0001183: Nortel regressions - PacketFence

Notes
(0001860) ryacketta (reporter) 2011-02-11 16:47	my $is_voice_vlan = ($vlan == $switch->getVoiceVlan($ifIndex)); my $fakeMac = $switch->generateFakeMac($is_voice_vlan, $ifIndex); $logger->info( "$mac is a secure MAC address at " . $switch->{_ip} . " ifIndex $ifIndex VLAN $vlan. De-authorizing (new entry $fakeMac)" ); Looks like $vlan is unknown as per the log output: Feb 11 16:27:00 pfsetvlan(11) INFO: 00:16:cb:89:6b:50 is a secure MAC address at 137.143.212.20 ifIndex 149 VLAN . De-authorizing (new entry 02:00:00:00:01:49) (main::do_port_security) switch: BayStack 470 48-T

(0001865) obilodeau (reporter) 2011-02-15 11:44	I just re-validated the code and there's no obvious reason why would @{ $secureMacAddrHashRef->{$mac}->{$ifIndex} } hold undef. - What's your conf/switches.conf entry for this switch? - Can you do a snmpwalk -v 2c -c <read-community> <switch-ip> 1.3.6.1.4.1.45.1.6.5.3.10.1.4 and provide results here. This fetches the security table on your switch. - Can you do a snmpwalk -v 2c -c <read-community> <switch-ip> 1.3.6.1.4.1.2272.1.3.3.1.7 and provide results here. This fetches the VLAN per Port config on your switch. - What firmware do you run? Thanks!

(0001868) ryacketta (reporter) 2011-02-15 14:11	BayStack 470-48T : v3.7.4.15 snmpwalk -v 2c -c <RO> <IP> 1.3.6.1.4.1.45.1.6.5.3.10.1.4 SNMPv2-SMI::enterprises.45.1.6.5.3.10.1.4 = No Such Instance currently exists at this OID snmpwalk -v 2c -c <RO> <IP> 1.3.6.1.4.1.2272.1.3.3.1.7 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.1 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.2 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.3 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.4 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.5 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.6 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.7 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.8 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.9 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.10 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.11 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.12 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.13 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.14 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.15 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.16 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.17 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.18 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.19 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.20 = INTEGER: 11 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.21 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.22 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.23 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.24 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.25 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.26 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.27 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.28 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.29 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.30 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.31 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.32 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.33 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.34 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.35 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.36 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.37 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.38 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.39 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.40 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.41 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.42 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.43 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.44 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.45 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.46 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.47 = INTEGER: 102 SNMPv2-SMI::enterprises.2272.1.3.3.1.7.48 = INTEGER: 102 [default] vlans = 3,11,102 normalVlan = 11 registrationVlan = 102 isolationVlan = 3 macDetectionVlan = 102 guestVlan = 102 customVlan1 = customVlan2 = customVlan3 = customVlan4 = customVlan5 = VoIPEnabled = no voiceVlan = mode = testing macSearchesMaxNb = 30 macSearchesSleepInterval = 2 uplink = dynamic # # SNMP section # # PacketFence -> Switch SNMPVersion = 2c SNMPCommunityRead = <RO> SNMPCommunityWrite = <RW> # Switch -> PacketFence SNMPVersionTrap = 2c SNMPCommunityTrap = public [127.0.0.1] type = PacketFence mode = production uplink = dynamic [<IP>] type = Nortel::BayStack470 mode = production uplink = 1

(0001869) obilodeau (reporter) 2011-02-16 10:10	Given the results of the first walk "No Such Instance currently exists at this OID" I can't see how you can get the error you have in this bug report. Is port-security appropriately configured? Was it messed with between the time you first reported the error and the snmpwalk above?

(0001891) ryacketta (reporter) 2011-03-02 13:51 edited on: 2011-03-02 14:46	Sorry for the delay in response, just getting back from vacation. I went ahead 'ctrl-c i'ed the 470 then configured it per PacketFence_Network_Devices_Configuration_Guide-2.0.1.pdf Nothing has changed in the pf confs (pf.conf, networks.con, switches.conf etc), connecting a mac laptop results in Mar 02 13:45:55 pfsetvlan(11) INFO: up trap received on <IP> ifIndex 18 (main::handleTrap) Mar 02 13:45:55 pfsetvlan(11) INFO: setting <IP> port 18 to MAC detection VLAN (main::handleTrap) Argument "noSuchInstance" isn't numeric in numeric ge (>=) at /usr/local/pf/lib/pf/SNMP/Nortel.pm line 533 (0000001) (W numeric) The indicated string was fed as an argument to an operator that expected a numeric value instead. If you're fortunate the message will identify which operator was so unfortunate. Mar 02 13:45:56 pfsetvlan(11) INFO: MAC: 00:16:cb:89:6b:50 is of status unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan) Mar 02 13:45:56 pfsetvlan(11) INFO: finished (main::cleanupAfterThread) Mar 02 13:45:57 pfsetvlan(21) INFO: secureMacAddrViolation trap on <IP> ifIndex 18. Port Security is no longer configured on the port. Flush the trap (main::signalHandlerTrapListQueued) I am not a network admin, just a system engineer doing some R&D with PF to see how it can / will fit into our network setup. My knowledge of installing, configuring and setting up a switch is very limited.

(0001892) ryacketta (reporter) 2011-03-02 14:09 edited on: 2011-03-02 14:25	After the re-configure I still get the following snmpwalk -v 2c -c <RO> <IP> 1.3.6.1.4.1.45.1.6.5.3.10.1.4 SNMPv2-SMI::enterprises.45.1.6.5.3.10.1.4 = No Such Instance currently exists at this OID

(0001893) ryacketta (reporter) 2011-03-02 14:20 edited on: 2011-03-02 14:44	Looks like 45.1.6.5.3.10 is missing on this 470 snmpwalk -v 2c -c<BLAH> <IP> enterprise ... SNMPv2-SMI::enterprises.45.1.6.5.3.7.0 = INTEGER: 448 SNMPv2-SMI::enterprises.45.1.6.5.3.8.0 = INTEGER: 0 SNMPv2-SMI::enterprises.45.1.6.5.3.9.0 = INTEGER: 0 SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.1.1.1.0.0.0.0.0.0 = INTEGER: 1 SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.2.1.1.0.0.0.0.0.0 = INTEGER: 1 SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.3.1.1.0.0.0.0.0.0 = Hex-STRING: 00 00 00 00 00 00 SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.4.1.1.0.0.0.0.0.0 = INTEGER: 1 SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.5.1.1.0.0.0.0.0.0 = INTEGER: 5 SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.6.1.1.0.0.0.0.0.0 = INTEGER: 1 SNMPv2-SMI::enterprises.45.1.6.5.3.12.1.1.1.1 = INTEGER: 1 SNMPv2-SMI::enterprises.45.1.6.5.3.12.1.1.1.2 = INTEGER: 1 ... Switch info: sysDescr: Ethernet Switch 470-48T HW:10 FW:3.6.0.7 SW:v3.7.5.13 ISVN:2 Mfg Date:11102005 HW Dev: sysObjectID: 1.3.6.1.4.1.45.3.46.1

(0001894) ryacketta (reporter) 2011-03-02 14:44 edited on: 2011-03-02 14:44	The same is seen on a sysDescr: Ethernet Routing Switch 5510-48T HW:34 FW:5.0.0.4 SW:v5.1.0.014 snmpwalk -v 2c -c<BLAH> <IP> enterprise \| ... SNMPv2-SMI::enterprises.45.1.6.5.3.1.0 = INTEGER: 3 SNMPv2-SMI::enterprises.45.1.6.5.3.2.0 = INTEGER: 0 SNMPv2-SMI::enterprises.45.1.6.5.3.3.0 = INTEGER: 2 SNMPv2-SMI::enterprises.45.1.6.5.3.4.0 = INTEGER: 2 SNMPv2-SMI::enterprises.45.1.6.5.3.5.0 = INTEGER: 1 SNMPv2-SMI::enterprises.45.1.6.5.3.6.0 = INTEGER: 0 SNMPv2-SMI::enterprises.45.1.6.5.3.7.0 = INTEGER: 448 SNMPv2-SMI::enterprises.45.1.6.5.3.8.0 = INTEGER: 0 SNMPv2-SMI::enterprises.45.1.6.5.3.9.0 = INTEGER: 0 SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.1.1.1.0.0.0.0.0.0 = INTEGER: 1 SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.1.1.2.0.0.0.0.0.0 = INTEGER: 1 SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.1.1.3.0.0.0.0.0.0 = INTEGER: 1 ...

(0001895) ryacketta (reporter) 2011-03-02 17:36	Here is the mac-security settings on the 470 pfence-rtr(config)#show mac-security config MAC Address Security: Enabled MAC Address Security SNMP-Locked: Disabled Partition Port on Intrusion Detected: Disabled DA Filtering on Intrusion Detected: Enabled Generate SNMP Trap on Intrusion: Enabled MAC Auto-Learning Age-Time: 60 minutes Current Learning Mode: Disabled Learn by Ports: NONE port 18 mac-security (the random port I have been testing with) pfence-rtr(config)#show mac-security port 18 Port Trunk Security Auto-Learning MAC Number ---- ----- -------- ------------- ---------- 18 Enabled Disabled 2 mac-securtity table pfence-rtr(config)#show mac-security mac-address-table Port Allowed MAC Address Automatic ---- ------------------- --------- Security List Allowed MAC Address Automatic ------------- ------------------- ---------

(0001896) ryacketta (reporter) 2011-03-03 09:38	Did some wireshark playing this morning, the following OID is used when I check 'Security->AuthStatus' via ESM6.3 1.3.6.1.4.1.45.1.6.5.3.11 a snmpwalk shows SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.1.1.1.0.0.0.0.0.0 = INTEGER: 1 SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.2.1.1.0.0.0.0.0.0 = INTEGER: 1 SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.3.1.1.0.0.0.0.0.0 = Hex-STRING: 00 00 00 00 00 00 SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.4.1.1.0.0.0.0.0.0 = INTEGER: 1 SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.5.1.1.0.0.0.0.0.0 = INTEGER: 5 SNMPv2-SMI::enterprises.45.1.6.5.3.11.1.6.1.1.0.0.0.0.0.0 = INTEGER: 1 Looking at http://www.oidview.com/mibs/45/S5-SWITCH-BAYSECURE-MIB.html [^] it seems that one could use s5SbsAuthStatusTable as a posisble replacement for s5SbsAuthCfgTable?

(0001897) ryacketta (reporter) 2011-03-03 10:29 edited on: 2011-03-03 10:32	some more dabbling.. As mentioned before, snmpwalking 1.3.6.1.4.1.45.1.6.5.3.10 returned an error (No Such Instance currently exists at this OID). After some playing around, I decided to manually add an entry to 'Security->AuthConfig' via ESM6.3 and miraculously OID 1.3.6.1.4.1.45.1.6.5.3.10 now works. snmpwalk -v 2c -c<RO> <IP> 1.3.6.1.4.1.45.1.6.5.3.10 SNMPv2-SMI::enterprises.45.1.6.5.3.10.1.1.1.18.0.22.203.137.107.80 = INTEGER: 1 SNMPv2-SMI::enterprises.45.1.6.5.3.10.1.2.1.18.0.22.203.137.107.80 = INTEGER: 18 SNMPv2-SMI::enterprises.45.1.6.5.3.10.1.3.1.18.0.22.203.137.107.80 = Hex-STRING: 00 16 CB 89 6B 50 SNMPv2-SMI::enterprises.45.1.6.5.3.10.1.4.1.18.0.22.203.137.107.80 = INTEGER: 1 SNMPv2-SMI::enterprises.45.1.6.5.3.10.1.5.1.18.0.22.203.137.107.80 = INTEGER: 1 SNMPv2-SMI::enterprises.45.1.6.5.3.10.1.6.1.18.0.22.203.137.107.80 = INTEGER: 0 SNMPv2-SMI::enterprises.45.1.6.5.3.10.1.7.1.18.0.22.203.137.107.80 = INTEGER: 1 SNMPv2-SMI::enterprises.45.1.6.5.3.10.1.8.1.18.0.22.203.137.107.80 = INTEGER: 0 After looking at Nortel.pm it appears that the actual error is around line 523, if the table is empty then the get_request FAILS. To verify, I just deleted the entry via ESM6.3 and now get 'No Such Object available on this agent at this OID' when I snmpwalk that OID. Adding the entry back results in the above snmpwalk.

(0001898) ryacketta (reporter) 2011-03-03 14:12	I got Port-Security to work by updating the return in isPortSecurityEnabled to return ( defined($s5SbsSecurityStatus) && $s5SbsSecurityStatus == 1 && defined($s5SbsSecurityAction) && ( $s5SbsSecurityAction == 6 \|\| $s5SbsSecurityAction == 2 ) && ( ( !defined($s5SbsCurrentPortSecurStatus) ) \|\| ( $s5SbsCurrentPortSecurStatus eq "noSuchInstance") \|\| ( $s5SbsCurrentPortSecurStatus >= 2 ) ) );

(0001905) ryacketta (reporter) 2011-03-09 08:58	Gents, Just checking in to see how things are going, know your caught up with paying support etc. Also noticed another issue with VoIP and the 470's, tossed info to the mailing list will gen another ticket for tracking. -Ron

(0001922) obilodeau (reporter) 2011-03-14 17:31	Hi Ron, I'm a bit confused by this long trail of attempts. Also, the isPortSecurityEnabled fix isn't going to cut it because doing an OR on "noSuchInstance" would just make the call return true no matter if port-security is enabled or not. - The Nortel code changed between 2.0.x and 2.1.0, did you upgrade? - Does the 'Security->AuthConfig' trick you did to make the OID appear an acceptable fix? Do you think its a problem with our documentation, with Nortel's switches or with our code? - Why are you working with trunk ports? PacketFence usually tries to avoid touching trunk ports so it could have been the issue in the first place. If it's not fixed, can we start over with 2.1.0 and provide me the concise log of a fresh connection. Thanks for your patience!

(0001925) ryacketta (reporter) 2011-03-15 08:28 edited on: 2011-03-15 08:41	- The Nortel code changed between 2.0.x and 2.1.0, did you upgrade? Yes, upgraded : packetfence-2.1.0-1.el5 - Does the 'Security->AuthConfig' trick you did to make the OID appear an acceptable fix? Do you think its a problem with our documentation, with Nortel's switches or with our code? The AAuthConfig trick still works, without an entry I get the no OID response. Currently thinking it is a Nortel issue, but I am n Network Engineer. - Why are you working with trunk ports? PacketFence usually tries to avoid touching trunk ports so it could have been the issue in the first place. My assumption was to have two devices on a single port with the port being trunked. Currently trying to setup a lab as such laptop -> VoIP-phone -> switch port. Normal vlan is 11 and VoIP lan is 5.

(0001926) ryacketta (reporter) 2011-03-15 08:41	Did a re-install of PF as well as a re-configure of the switch. Mar 15 08:38:09 pfsetvlan(1) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Mar 15 08:38:10 pfsetvlan(1) INFO: down trap received on <IP> ifIndex 12 (main::handleTrap) Mar 15 08:38:10 pfsetvlan(1) WARN: unable to fetch first board index. Will assume it's 1 (pf::SNMP::Nortel::getFirstBoardIndex) Mar 15 08:38:10 pfsetvlan(1) INFO: setting <IP> port 12 to MAC detection VLAN (main::handleTrap) Mar 15 08:38:10 pfsetvlan(1) INFO: Should set <IP> ifIndex 12 to VLAN 102 but it is already in this VLAN -> Do nothing (pf::SNMP::setVlan) Mar 15 08:38:10 pfsetvlan(1) INFO: finished (main::cleanupAfterThread) Mar 15 08:38:11 pfsetvlan(21) WARN: unable to fetch first board index. Will assume it's 1 (pf::SNMP::Nortel::getFirstBoardIndex) Mar 15 08:38:11 pfsetvlan(21) WARN: unable to fetch first board index. Will assume it's 1 (pf::SNMP::Nortel::getFirstBoardIndex) Mar 15 08:38:11 pfsetvlan(21) INFO: secureMacAddrViolation trap on <IP> ifIndex 12. Port Security is no longer configured on the port. Flush the trap (main::signalHandlerTrapListQueued) Mar 15 08:38:13 pfsetvlan(3) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Mar 15 08:38:13 pfsetvlan(3) INFO: up trap received on <IP> ifIndex 12 (main::handleTrap) Mar 15 08:38:13 pfsetvlan(3) WARN: unable to fetch first board index. Will assume it's 1 (pf::SNMP::Nortel::getFirstBoardIndex) Mar 15 08:38:13 pfsetvlan(3) INFO: setting <IP> port 12 to MAC detection VLAN (main::handleTrap) Mar 15 08:38:13 pfsetvlan(3) INFO: Should set <IP> ifIndex 12 to VLAN 102 but it is already in this VLAN -> Do nothing (pf::SNMP::setVlan) Argument "noSuchInstance" isn't numeric in numeric ge (>=) at /usr/local/pf/lib/pf/SNMP/Nortel.pm line 568 (0000001) (W numeric) The indicated string was fed as an argument to an operator that expected a numeric value instead. If you're fortunate the message will identify which operator was so unfortunate. Mar 15 08:38:14 pfsetvlan(3) INFO: MAC: 00:16:cb:89:6b:50 is of status unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan) Mar 15 08:38:14 pfsetvlan(3) INFO: Should set <IP> ifIndex 12 to VLAN 102 but it is already in this VLAN -> Do nothing (pf::SNMP::setVlan) Mar 15 08:38:14 pfsetvlan(3) INFO: finished (main::cleanupAfterThread) Mar 15 08:38:21 pfsetvlan(23) INFO: ignoring unknown trap: 2011-03-15\|12:38:19\|UDP: [<IP>]:1024\|<IP>\|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .1 END SUBTYPE BEGIN VARIABLEBINDINGS END VARIABLEBINDINGS (main::parseTrap)

(0001949) obilodeau (reporter) 2011-03-18 11:08	I think I've fixed the problem. There was a problem with the firstBoardIndex detection code (always returning 1 instead of doing its job) and improved error validation in isPortSecurityEnabled() which should get rid of the 'noSuchInstance' problems. Can you replace your /usr/local/pf/lib/pf/SNMP/Nortel.pm module with the one attached to this bug? Thanks

(0001953) ryacketta (reporter) 2011-03-18 11:34	Fix has resolved the noSuchInstance error: Mar 18 11:25:51 pfsetvlan(23) WARN: unable to fetch first board index. Will assume it's 1 (pf::SNMP::Nortel::getFirstBoardIndex) Mar 18 11:25:51 pfsetvlan(1) INFO: nb of items in queue: 2; nb of threads running: 0 (main::startTrapHandlers) Mar 18 11:25:51 pfsetvlan(2) INFO: nb of items in queue: 1; nb of threads running: 1 (main::startTrapHandlers) Mar 18 11:25:51 pfsetvlan(1) INFO: up trap received on 137.143.212.20 ifIndex 14 (main::handleTrap) Mar 18 11:25:51 pfsetvlan(1) INFO: security traps are configured on this switch port. Stopping UP trap handling here (main::handleTrap) Mar 18 11:25:51 pfsetvlan(1) INFO: finished (main::cleanupAfterThread) Mar 18 11:25:51 pfsetvlan(3) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers) Mar 18 11:25:51 pfsetvlan(3) INFO: secureMacAddrViolation trap received on 137.143.212.20 ifIndex 14 for 00:16:cb:89:6b:50 (main::handleTrap) Mar 18 11:25:51 pfsetvlan(3) INFO: node 00:16:cb:89:6b:50 does not yet exist in PF database. Adding it now (main::node_update_PF) Mar 18 11:25:51 pfsetvlan(3) WARN: unable to fetch first board index. Will assume it's 1 (pf::SNMP::Nortel::getFirstBoardIndex) Mar 18 11:25:51 pfsetvlan(3) WARN: unable to fetch first board index. Will assume it's 1 (pf::SNMP::Nortel::getFirstBoardIndex) Mar 18 11:25:51 pfsetvlan(3) INFO: MAC: 00:16:cb:89:6b:50 is of status unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan) Mar 18 11:25:51 pfsetvlan(3) INFO: authorizing 00:16:cb:89:6b:50 at new location 137.143.212.20 ifIndex 14 (main::handleTrap) Mar 18 11:25:51 pfsetvlan(3) WARN: unable to fetch first board index. Will assume it's 1 (pf::SNMP::Nortel::getFirstBoardIndex) Mar 18 11:25:52 pfsetvlan(3) INFO: setting VLAN at 137.143.212.20 ifIndex 14 from 1 to 102 (pf::SNMP::setVlan) Mar 18 11:25:52 pfsetvlan(3) INFO: finished (main::cleanupAfterThread) Mar 18 11:25:57 pfdhcplistener(5902) INFO: 00:16:cb:89:6b:50 requested an IP. DHCP Fingerprint: OS::200 (Mac OS X). Modifying node with last_dhcp = 2011-03-18 11:25:57,dhcp_fingerprint = 1,3,6,15,119,95,252,44,46,47 (main::listen_dhcp) Mar 18 11:25:58 pfdhcplistener(5902) INFO: DHCPOFFER from 10.102.1.254 (52:54:00:cf:9a:c2) to host 00:16:cb:89:6b:50 (10.102.1.200) (main::listen_dhcp) Mar 18 11:25:59 pfdhcplistener(5902) INFO: DHCPREQUEST from 00:16:cb:89:6b:50 (10.102.1.200) (main::listen_dhcp) Mar 18 11:25:59 pfdhcplistener(5902) INFO: could not resolve 10.102.1.200 to mac in ARP table (pf::iplog::ip2macinarp) Mar 18 11:26:01 pfdhcplistener(5902) INFO: resolved 10.102.1.200 to mac (00:16:cb:89:6b:50) in ARP table (pf::iplog::ip2macinarp) Mar 18 11:26:01 pfdhcplistener(5902) INFO: 00:16:cb:89:6b:50 requested an IP. DHCP Fingerprint: OS::200 (Mac OS X). Modifying node with last_dhcp = 2011-03-18 11:26:01,dhcp_fingerprint = 1,3,6,15,119,95,252,44,46,47 (main::listen_dhcp) Mar 18 11:26:01 pfdhcplistener(5902) INFO: DHCPACK from 10.102.1.254 (52:54:00:cf:9a:c2) to host 00:16:cb:89:6b:50 (10.102.1.200) (main::listen_dhcp) Mar 18 11:26:33 pfsetvlan(22) INFO: ignoring unknown trap: 2011-03-18\|15:26:30\|UDP: [137.143.212.20]:1024\|137.143.212.20\|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .1 END SUBTYPE BEGIN VARIABLEBINDINGS END VARIABLEBINDINGS (main::parseTrap)

(0001954) obilodeau (reporter) 2011-03-18 11:38	the node has been added, authorized and the VLAN appropriately set, can I mark this bug as resolved?

(0001959) ryacketta (reporter) 2011-03-18 13:14	Yes, everything is working for non VoIP connections.

Issue History
Date Modified	Username	Field	Change
2011-02-11 16:40	ryacketta	New Issue
2011-02-11 16:47	ryacketta	Note Added: 0001860
2011-02-15 11:29	obilodeau	Status	new => assigned
2011-02-15 11:29	obilodeau	Assigned To	=> obilodeau
2011-02-15 11:44	obilodeau	Note Added: 0001865
2011-02-15 11:44	obilodeau	Status	assigned => feedback
2011-02-15 14:11	ryacketta	Note Added: 0001868
2011-02-16 10:10	obilodeau	Note Added: 0001869
2011-03-02 13:51	ryacketta	Note Added: 0001891
2011-03-02 14:09	ryacketta	Note Added: 0001892
2011-03-02 14:10	ryacketta	Note Edited: 0001891
2011-03-02 14:20	ryacketta	Note Added: 0001893
2011-03-02 14:25	ryacketta	Note Edited: 0001892
2011-03-02 14:44	ryacketta	Note Added: 0001894
2011-03-02 14:44	ryacketta	Note Edited: 0001893
2011-03-02 14:44	ryacketta	Note Edited: 0001894
2011-03-02 14:46	ryacketta	Note Edited: 0001891
2011-03-02 17:36	ryacketta	Note Added: 0001895
2011-03-03 09:38	ryacketta	Note Added: 0001896
2011-03-03 10:29	ryacketta	Note Added: 0001897
2011-03-03 10:32	ryacketta	Note Edited: 0001897
2011-03-03 14:12	ryacketta	Note Added: 0001898
2011-03-09 08:58	ryacketta	Note Added: 0001905
2011-03-14 17:31	obilodeau	Note Added: 0001922
2011-03-14 17:31	obilodeau	Target Version	=> +1
2011-03-15 08:28	ryacketta	Note Added: 0001925
2011-03-15 08:41	ryacketta	Note Added: 0001926
2011-03-15 08:41	ryacketta	Note Edited: 0001925
2011-03-18 09:33	obilodeau	Relationship added	has duplicate 0001195
2011-03-18 11:06	obilodeau	File Added: Nortel.pm
2011-03-18 11:08	obilodeau	Note Added: 0001949
2011-03-18 11:34	ryacketta	Note Added: 0001953
2011-03-18 11:38	obilodeau	Note Added: 0001954
2011-03-18 11:38	obilodeau	Relationship deleted	has duplicate 0001195
2011-03-18 13:14	ryacketta	Note Added: 0001959
2011-03-18 14:22	obilodeau	mtn revision	=> 9383cc837db8b1949158d40cafad4c0dcbd26f2e
2011-03-18 14:22	obilodeau	Status	feedback => resolved
2011-03-18 14:22	obilodeau	Fixed in Version	=> +1
2011-03-18 14:22	obilodeau	Resolution	open => fixed
2011-03-18 14:36	obilodeau	Summary	pfsetVlan Use of uninitialized value => Nortel regressions
2011-05-04 11:32	obilodeau	Fixed in Version	+1 => 2.2.0
2011-05-04 11:40	obilodeau	Status	resolved => closed
2011-10-25 09:01	obilodeau	Target Version	+1 => 2.2.0

Relationships