| Anonymous | Login | 2024-04-25 17:50 EDT |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||||
| 0001153 | PacketFence | hardware modules | public | 2011-01-17 17:18 | 2013-07-11 07:49 | ||||||
| Reporter | obilodeau | ||||||||||
| Assigned To | obilodeau | ||||||||||
| Priority | normal | Severity | tweak | Reproducibility | N/A | ||||||
| Status | assigned | Resolution | open | ||||||||
| Platform | OS | OS Version | |||||||||
| Product Version | |||||||||||
| Target Version | Fixed in Version | ||||||||||
| Summary | 0001153: More flexible VLAN Attributes handling with RADIUS (support for Vendor Specific Attributes aka VSA) | ||||||||||
| Description | Right now VLAN assignment through RADIUS is always done using the same tunnel attributes namely:
$RAD_REPLY{'Tunnel-Medium-Type'} = 6;
$RAD_REPLY{'Tunnel-Type'} = 13;
$RAD_REPLY{'Tunnel-Private-Group-ID'} = $vlan;
However, to be more flexible, it would be interesting to consider allowing the hardware module to specify it's own RADIUS attributes. For this, a new call. Here's the pseudo-code: getVlanAssignmentAttributes(radius_hashref, $vlan) : radius_hashref { $RAD_REPLY->{'Tunnel-Medium-Type'} = 6; $RAD_REPLY->{'Tunnel-Type'} = 13; $RAD_REPLY->{'Tunnel-Private-Group-ID'} = $vlan; } put the above default implementation in pf::SNMP and then other modules can differ. For ex: getVlanAssignmentAttributes(radius_hashref, $vlan) : radius_hashref { $RAD_REPLY->{'Tunnel-Medium-Type'} = 6; $RAD_REPLY->{'Tunnel-Type'} = 13; $RAD_REPLY->{'Tunnel-Private-Group-ID'} = $vlan; $RAD_REPLY->{'Extreme-Netlogin-Extended-VLAN'} = T220; } would add a hardware-specific reply that would add a tagged VLAN 220 to the port | ||||||||||
| Tags | No tags attached. | ||||||||||
| fixed in git revision | |||||||||||
| fixed in mtn revision | |||||||||||
| Attached Files | |||||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0003339) roadracer96 (reporter) 2013-07-11 07:49 |
Id like to bump this. I was working on writing my own poor mans NAC prior to discovering PF. The one thing I was able to do was use Extreme-Netlogin-Extended-VLAN VSA to assign tagged, untagged, or a combination of both to a port. A reply of Extreme-Netlogin-Extended-VLAN = U10;T200 would assign vlan 10 Untagged AND vlan 200 tagged. It would make implementation with Extreme switches more flexible. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2011-01-17 17:18 | obilodeau | New Issue | |
| 2011-01-17 17:18 | obilodeau | Status | new => assigned |
| 2011-01-17 17:18 | obilodeau | Assigned To | => obilodeau |
| 2011-03-03 15:16 | obilodeau | Target Version | 2.1.0 => +1 |
| 2011-03-03 15:18 | obilodeau | Target Version | +1 => +2 |
| 2013-07-11 07:49 | roadracer96 | Note Added: 0003339 | |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |