacketFence | hardware modules | public | 2014-02-05 20:25 | 2014-07-25 10:53 | |||
Reporter | aj14 | |||||||
Assigned To | ||||||||
Priority | normal | Severity | minor | Reproducibility | always | |||
Status | resolved | Resolution | fixed | |||||
Platform | Linux | OS | RHEL / CentOS | OS Version | 5 | |||
Product Version | 4.0.3 | |||||||
Target Version | Fixed in Version | |||||||
Summary | 0001766: PacketFence cannot receive SNMP traps from D-link DES3526 Switch | |||||||
Description | Before deploying PF to our network, we are testing its functionality with the switches that we have. So far so good, but when it comes to the D-Link DES3526, we have had no luck. When I look into the module itself, it is basically a container for the main Dlink.pm. Basically, nothing happens on the switch when we connect a host authorized or unauthorized to it. When looking at the packetfence log, it seems as if PF is not understanding the trap coming from the switch ("trap currently not hadled"). I have attached an excerpt of packetfence.log. You can see that the trap contains the MAC address of the machine that is being connected to the switch. I have also attached the switch configuration. Firmware is 5.00-B27. | |||||||
Steps To Reproduce | Connect a machine to a port in the switch configured to send traps. | |||||||
Additional Information | packetfence.log entries: Feb 04 16:56:08 pfsetvlan(25) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap) Feb 04 16:56:08 pfsetvlan(25) INFO: ignoring unknown trap: 2014-02-04|00:56:06|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1248956) 3:28:09.56|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap) Feb 04 16:56:08 pfmon(1) INFO: running expire check (main::cleanup) Feb 04 16:56:08 pfmon(1) INFO: checking registered nodes for expiration (main::cleanup) Feb 04 16:56:08 pfmon(1) INFO: checking violations for expiration (main::cleanup) Feb 04 16:56:08 pfmon(1) INFO: checking accounting data for potential bandwidth abuse (main::cleanup) Feb 04 16:56:08 pfmon(1) INFO: getting violations triggers for accounting cleanup (pf::accounting::acct_maintenance) Feb 04 16:56:08 pfmon(1) INFO: Calling node acct maintenance total with monthly and 1 for 21474836480 (pf::accounting::acct_maintenance) Feb 04 16:56:08 pfsetvlan(23) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap) Feb 04 16:56:08 pfsetvlan(23) INFO: ignoring unknown trap: 2014-02-04|00:56:07|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1249056) 3:28:10.56|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap) Feb 04 16:56:08 pfsetvlan(24) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap) Feb 04 16:56:08 pfsetvlan(24) INFO: ignoring unknown trap: 2014-02-04|00:56:08|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1249157) 3:28:11.57|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap) Feb 04 16:56:11 pfsetvlan(22) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap) Feb 04 16:56:11 pfsetvlan(22) INFO: ignoring unknown trap: 2014-02-04|00:56:09|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1249256) 3:28:12.56|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap) Feb 04 16:56:11 pfsetvlan(21) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap) Switch entry in switches.conf: [10.100.6.32] mode=production SNMPCommunityRead=frydmwrt SNMPCommunityWrite=frydmwrt SNMPVersionTrap=2c type=Dlink::DES_3526 VoIPEnabled=N SNMPVersion=2c uplink=26 SNMPCommunityTrap=frydmwrt SNMPEngineID=800000ab03001cf09d649a | |||||||
Tags | snmp | |||||||
fixed in git revision | ||||||||
fixed in mtn revision | ||||||||
Attached Files | des-3526-config [^] (8,410 bytes) 2014-02-05 20:25 [Show Content]
Dlink-aj14.pm [^] (7,895 bytes) 2014-02-28 11:13 Dlink.pm [^] (7,879 bytes) 2014-04-23 14:34 | |||||||
Notes | |
(0003500) fdurand (administrator) 2014-02-06 09:49 |
Hello, let check in the Dlink.pm module, it look like the format of the trap has changed. Change that to match your trap: /BEGIN VARIABLEBINDINGS [^|]+[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 = OID: \.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.15\.0\.3\|\.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.15\.1 = Hex-STRING: ([0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2})/ Fabrice |
(0003501) aj14 (reporter) 2014-02-06 15:56 |
Fabrice, I am not sure what is that I need to change. Is it Dlink.pm or something in the switch? That statement that you wrote in your comment is already on Dlink.pm, line 57 Can you please clarify? Thanks Adrian |
(0003502) fdurand (administrator) 2014-02-06 16:10 |
Adrian, what i have posted is a regexp that parse the trap your switch send. So your trap look like: .1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 So you have to rewrite the regexp in packetfence to match your trap and get the ifindex of the port and the mac address. Regards Fabrice |
(0003508) aj14 (reporter) 2014-02-19 23:13 |
Fabrice, I am not an expert in RegExp. Please verify that the change is correct. =~ /BEGIN VARIABLEBINDINGS [^|]+[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 = OID: \.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.15\.2\.0\.2\|\.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.14\.1\.1\.1\.1 = Hex-STRING: ([0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2})/ Why do I have to do this in the first place? Is there a specific firmware supported for the DES-3526? There is not mention of it in the documentation. Regards Adrian |
(0003509) aj14 (reporter) 2014-02-20 21:03 |
After making that change and restarting the packetfence service (do I need to do that when I change a module?), it still does not work. I get pretty much the same results: --- Feb 20 17:56:55 pfsetvlan(23) INFO: ignoring unknown trap: 2014-02-20|01:56:55|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (139852616) 16 days, 4:28:46.16|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap) Feb 20 17:56:56 pfsetvlan(25) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap) Feb 20 17:56:56 pfsetvlan(25) INFO: ignoring unknown trap: 2014-02-20|01:56:55|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (139852659) 16 days, 4:28:46.59|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap) Feb 20 17:56:56 pfsetvlan(21) WARN: We have received a trap from switch 10.128.240.44. This switch is UNREGISTERED. Flush the trap (main::parseTrap) Feb 20 17:56:56 pfsetvlan(22) WARN: We have received a trap from switch 10.128.208.38. This switch is UNREGISTERED. Flush the trap (main::parseTrap) Feb 20 17:56:57 pfsetvlan(24) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap) Feb 20 17:56:57 pfsetvlan(24) INFO: ignoring unknown trap: 2014-02-20|01:56:56|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (139852763) 16 days, 4:28:47.63|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap) Feb 20 17:56:59 pfsetvlan(3) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Feb 20 17:56:59 pfsetvlan(3) DEBUG: opening SNMP v2c read connection to 10.100.6.32 (pf::SNMP::connectRead) Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for sysLocation: 1.3.6.1.2.1.1.6.0 (pf::SNMP::connectRead) Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for ifType: 1.3.6.1.2.1.2.2.1.3.1 (pf::SNMP::getIfType) Feb 20 17:56:59 pfsetvlan(3) INFO: down trap received on 10.100.6.32 ifIndex 1 (main::handleTrap) Feb 20 17:56:59 pfsetvlan(3) INFO: setting 10.100.6.32 port 1 to MAC detection VLAN (main::handleTrap) Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_table for dot1dBasePortIfIndex: 1.3.6.1.2.1.17.1.4.1.2 (pf::SNMP::getDot1dBasePortForThisIfIndex) Feb 20 17:56:59 pfsetvlan(3) DEBUG: dot1dBasePort corresponding to ifIndex 1 is 1 (pf::SNMP::getDot1dBasePortForThisIfIndex) Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for dot1qPvid: 1.3.6.1.2.1.17.7.1.4.5.1.1.1 (pf::SNMP::getVlan) Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for dot1qVlanStaticName: 1.3.6.1.2.1.17.7.1.4.3.1.1.4 (pf::SNMP::isDefinedVlan) Feb 20 17:56:59 pfsetvlan(3) WARN: MAC detection VLAN 4 is not defined on switch 10.100.6.32 -> Do nothing (pf::SNMP::setVlan) Feb 20 17:56:59 pfsetvlan(3) INFO: finished (main::cleanupAfterThread) Feb 20 17:56:59 pfsetvlan(3) DEBUG: closing SNMP v2c read connection to 10.100.6.32 (pf::SNMP::disconnectRead) --- The last entries seem to indicate that some traps do work, but not the one for the MAC address violation. Regards Adrian |
(0003510) aj14 (reporter) 2014-02-28 10:33 |
No word on this? After analyzing the trap closely, this is what is missing from it: = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 Will re-write the regexp accordingly, but the question remains the same, why is it that I need to (so drastically) modify the module. Regards Adrian |
(0003511) aj14 (reporter) 2014-02-28 11:11 |
This also was preventing a match: ([0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2}) I changed it to this: ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}) Now the trap is a match, but I get the following error: Feb 28 07:55:48 pfsetvlan(22) INFO: ignoring unknown trap: 2014-02-28|15:55:44|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (205364994) 23 days, 18:27:29.94|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap) Argument "B8 88 E3 DD F9 45" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 62. Argument "B8 88 E3 DD F9 45" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 64. Use of uninitialized value in substitution (s///) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 73. Use of uninitialized value in hex at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 74. I will upload the current Dlink.pm that I have. I now need help from you guys. |
(0003530) ah27 (reporter) 2014-04-23 14:34 |
I have reapplied the changes that you originally told Adrian to apply after upgrading our server to 4.1.0 With your version of the fix I get: Apr 23 11:20:41 pfsetvlan(24) INFO: ignoring unknown trap: 2014-04-23|18:20:38|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (6144888) 17:04:08.88|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: 00 24 BE B1 F6 31 END VARIABLEBINDINGS (main::parseTrap) With Adrian's I get: Apr 23 11:27:43 pfsetvlan(21) INFO: ignoring unknown trap: 2014-04-23|18:27:41|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (6187149) 17:11:11.49|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: 00 24 BE B1 F6 31 END VARIABLEBINDINGS (main::parseTrap) Argument "00 24 BE B1 F6 31" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 62. Argument "00 24 BE B1 F6 31" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 64. Use of uninitialized value in substitution (s///) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 73. Use of uninitialized value in hex at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 74 I will also attach the version of the Dlink.pm we now have. |
(0003531) lmunro (administrator) 2014-04-25 13:53 |
It looks like the format for the dlink traps has changed significantly. You are probably running a newer version of the firmware than what we tested with. I can't really fix this without knowing more. It will take a rewrite of the parseTrap function to support the new trap format. I will need to know what type of traps we are receiving and run a few live tests with someone on your end. |
(0003571) lmunro (administrator) 2014-07-25 10:52 |
Fixed by new DES_3526 module. |
Issue History | |||
Date Modified | Username | Field | Change |
2014-02-05 20:25 | aj14 | New Issue | |
2014-02-05 20:25 | aj14 | File Added: des-3526-config | |
2014-02-05 20:26 | aj14 | Tag Attached: snmp | |
2014-02-06 09:49 | fdurand | Note Added: 0003500 | |
2014-02-06 15:56 | aj14 | Note Added: 0003501 | |
2014-02-06 16:10 | fdurand | Note Added: 0003502 | |
2014-02-19 23:13 | aj14 | Note Added: 0003508 | |
2014-02-20 21:03 | aj14 | Note Added: 0003509 | |
2014-02-28 10:33 | aj14 | Note Added: 0003510 | |
2014-02-28 11:11 | aj14 | Note Added: 0003511 | |
2014-02-28 11:13 | aj14 | File Added: Dlink-aj14.pm | |
2014-04-23 14:34 | ah27 | Note Added: 0003530 | |
2014-04-23 14:34 | ah27 | File Added: Dlink.pm | |
2014-04-25 13:53 | lmunro | Note Added: 0003531 | |
2014-07-25 10:52 | lmunro | Note Added: 0003571 | |
2014-07-25 10:53 | lmunro | Status | new => resolved |
2014-07-25 10:53 | lmunro | Resolution | open => fixed |
Copyright © 2000 - 2012 MantisBT Group |