PacketFence - BTS - PacketFence
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0001766PacketFencehardware modulespublic2014-02-05 20:252014-07-25 10:53
Reporteraj14 
Assigned To 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformLinuxOSRHEL / CentOSOS Version5
Product Version4.0.3 
Target VersionFixed in Version 
fixed in git revision
fixed in mtn revision
Summary0001766: PacketFence cannot receive SNMP traps from D-link DES3526 Switch
DescriptionBefore deploying PF to our network, we are testing its functionality with the switches that we have.

So far so good, but when it comes to the D-Link DES3526, we have had no luck. When I look into the module itself, it is basically a container for the main Dlink.pm.

Basically, nothing happens on the switch when we connect a host authorized or unauthorized to it. When looking at the packetfence log, it seems as if PF is not understanding the trap coming from the switch ("trap currently not hadled").

I have attached an excerpt of packetfence.log. You can see that the trap contains the MAC address of the machine that is being connected to the switch. I have also attached the switch configuration. Firmware is 5.00-B27.
Steps To ReproduceConnect a machine to a port in the switch configured to send traps.
Additional Informationpacketfence.log entries:

Feb 04 16:56:08 pfsetvlan(25) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)
Feb 04 16:56:08 pfsetvlan(25) INFO: ignoring unknown trap: 2014-02-04|00:56:06|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1248956) 3:28:09.56|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 04 16:56:08 pfmon(1) INFO: running expire check (main::cleanup)
Feb 04 16:56:08 pfmon(1) INFO: checking registered nodes for expiration (main::cleanup)
Feb 04 16:56:08 pfmon(1) INFO: checking violations for expiration (main::cleanup)
Feb 04 16:56:08 pfmon(1) INFO: checking accounting data for potential bandwidth abuse (main::cleanup)
Feb 04 16:56:08 pfmon(1) INFO: getting violations triggers for accounting cleanup (pf::accounting::acct_maintenance)
Feb 04 16:56:08 pfmon(1) INFO: Calling node acct maintenance total with monthly and 1 for 21474836480 (pf::accounting::acct_maintenance)
Feb 04 16:56:08 pfsetvlan(23) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)
Feb 04 16:56:08 pfsetvlan(23) INFO: ignoring unknown trap: 2014-02-04|00:56:07|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1249056) 3:28:10.56|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 04 16:56:08 pfsetvlan(24) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)
Feb 04 16:56:08 pfsetvlan(24) INFO: ignoring unknown trap: 2014-02-04|00:56:08|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1249157) 3:28:11.57|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 04 16:56:11 pfsetvlan(22) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)
Feb 04 16:56:11 pfsetvlan(22) INFO: ignoring unknown trap: 2014-02-04|00:56:09|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (1249256) 3:28:12.56|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 04 16:56:11 pfsetvlan(21) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)



Switch entry in switches.conf:
[10.100.6.32]
mode=production
SNMPCommunityRead=frydmwrt
SNMPCommunityWrite=frydmwrt
SNMPVersionTrap=2c
type=Dlink::DES_3526
VoIPEnabled=N
SNMPVersion=2c
uplink=26
SNMPCommunityTrap=frydmwrt
SNMPEngineID=800000ab03001cf09d649a

Tagssnmp
Relationships
Attached Files? des-3526-config (8,410) 2014-02-05 20:25
https://www.packetfence.org/bugs/file_download.php?file_id=198&type=bug
? Dlink-aj14.pm (7,895) 2014-02-28 11:13
https://www.packetfence.org/bugs/file_download.php?file_id=201&type=bug
? Dlink.pm (7,879) 2014-04-23 14:34
https://www.packetfence.org/bugs/file_download.php?file_id=206&type=bug
Issue History
Date ModifiedUsernameFieldChange
2014-02-05 20:25aj14New Issue
2014-02-05 20:25aj14File Added: des-3526-config
2014-02-05 20:26aj14Tag Attached: snmp
2014-02-06 09:49fdurandNote Added: 0003500
2014-02-06 15:56aj14Note Added: 0003501
2014-02-06 16:10fdurandNote Added: 0003502
2014-02-19 23:13aj14Note Added: 0003508
2014-02-20 21:03aj14Note Added: 0003509
2014-02-28 10:33aj14Note Added: 0003510
2014-02-28 11:11aj14Note Added: 0003511
2014-02-28 11:13aj14File Added: Dlink-aj14.pm
2014-04-23 14:34ah27Note Added: 0003530
2014-04-23 14:34ah27File Added: Dlink.pm
2014-04-25 13:53lmunroNote Added: 0003531
2014-07-25 10:52lmunroNote Added: 0003571
2014-07-25 10:53lmunroStatusnew => resolved
2014-07-25 10:53lmunroResolutionopen => fixed

Notes
(0003500)
fdurand   
2014-02-06 09:49   
Hello,
let check in the Dlink.pm module, it look like the format of the trap has changed.

Change that to match your trap:
/BEGIN VARIABLEBINDINGS [^|]+[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 = OID: \.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.15\.0\.3\|\.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.15\.1 = Hex-STRING: ([0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2})/

Fabrice
(0003501)
aj14   
2014-02-06 15:56   
Fabrice,

I am not sure what is that I need to change. Is it Dlink.pm or something in the switch?

That statement that you wrote in your comment is already on Dlink.pm, line 57

Can you please clarify?

Thanks
Adrian
(0003502)
fdurand   
2014-02-06 16:10   
Adrian,

what i have posted is a regexp that parse the trap your switch send.

So your trap look like:
.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45
So you have to rewrite the regexp in packetfence to match your trap and get the ifindex of the port and the mac address.

Regards
Fabrice
(0003508)
aj14   
2014-02-19 23:13   
Fabrice,

I am not an expert in RegExp. Please verify that the change is correct.

 =~ /BEGIN VARIABLEBINDINGS [^|]+[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 = OID: \.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.15\.2\.0\.2\|\.1\.3\.6\.1\.4\.1\.171\.11\.64\.[12]\.2\.14\.1\.1\.1\.1 = Hex-STRING: ([0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2})/

Why do I have to do this in the first place? Is there a specific firmware supported for the DES-3526? There is not mention of it in the documentation.

Regards
Adrian
(0003509)
aj14   
2014-02-20 21:03   
After making that change and restarting the packetfence service (do I need to do that when I change a module?), it still does not work. I get pretty much the same results:

---
Feb 20 17:56:55 pfsetvlan(23) INFO: ignoring unknown trap: 2014-02-20|01:56:55|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (139852616) 16 days, 4:28:46.16|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 20 17:56:56 pfsetvlan(25) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)
Feb 20 17:56:56 pfsetvlan(25) INFO: ignoring unknown trap: 2014-02-20|01:56:55|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (139852659) 16 days, 4:28:46.59|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 20 17:56:56 pfsetvlan(21) WARN: We have received a trap from switch 10.128.240.44. This switch is UNREGISTERED. Flush the trap (main::parseTrap)
Feb 20 17:56:56 pfsetvlan(22) WARN: We have received a trap from switch 10.128.208.38. This switch is UNREGISTERED. Flush the trap (main::parseTrap)
Feb 20 17:56:57 pfsetvlan(24) DEBUG: trap currently not handled (pf::SNMP::Dlink::parseTrap)
Feb 20 17:56:57 pfsetvlan(24) INFO: ignoring unknown trap: 2014-02-20|01:56:56|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (139852763) 16 days, 4:28:47.63|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Feb 20 17:56:59 pfsetvlan(3) INFO: nb of items in queue: 1; nb of threads running: 0 (main::startTrapHandlers)
Feb 20 17:56:59 pfsetvlan(3) DEBUG: opening SNMP v2c read connection to 10.100.6.32 (pf::SNMP::connectRead)
Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for sysLocation: 1.3.6.1.2.1.1.6.0 (pf::SNMP::connectRead)
Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for ifType: 1.3.6.1.2.1.2.2.1.3.1 (pf::SNMP::getIfType)
Feb 20 17:56:59 pfsetvlan(3) INFO: down trap received on 10.100.6.32 ifIndex 1 (main::handleTrap)
Feb 20 17:56:59 pfsetvlan(3) INFO: setting 10.100.6.32 port 1 to MAC detection VLAN (main::handleTrap)
Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_table for dot1dBasePortIfIndex: 1.3.6.1.2.1.17.1.4.1.2 (pf::SNMP::getDot1dBasePortForThisIfIndex)
Feb 20 17:56:59 pfsetvlan(3) DEBUG: dot1dBasePort corresponding to ifIndex 1 is 1 (pf::SNMP::getDot1dBasePortForThisIfIndex)
Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for dot1qPvid: 1.3.6.1.2.1.17.7.1.4.5.1.1.1 (pf::SNMP::getVlan)
Feb 20 17:56:59 pfsetvlan(3) TRACE: SNMP get_request for dot1qVlanStaticName: 1.3.6.1.2.1.17.7.1.4.3.1.1.4 (pf::SNMP::isDefinedVlan)
Feb 20 17:56:59 pfsetvlan(3) WARN: MAC detection VLAN 4 is not defined on switch 10.100.6.32 -> Do nothing (pf::SNMP::setVlan)
Feb 20 17:56:59 pfsetvlan(3) INFO: finished (main::cleanupAfterThread)
Feb 20 17:56:59 pfsetvlan(3) DEBUG: closing SNMP v2c read connection to 10.100.6.32 (pf::SNMP::disconnectRead)
---

The last entries seem to indicate that some traps do work, but not the one for the MAC address violation.

Regards
Adrian
(0003510)
aj14   
2014-02-28 10:33   
No word on this?

After analyzing the trap closely, this is what is missing from it:

= INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1

Will re-write the regexp accordingly, but the question remains the same, why is it that I need to (so drastically) modify the module.

Regards
Adrian
(0003511)
aj14   
2014-02-28 11:11   
This also was preventing a match:

([0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2}) ([0-9A-Z]{2} [0-9A-Z]{2})

I changed it to this:

([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2})

Now the trap is a match, but I get the following error:

Feb 28 07:55:48 pfsetvlan(22) INFO: ignoring unknown trap: 2014-02-28|15:55:44|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (205364994) 23 days, 18:27:29.94|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: B8 88 E3 DD F9 45 END VARIABLEBINDINGS (main::parseTrap)
Argument "B8 88 E3 DD F9 45" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 62.
Argument "B8 88 E3 DD F9 45" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 64.
Use of uninitialized value in substitution (s///) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 73.
Use of uninitialized value in hex at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 74.

I will upload the current Dlink.pm that I have.

I now need help from you guys.
(0003530)
ah27   
2014-04-23 14:34   
I have reapplied the changes that you originally told Adrian to apply after upgrading our server to 4.1.0

With your version of the fix I get:

Apr 23 11:20:41 pfsetvlan(24) INFO: ignoring unknown trap: 2014-04-23|18:20:38|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (6144888) 17:04:08.88|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: 00 24 BE B1 F6 31 END VARIABLEBINDINGS (main::parseTrap)

With Adrian's I get:

Apr 23 11:27:43 pfsetvlan(21) INFO: ignoring unknown trap: 2014-04-23|18:27:41|UDP: [10.100.6.32]:161->[10.100.16.90]|0.0.0.0|BEGIN TYPE 0 END TYPE BEGIN SUBTYPE 0 END SUBTYPE BEGIN VARIABLEBINDINGS .1.3.6.1.2.1.1.3.0 = Timeticks: (6187149) 17:11:11.49|.1.3.6.1.6.3.1.1.4.1.0 = OID: .1.3.6.1.4.1.171.11.64.1.2.15.2.0.2|.1.3.6.1.4.1.171.11.64.1.2.14.1.1.1.1 = INTEGER: 1|.1.3.6.1.4.1.171.11.64.1.2.15.2.1 = Hex-STRING: 00 24 BE B1 F6 31 END VARIABLEBINDINGS (main::parseTrap)
Argument "00 24 BE B1 F6 31" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 62.
Argument "00 24 BE B1 F6 31" isn't numeric in numeric eq (==) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 64.
Use of uninitialized value in substitution (s///) at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 73.
Use of uninitialized value in hex at /usr/local/pf/lib/pf/SNMP/Dlink.pm line 74

I will also attach the version of the Dlink.pm we now have.
(0003531)
lmunro   
2014-04-25 13:53   
It looks like the format for the dlink traps has changed significantly.
You are probably running a newer version of the firmware than what we tested with.

I can't really fix this without knowing more. It will take a rewrite of the parseTrap function to support the new trap format.
I will need to know what type of traps we are receiving and run a few live tests with someone on your end.
(0003571)
lmunro   
2014-07-25 10:52   
Fixed by new DES_3526 module.