On 02/09/2012 11:40 AM, Phil Mayers wrote:
On 09/02/12 15:49, Walter Gould wrote:
All,
I have FR vmps configured to query postgresql for a mac address and
return the vlan that is assigned to it. That is working well. However, I
would like to configure vmps to return a "fallback" or guest vlan for
cases when a mac address is not in the database.
Can anyone give me some suggestions or config examples?
This depends entirely on how you are settings the VLAN for "known"
users. If you can show the config you are using, I can be more
specific, but basically you check for the "not found" state, or check
for the "reply vlan not set" state.
For example:
vmps {
...
sql
if (notfound) {
update reply {
VMPS-... = ...
}
}
...
}
Possibly the most general thing is:
vmps {
...
sql
...
if (!reply:VMPS-VLAN-Name) {
update reply {
VMPS-VLAN-Name = GUEST
}
}
}
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Phil,
Thanks for your reply. I tried what you mentioned above, but cannot
seem to get it to work. Below is my vmps file and debug output. Any
suggestions will be appreciated.
Thanks,
Walter
vmps {
#
# Some requests may not have a MAC address. Try to
# create one using other attributes.
if (!VMPS-Mac) {
if (VMPS-Ethernet-Frame =~
/0x.{12}(..)(..)(..)(..)(..)(..).*/) {
update request {
VMPS-Mac =
"%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
}
}
else {
update request {
VMPS-Mac = "%{VMPS-Cookie}"
}
}
}
# Do a simple mapping of MAC to VLAN.
#
# See radiusd.conf for the definition of the "mac2vlan"
# module.
#
mac2vlan
# required VMPS reply attributes
update reply {
VMPS-Packet-Type = VMPS-Join-Response
VMPS-Cookie = "%{VMPS-Mac}"
#
# If you have VLAN's in a database, you can select
# the VLAN name based on the MAC address.
#
VMPS-VLAN-Name = "%{sql:select vlan from users
where mac='%{VMPS-Mac}'}"
}
if (!reply:VMPS-VLAN-Name) {
update reply {
VMPS-VLAN-Name = "Guests"
}
}
# correct reply packet type for reconfirmation requests
#
if (VMPS-Packet-Type == VMPS-Reconfirm-Request){
update reply {
VMPS-Packet-Type := VMPS-Reconfirm-Response
}
}
linelog
}
# Proxying of VMPS requests is NOT supported.
}
Here's the debug:
VMPS-Packet-Type = VMPS-Join-Request
VMPS-Error-Code = VMPS-No-Error
VMPS-Sequence-Number = 2449
VMPS-Client-IP-Address = switch_ip
VMPS-Port-Name = "Gi1/0/12"
VMPS-VLAN-Name = "--NONE--"
VMPS-Domain-Name = "gangsta"
VMPS-Unknown = 0x00
VMPS-MAC = d4:be:d9:12:20:6c
server vmps {
Doing VMPS
+- entering group vmps {...}
++? if (!VMPS-Mac)
? Evaluating !(VMPS-Mac) -> FALSE
++? if (!VMPS-Mac) -> FALSE
++[mac2vlan] returns notfound
expand: %{VMPS-Mac} -> d4:be:d9:12:20:6c
sql_xlat
expand: %{User-Name} ->
sql_set_user escaped user --> ''
expand: select vlan from users where mac='%{VMPS-Mac}' ->
select vlan from users where mac='d4:be:d9:12:20:6c'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 1
SQL query did not return any results
rlm_sql (sql): Released sql socket id: 4
expand: %{sql:select vlan from users where mac='%{VMPS-Mac}'} ->
++[reply] returns notfound
++? if (!reply:VMPS-VLAN-Name)
? Evaluating !(reply:VMPS-VLAN-Name) -> FALSE
++? if (!reply:VMPS-VLAN-Name) -> FALSE
++? if (VMPS-Packet-Type == VMPS-Reconfirm-Request)
? Evaluating (VMPS-Packet-Type == VMPS-Reconfirm-Request) -> FALSE
++? if (VMPS-Packet-Type == VMPS-Reconfirm-Request) -> FALSE
[linelog] expand: %S %{VMPS-Mac} %{reply:VMPS-VLAN-Name}
%{VMPS-Client-IP-Address} %{VMPS-Port-Name} -> 2012-02-10 14:41:01
d4:be:d9:12:20:6c switch_ip Gi1/0/12
++[linelog] returns ok
Done VMPS
} # server vmps
VMPS-VLAN-Name = ""
VMPS-Cookie = d4:be:d9:12:20:6c
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 2449 with timestamp +123
Ready to process requests.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
