PacketFence - BTS - PacketFence
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0001587PacketFencehardware modulespublic2012-10-25 17:152015-02-18 10:59
Reportermuhlig 
Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionopen 
PlatformOSOS Version
Product Version3.5.1 
Target VersioninvestigateFixed in Version 
fixed in git revision
fixed in mtn revision
Summary0001587: HP switch software upgrade renders PacketFence unusable - noSuchObject
DescriptionPacketFence works correctly with HP 2620 RA_15_05_0006.swi software. Software upgrade done to the newest RA_15_08_0009.swi. Then PacketFence doesn't work at all. Traps are flushed. See "Additional Information" for the log. Any MIB browser, looking for OID .1.3.6.1.4.1.11.2.14.2.10.3.1.6.1.8 returns '2' in case of old software; however in case of new software it returns 'No Such Object'.
Steps To Reproduce
Additional InformationOct 24 10:20:01 pfsetvlan(25) INFO: ignoring unknown trap: 2012-10-24|10:19:59|UDP: [x.y.z.228]:161->[x.y.z.229]|x.y.z.228|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .2 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.16.9.1.1.2.150 = STRING: "I 10/24/12 12:20:34 00150 update: Secondary Image updated via network tftp" END VARIABLEBINDINGS (main::parseTrap)
Oct 24 10:22:19 pfsetvlan(22) INFO: ignoring unknown trap: 2012-10-24|10:22:16|UDP: [x.y.z.228]:161->[x.y.z.229]|x.y.z.228|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .5 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.4.1.11.2.14.11.1.7.2.1.4.71 = INTEGER: 12|.1.3.6.1.4.1.11.2.14.11.1.7.2.1.5.71 = INTEGER: 2|.1.3.6.1.4.1.11.2.14.11.1.7.2.1.6.71 = INTEGER: 2|.1.3.6.1.4.1.11.2.14.11.1.7.3.0.71 = STRING: "http://x.y.z.228/cgi/fDetail?index=71"|.1.3.6.1.4.1.11.2.14.11.1.7.2.1.3.71 [^] = INTEGER: 8 END VARIABLEBINDINGS (main::parseTrap)
Oct 24 10:22:19 pfsetvlan(6) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers)
Oct 24 10:22:19 pfsetvlan(6) INFO: secureMacAddrViolation trap received on x.y.z.228 ifIndex 8 for 00:24:8c:96:6f:f1 (main::handleTrap)
Oct 24 10:22:19 pfsetvlan(6) INFO: authorizing 00:24:8c:96:6f:f1 (old entry 00:17:08:44:57:b1) at new location x.y.z.228 ifIndex 8 (main::handleTrap)
Oct 24 10:22:19 pfsetvlan(6) INFO: MAC: 00:24:8c:96:6f:f1, PID: user@domain, Status: reg. Returned VLAN: 1 (pf::vlan::fetchVlanForNode)
Oct 24 10:22:20 pfsetvlan(6) INFO: finished (main::cleanupAfterThread)
Oct 24 10:24:07 pfsetvlan(22) INFO: ignoring unknown trap: 2012-10-24|10:24:04|UDP: [x.y.z.228]:161->[x.y.z.229]|x.y.z.228|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS END VARIABLEBINDINGS (main::parseTrap)
Oct 24 10:24:15 pfsetvlan(21) INFO: ignoring unknown trap: 2012-10-24|10:24:12|UDP: [x.y.z.228]:161->[x.y.z.229]|x.y.z.228|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .2 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.16.9.1.1.2.3362 = STRING: "W 01/01/90 00:00:51 03362 auth: User 'admin' login from x.y.z.153" END VARIABLEBINDINGS (main::parseTrap)
Oct 24 10:24:49 pfsetvlan(23) INFO: ignoring unknown trap: 2012-10-24|10:24:46|UDP: [x.y.z.228]:161->[x.y.z.229]|x.y.z.228|BEGIN TYPE 6 END TYPE BEGIN SUBTYPE .5 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.4.1.11.2.14.11.1.7.2.1.4.1 = INTEGER: 12|.1.3.6.1.4.1.11.2.14.11.1.7.2.1.5.1 = INTEGER: 2|.1.3.6.1.4.1.11.2.14.11.1.7.2.1.6.1 = INTEGER: 2|.1.3.6.1.4.1.11.2.14.11.1.7.3.0.1 = STRING: "http://x.y.z.228/cgi/fDetail?index=1"|.1.3.6.1.4.1.11.2.14.11.1.7.2.1.3.1 [^] = INTEGER: 8 END VARIABLEBINDINGS (main::parseTrap)
Argument "noSuchObject" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/HP.pm line 441.
Oct 24 10:24:50 pfsetvlan(25) INFO: secureMacAddrViolation trap on x.y.z.228 ifIndex 8. Port Security is no longer configured on the port. Flush the trap (main::signalHandlerTrapListQueued)
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2012-10-25 17:15muhligNew Issue
2012-10-26 10:07fgaudreaultTarget Version => investigate
2012-10-26 10:08fgaudreaultNote Added: 0003247
2012-10-27 02:39muhligNote Added: 0003254
2012-10-29 03:09muhligNote Added: 0003255
2012-10-29 08:29fgaudreaultNote Added: 0003256
2012-10-29 10:03muhligNote Added: 0003257
2012-10-30 14:55fgaudreaultNote Added: 0003266
2012-11-23 13:50muhligNote Added: 0003282
2015-02-18 10:59lmunroNote Added: 0003925
2015-02-18 10:59lmunroStatusnew => closed

Notes
(0003247)
fgaudreault   
2012-10-26 10:08   
Hi,

Since we do not have access to any 2620 switch, you will have to help us resolving this. Did you already check in the newer version MIB what is the new OID?
(0003254)
muhlig   
2012-10-27 02:39   
Actually I'm not sure what's going here so I'll describe my findings. I have two switches. sw227 runs old firmware, sw228 runs the new one. And now:

mon ~ # snmpget -v2c -c xxx sw227 1.3.6.1.4.1.11.2.14.2.10.3.1.6.1.8
iso.3.6.1.4.1.11.2.14.2.10.3.1.6.1.8 = INTEGER: 2
mon ~ # snmpget -v2c -c xxx sw228 1.3.6.1.4.1.11.2.14.2.10.3.1.6.1.8
iso.3.6.1.4.1.11.2.14.2.10.3.1.6.1.8 = No Such Object available on this agent at this OID

There are many more objects on sw227 than on sw228:

mon ~ # snmpwalk -v2c -c xxx sw227 1.3.6.1.4.1.11.2.14.2.10|wc -l
431
mon ~ # snmpwalk -v2c -c xxx sw228 1.3.6.1.4.1.11.2.14.2.10|wc -l
144

AFAICS '1.3.6.1.4.1.11.2.14.2.10.3.1.6' object is a part of HP-ICF-GENERIC-RPTR MIB [1]. HP MIBs for 2620 switch are available for download from [2]. The file contains hpicfOid.mib file. In the hpicfOid.mib file there is a reference to hpicfGenRptrMib object module. However hpicfGenRptr.mib file IS MISSING from the HP MIB archive.

It's not possible to find the new OID in the HP MIB archive.

Do you think it's HP fault and their newest software simply doesn't contain some SNMP objects, among them the objects you investigate in PacketFence? Should I contact HP support to resolve this issue?

[1] http://www.oidview.com/mibs/11/HP-ICF-GENERIC-RPTR.html [^]
[2] https://h10145.www1.hp.com/Downloads/DownloadSoftware.aspx?SoftwareReleaseUId=9474&ProductNumber=J9626A&lang=pl%2cpl&cc=pl%2cpl&prodSeriesId=5171622&SerialNumber=&PurchaseDate= [^]
(0003255)
muhlig   
2012-10-29 03:09   
I've found the HP 2620 switch works correctly with RA_15_06_0019.swi which is the last firmware from 15.06 release. RA_15_08_0009.swi doesn't work, as reported above.
(0003256)
fgaudreault   
2012-10-29 08:29   
Looks like a Vendor issue, or they just changed the location of the port-security stuff elsewhere in the MIB.

The "lazy" fixes for now would be either :
- Stay on 15.06
- Use RADIUS Mac Authentication

I think on our side we can definitely contact the vendor.
(0003257)
muhlig   
2012-10-29 10:03   
OK, the ball is in your court, thank you :-)
(0003266)
fgaudreault   
2012-10-30 14:55   
Ok, well I may need to return the ball to you :S Looks like I cannot open a ticket with HP since I don't have any support contract. If you have one, I believe you will have to open the ticket with them, and add me as a participant if needed.
(0003282)
muhlig   
2012-11-23 13:50   
I contacted HP support and the issue is solved. They wrote: "HP-ICF-GENERIC-RPTR MIB indeed was disabled a while ago. However it's been re-enabled in RA.15.09.0007". HP support has given me RA.15.09.0009 which works OK (at least if port security is taken into account).

BTW the same issue touches 2910 switch software. MIB object in case is missing from W.15.08.0012, but it is present in W.15.08.0014.

Facing this problem please contact HP support because good software is not yet available from HP web page (at least at the moment).
(0003925)
lmunro   
2015-02-18 10:59   
Obsolete bug tracker entries.
PF 4 introduced changes that either make these irrelevant or impossible to reproduce.

New issues are moving to github issues.