Anonymous | Login | 2024-11-22 23:05 EST |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
ID | Project | Category | View Status | Date Submitted | Last Update | |||
0001174 | PacketFence | hardware modules | public | 2011-02-03 15:22 | 2015-02-13 15:26 | |||
Reporter | obilodeau | |||||||
Assigned To | obilodeau | |||||||
Priority | normal | Severity | feature | Reproducibility | N/A | |||
Status | closed | Resolution | open | |||||
Platform | OS | OS Version | ||||||
Product Version | ||||||||
Target Version | Fixed in Version | |||||||
Summary | 0001174: isDot1xEnabled() a la isPortSecurityEnabled() | |||||||
Description | Based on some findings made in 0001128, if a user forgets to disable security and/or link traps to PacketFence it will try to act based on them. We need a wrapper like isPortSecurityEnabled() to be called and verify if dot1x or MAC Auth hasn't been enabled too in which case they take precedence and we do not act on the trap. Also, we might take this as an opportunity to refactor that code to be cleaner and less "all in one big ass method". Hint of MIBs to look at: dot1xPaeSystemAuthControl OBJECT-TYPE SYNTAX INTEGER { enabled(1), disabled(2) } MAX-ACCESS read-write STATUS current DESCRIPTION "The administrative enable/disable state for Port Access Control in a System." dot1xPaePortCapabilities OBJECT-TYPE SYNTAX BITS { dot1xPaePortAuthCapable(0), -- Authenticator functions are supported dot1xPaePortSuppCapable(1) -- Supplicant functions are supported } MAX-ACCESS read-only STATUS current DESCRIPTION "Indicates the PAE functionality that this Port supports and that may be managed through this MIB." | |||||||
Additional Information | - 802.1X is activated and we receive a security or a up/down trap. What happens? ** PF is setting the port to the MAC Detection VLAN, and tries to get the MAC address on the ifIndex, but fails : Jan 18 11:19:26 pfsetvlan(1) INFO: up trap received on 10.0.0.2 ifIndex 10004 (main::handleTrap) Jan 18 11:19:26 pfsetvlan(1) INFO: setting 10.0.0.2 port 10004 to MAC detection VLAN (main::handleTrap) Jan 18 11:21:33 pfsetvlan(5) WARN: couldn't get MAC at ifIndex 10004. This is a problem. (pf::SNMP::_getMacAtIfIndex) Jan 18 11:21:33 pfsetvlan(5) WARN: Tried to grab MAC address at ifIndex 10004 on switch 10.0.0.2 30 times and failed (main::handleTrap) Jan 18 11:21:33 pfsetvlan(5) INFO: cannot find MAC (maybe we found a VoIP, but they don't count here). Do nothing (main::handleTrap) Jan 18 11:21:33 pfsetvlan(5) INFO: finished (main::cleanupAfterThread) | |||||||
Tags | No tags attached. | |||||||
fixed in git revision | ||||||||
fixed in mtn revision | ||||||||
Attached Files | ||||||||
Relationships | ||||||
|
Notes | |
(0003733) lmunro (administrator) 2015-02-13 15:26 |
Old issues. Most are not relevant to PF 4 and up. Let's reopen the ones that matter when we move to github. |
Issue History | |||
Date Modified | Username | Field | Change |
2011-02-03 15:22 | obilodeau | New Issue | |
2011-02-03 15:22 | obilodeau | Status | new => assigned |
2011-02-03 15:22 | obilodeau | Assigned To | => obilodeau |
2011-02-03 15:22 | obilodeau | Relationship added | related to 0001128 |
2011-03-03 15:19 | obilodeau | Target Version | 2.0.2 => +1 |
2015-02-13 15:26 | lmunro | Note Added: 0003733 | |
2015-02-13 15:26 | lmunro | Status | assigned => closed |
Copyright © 2000 - 2012 MantisBT Group |