Developers guide
Chapter 5
Copyright © 2008-2013 Inverse inc.
Configuration 19
From PacketFence to a switch
Edit the switch config file (/usr/local/pf/conf/switches.conf) and set the following parameters:
SNMPVersion = 3
SNMPUserNameRead = readUser
SNMPAuthProtocolRead = MD5
SNMPAuthPasswordRead = authpwdread
SNMPPrivProtocolRead = AES
SNMPPrivPasswordRead = privpwdread
SNMPUserNameWrite = writeUser
SNMPAuthProtocolWrite = MD5
SNMPAuthPasswordWrite = authpwdwrite
SNMPPrivProtocolWrite = AES
SNMPPrivPasswordWrite = privpwdwrite
From a switch to PacketFence
Edit the switch config file (/usr/local/pf/conf/switches.conf) and set the following parameters:
SNMPVersionTrap = 3
SNMPUserNameTrap = readUser
SNMPAuthProtocolTrap = MD5
SNMPAuthPasswordTrap = authpwdread
SNMPPrivProtocolTrap = AES
SNMPPrivPasswordTrap = privpwdread
Switch Configuration
Here is a switch configuration example in order to enable SNMP v3 in both directions on a Cisco Switch.
snmp-server engineID local AA5ED139B81D4A328D18ACD1
snmp-server group readGroup v3 priv
snmp-server group writeGroup v3 priv read v1default write v1default
snmp-server user readUser readGroup v3 auth md5 authpwdread priv aes 128
privpwdread
snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite priv aes 128
privpwdwrite
snmp-server enable traps port-security
snmp-server enable traps port-security trap-rate 1
snmp-server host 192.168.0.50 version 3 priv readUser port-security
Command-Line Interface: Telnet and SSH
Warning
Privilege detection is disabled in the current PacketFence version due to some issues
(see #1370). So make sure that the cliUser and cliPwd you provide always get you
into a privileged mode (except for Trapeze hardware).