PacketFence
Bug Tracking System
Main | My View | View Issues | Change Log | Roadmap
  

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001587PacketFencehardware modulespublic2012-10-25 17:152015-02-18 10:59
Reportermuhlig 
Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionopen 
PlatformOSOS Version
Product Version3.5.1 
Target VersioninvestigateFixed in Version 
Summary0001587: HP switch software upgrade renders PacketFence unusable - noSuchObject
DescriptionPacketFence works correctly with HP 2620 RA_15_05_0006.swi software. Software upgrade done to the newest RA_15_08_0009.swi. Then PacketFence doesn't work at all. Traps are flushed. See "Additional Information" for the log. Any MIB browser, looking for OID .1.3.6.1.4.1.11.2.14.2.10.3.1.6.1.8 returns '2' in case of old software; however in case of new software it returns 'No Such Object'.
Additional InformationOct 24 10:20:01 pfsetvlan(25) INFO: ignoring unknown trap: 2012-10-24|10:19:59|UDP: [x.y.z.228]:161->[x.y.z.229]|x.y.z.228|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .2 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.16.9.1.1.2.150 = STRING: "I 10/24/12 12:20:34 00150 update: Secondary Image updated via network tftp" END VARIABLEBINDINGS (main::parseTrap)
Oct 24 10:22:19 pfsetvlan(22) INFO: ignoring unknown trap: 2012-10-24|10:22:16|UDP: [x.y.z.228]:161->[x.y.z.229]|x.y.z.228|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .5 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.4.1.11.2.14.11.1.7.2.1.4.71 = INTEGER: 12|.1.3.6.1.4.1.11.2.14.11.1.7.2.1.5.71 = INTEGER: 2|.1.3.6.1.4.1.11.2.14.11.1.7.2.1.6.71 = INTEGER: 2|.1.3.6.1.4.1.11.2.14.11.1.7.3.0.71 = STRING: "http://x.y.z.228/cgi/fDetail?index=71"|.1.3.6.1.4.1.11.2.14.11.1.7.2.1.3.71 [^] = INTEGER: 8 END VARIABLEBINDINGS (main::parseTrap)
Oct 24 10:22:19 pfsetvlan(6) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers)
Oct 24 10:22:19 pfsetvlan(6) INFO: secureMacAddrViolation trap received on x.y.z.228 ifIndex 8 for 00:24:8c:96:6f:f1 (main::handleTrap)
Oct 24 10:22:19 pfsetvlan(6) INFO: authorizing 00:24:8c:96:6f:f1 (old entry 00:17:08:44:57:b1) at new location x.y.z.228 ifIndex 8 (main::handleTrap)
Oct 24 10:22:19 pfsetvlan(6) INFO: MAC: 00:24:8c:96:6f:f1, PID: user@domain, Status: reg. Returned VLAN: 1 (pf::vlan::fetchVlanForNode)
Oct 24 10:22:20 pfsetvlan(6) INFO: finished (main::cleanupAfterThread)
Oct 24 10:24:07 pfsetvlan(22) INFO: ignoring unknown trap: 2012-10-24|10:24:04|UDP: [x.y.z.228]:161->[x.y.z.229]|x.y.z.228|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS END VARIABLEBINDINGS (main::parseTrap)
Oct 24 10:24:15 pfsetvlan(21) INFO: ignoring unknown trap: 2012-10-24|10:24:12|UDP: [x.y.z.228]:161->[x.y.z.229]|x.y.z.228|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .2 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.16.9.1.1.2.3362 = STRING: "W 01/01/90 00:00:51 03362 auth: User 'admin' login from x.y.z.153" END VARIABLEBINDINGS (main::parseTrap)
Oct 24 10:24:49 pfsetvlan(23) INFO: ignoring unknown trap: 2012-10-24|10:24:46|UDP: [x.y.z.228]:161->[x.y.z.229]|x.y.z.228|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .5 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.4.1.11.2.14.11.1.7.2.1.4.1 = INTEGER: 12|.1.3.6.1.4.1.11.2.14.11.1.7.2.1.5.1 = INTEGER: 2|.1.3.6.1.4.1.11.2.14.11.1.7.2.1.6.1 = INTEGER: 2|.1.3.6.1.4.1.11.2.14.11.1.7.3.0.1 = STRING: "http://x.y.z.228/cgi/fDetail?index=1"|.1.3.6.1.4.1.11.2.14.11.1.7.2.1.3.1 [^] = INTEGER: 8 END VARIABLEBINDINGS (main::parseTrap)
Argument "noSuchObject" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/HP.pm line 441.
Oct 24 10:24:50 pfsetvlan(25) INFO: secureMacAddrViolation trap on x.y.z.228 ifIndex 8. Port Security is no longer configured on the port. Flush the trap (main::signalHandlerTrapListQueued)
TagsNo tags attached.
fixed in git revision
fixed in mtn revision
Attached Files

- Relationships

-  Notes
(0003247)
fgaudreault (viewer)
2012-10-26 10:08

 Hi,

Since we do not have access to any 2620 switch, you will have to help us resolving this. Did you already check in the newer version MIB what is the new OID?
(0003254)
muhlig (reporter)
2012-10-27 02:39

 Actually I'm not sure what's going here so I'll describe my findings. I have two switches. sw227 runs old firmware, sw228 runs the new one. And now:

mon ~ # snmpget -v2c -c xxx sw227 1.3.6.1.4.1.11.2.14.2.10.3.1.6.1.8
iso.3.6.1.4.1.11.2.14.2.10.3.1.6.1.8 = INTEGER: 2
mon ~ # snmpget -v2c -c xxx sw228 1.3.6.1.4.1.11.2.14.2.10.3.1.6.1.8
iso.3.6.1.4.1.11.2.14.2.10.3.1.6.1.8 = No Such Object available on this agent at this OID

There are many more objects on sw227 than on sw228:

mon ~ # snmpwalk -v2c -c xxx sw227 1.3.6.1.4.1.11.2.14.2.10|wc -l
431
mon ~ # snmpwalk -v2c -c xxx sw228 1.3.6.1.4.1.11.2.14.2.10|wc -l
144

AFAICS '1.3.6.1.4.1.11.2.14.2.10.3.1.6' object is a part of HP-ICF-GENERIC-RPTR MIB [1]. HP MIBs for 2620 switch are available for download from [2]. The file contains hpicfOid.mib file. In the hpicfOid.mib file there is a reference to hpicfGenRptrMib object module. However hpicfGenRptr.mib file IS MISSING from the HP MIB archive.

It's not possible to find the new OID in the HP MIB archive.

Do you think it's HP fault and their newest software simply doesn't contain some SNMP objects, among them the objects you investigate in PacketFence? Should I contact HP support to resolve this issue?

[1] http://www.oidview.com/mibs/11/HP-ICF-GENERIC-RPTR.html [^]
[2] https://h10145.www1.hp.com/Downloads/DownloadSoftware.aspx?SoftwareReleaseUId=9474&ProductNumber=J9626A&lang=pl%2cpl&cc=pl%2cpl&prodSeriesId=5171622&SerialNumber=&PurchaseDate= [^]
(0003255)
muhlig (reporter)
2012-10-29 03:09

 I've found the HP 2620 switch works correctly with RA_15_06_0019.swi which is the last firmware from 15.06 release. RA_15_08_0009.swi doesn't work, as reported above.
(0003256)
fgaudreault (viewer)
2012-10-29 08:29

 Looks like a Vendor issue, or they just changed the location of the port-security stuff elsewhere in the MIB.

The "lazy" fixes for now would be either :
- Stay on 15.06
- Use RADIUS Mac Authentication

I think on our side we can definitely contact the vendor.
(0003257)
muhlig (reporter)
2012-10-29 10:03

 OK, the ball is in your court, thank you :-)
(0003266)
fgaudreault (viewer)
2012-10-30 14:55

 Ok, well I may need to return the ball to you :S Looks like I cannot open a ticket with HP since I don't have any support contract. If you have one, I believe you will have to open the ticket with them, and add me as a participant if needed.
(0003282)
muhlig (reporter)
2012-11-23 13:50

 I contacted HP support and the issue is solved. They wrote: "HP-ICF-GENERIC-RPTR MIB indeed was disabled a while ago. However it's been re-enabled in RA.15.09.0007". HP support has given me RA.15.09.0009 which works OK (at least if port security is taken into account).

BTW the same issue touches 2910 switch software. MIB object in case is missing from W.15.08.0012, but it is present in W.15.08.0014.

Facing this problem please contact HP support because good software is not yet available from HP web page (at least at the moment).
(0003925)
lmunro (administrator)
2015-02-18 10:59

 Obsolete bug tracker entries.
PF 4 introduced changes that either make these irrelevant or impossible to reproduce.

New issues are moving to github issues.

- Issue History
Date Modified Username Field Change
2012-10-25 17:15 muhlig New Issue
2012-10-26 10:07 fgaudreault Target Version => investigate
2012-10-26 10:08 fgaudreault Note Added: 0003247
2012-10-27 02:39 muhlig Note Added: 0003254
2012-10-29 03:09 muhlig Note Added: 0003255
2012-10-29 08:29 fgaudreault Note Added: 0003256
2012-10-29 10:03 muhlig Note Added: 0003257
2012-10-30 14:55 fgaudreault Note Added: 0003266
2012-11-23 13:50 muhlig Note Added: 0003282
2015-02-18 10:59 lmunro Note Added: 0003925
2015-02-18 10:59 lmunro Status new => closed

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker