pf::Switch::Aruba
The pf::Switch::Aruba module implements an object oriented interface to access and manage Aruba Wireless Controllers.
Developed and tested on Controller 200 running firmware 5.0.3.3
Tested on Controller 600 with RADIUS Disconnect running firmware 6.0.x
We had reports that Telnet-based deauthentication is no longer working with the firmware 6 series.
Although this is not a PacketFence issue, upgrading PacketFence to 3.1.0 will work-around this situation since we use a new RADIUS-based technique to perform deauthentication on Aruba.
Reported on firmware 6.1.3.1. Let us know if you have a 6.x version and you are unaffected.
TODO: this list is incomplete
De-authenticate a MAC address from wireless network (including 802.1x).
New implementation using RADIUS Disconnect-Request.
DEPRECATED
De-authenticate a MAC address from wireless network (including 802.1x)
Here, we find out what submodule to call _dot1xDeauthenticateMAC or _deauthenticateMAC and call accordingly.
DEPRECATED
De-authenticate a MAC from controller when user is in 802.1x mode using Telnet.
* Private: don't call outside of same object, use _deauthenticateMacWithTelnet externally *
DEPRECATED
De-authenticate a MAC from controller if user is not in 802.1x mode using Telnet
Here we used to specify MAC and IP in the OID but it doesn't work in a lot of cases. As soon as the client stops doing activity for a little while, the IP is forgotten but you can still access the good BSSID with 0.0.0.0 appended at the end of the OID (no IP).
What we are doing now is fetching the table instead of only one entry and issuing deauth on the matching MAC in OID format. Worked in my tests with and without an IP in the table.
* Private: don't call outside of same object, use _deauthenticateMacWithTelnet externally *
Find RADIUS SSID parameter out of RADIUS REQUEST parameters
Aruba specific parser. See pf::Switch for base implementation.
Overloading pf::Switch's implementation because Aruba doesn't support assigning VLANs and Roles at the same time.
What RADIUS Attribute (usually VSA) should the role returned into.
Return the reference to the deauth technique or the default deauth technique.
Sends a RADIUS Disconnect-Request to the NAS with the MAC as the Calling-Station-Id to disconnect.
Optionally you can provide other attributes as an hashref.
Uses pf::util::radius for the low-level RADIUS stuff.
Extract VLAN from the radius attributes.
This is called when we receive a http request from the device and return specific attributes:
client mac address SSID client ip address redirect url grant url status code
Inverse inc. <info@inverse.ca>
Copyright (C) 2005-2015 Inverse inc.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.