pf::Switch::Cisco::Aironet_WDS - Object oriented module to parse SNMP traps and manage Cisco Aironet configured in Wireless Domain Services (WDS) mode.
This module implements some changes on top of pf::Switch::Cisco::WLC. You should also consult the documentation over there if you experience issues.
Deauthentication with RADIUS Disconnect (RFC3576)
Tested on an Aironet WDS on IOS 12.3.8JEC3
Even though we perform the deauthentication with RFC3576 through Packet of Disconnect (PoD). SSH access is still required.
Due to a Cisco issue, deauthentication attempts made directly to the WDS node, even though accepted, do not fully deauthenticate the client. It feels like the crypto caches aren't properly invalidated which cause subsequent re-association from the client never to trigger AAA.
As a work-around, we connect to the WDS to obtain the current Access-Point where the MAC is located (with SSH) and then issue a PoD directly to the AP.
Several improvements could be made by Cisco regarding this issue so a close look at their next IOS releases notes is in order.
For more information see: https://supportforums.cisco.com/thread/2148888
De-authenticate a MAC address from wireless network (including 802.1x).
Diverges from pf::Switch::Cisco::WLC in the following aspects:
Warning: this method should _never_ be called in a thread. Net::Appliance::Session is not thread safe. Experienced when using SSH.
Warning: this code doesn't support elevating to privileged mode. See #900 and #1370.
Overriding default extractSsid because on Aironet AP SSID is in the Cisco-AVPair VSA.
Return the reference to the deauth technique or the default deauth technique.
Inverse inc. <info@inverse.ca>
Copyright (C) 2005-2015 Inverse inc.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.