All,
I'm moving our legacy switches over to the VMPS support in FreeRadius 2
and I'm aware there are others on the list who have done this.
I'm seeing several different formats of VMPS request. The "easy" ones
are from older switches e.g. cisco 1900s:
VMPS-Packet-Type = VMPS-Join-Request
VMPS-Error-Code = VMPS-No-Error
VMPS-Sequence-Number = 2207055872
VMPS-Client-IP-Address = 172.28.72.65
VMPS-Port-Name = "22"
VMPS-VLAN-Name = "PROD"
VMPS-Domain-Name = "HOR-PG"
VMPS-Unknown = 0x00
VMPS-MAC = 00:01:4a:f8:93:e5
However, newer switches e.g. Cisco 3500XL are sending Reconfirm-Request
packets with no MAC (but with a cookie):
VMPS-Packet-Type = VMPS-Reconfirm-Request
VMPS-Error-Code = VMPS-No-Error
VMPS-Sequence-Number = 13320
VMPS-Client-IP-Address = 172.28.72.50
VMPS-Port-Name = "Fa0/1"
VMPS-VLAN-Name = "PROD"
VMPS-Unknown = 0x01
VMPS-Cookie = 00:1b:78:a5:96:e0
How do I need to respond to these? It seems that if I return a
Join-Response it will simply be obeyed, but I'm worried it will explode
later. Do I need to return a Reconfirm-Reponse with a Deny if the
requested vlan is different to the desired on, or a permit otherwise?
We're also seeing from the newer switches join packets with no MAC or
cookie, but an ethernet header:
VMPS-Packet-Type = VMPS-Join-Request
VMPS-Error-Code = VMPS-No-Error
VMPS-Sequence-Number = 13329
VMPS-Client-IP-Address = 172.28.72.50
VMPS-Port-Name = "Fa0/3"
VMPS-VLAN-Name = "--NONE--"
VMPS-Unknown = 0x00
VMPS-Ethernet-Frame = 0xffffffffffff001636e46d1b08004500015...
What's the easiest way to get the MAC address out of these?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
