Re: [Packetfence-devel] Meru Feature Devel

Manueco, Antonio Tue, 08 Mar 2011 12:57:26 -0800

Sorry took some time.  By the way, nice to put a face on you guys!  Great 
interview.  Here is a snapshot of the Radius Packet.  The SSID for 802.1x is 
TestSecure.




Let me know what I'd have to change to get the SSID.  I'd like to do a custom 
VLAN assignment based on this.



Access-Request Id 120   10.37.9.65:1814 -> 10.37.32.92:1645 +1211592.214

      NAS-Port-Type = Wireless-802.11

      State = 0x546573744e415649533b313239393630373232393b3139

      Calling-Station-Id = "90-27-E4-F8-ED-23"

      Called-Station-Id = "00-A0-A5-5F-42-1A:TestSecure"

      Message-Authenticator = 0x9df3a7c6c23328ce708a39e75b6398be

      User-Name = "ex-rancid1"

      EAP-Message = 
0x0205004f158000000045170300005e59a9e0e0a62119a543c887e12a4892ac7aaa39f934dbc1891e6e967b366e265fe3f025af8f031c3d3fc9070a1ab110903d06e81ec83a0f83308c

      Connect-Info = "CONNECT 802.11a"

      NAS-IP-Address = 10.224.232.220

      NAS-Port = 2050

      Framed-Compression = None

      Framed-MTU = 1250

      Proxy-State = 0x3731







Thanks!





-----Original Message-----
From: Olivier Bilodeau [mailto:obilod...@inverse.ca]
Sent: Monday, February 28, 2011 12:42 PM
To: packetfence-devel@lists.sourceforge.net
Subject: Re: [Packetfence-devel] Meru Feature Devel



Hi Antonio,



A quick re-post of François' last message:



> I just spoke with our Meru contact, and he told me that the SSID is sent

> when doing 802.1X.  Since I do not have access to a Meru controller, can

> you grab a capture of a 802.1X RADIUS request?



It would be really appreciated.



Thanks,



On 22/02/11 4:02 PM, Manueco, Antonio wrote:

> Nop, I don't see any SSID in the request.

>

>

>

> -----Original Message-----

> From: Olivier Bilodeau [mailto:obilod...@inverse.ca]

> Sent: Tuesday, February 22, 2011 3:47 PM

> To: packetfence-devel@lists.sourceforge.net

> Subject: Re: [Packetfence-devel] Meru Feature Devel

>

> Hi,

>

>> I am sending you the Request from the controller for MAC Auth.

>>

>> MAC Auth:

>>

>> rad_recv: Access-Request packet from host 10.224.232.220 port 32769, id=229, 
>> length=182

>>    Service-Type = Login-User

>>    Framed-MTU = 1250

>>    User-Name = "00-11-22-33-44-55"

>>    User-Password = "00-11-22-33-44-55"

>>    Calling-Station-Id = "00-11-22-33-44-55"

>>    Called-Station-Id = "00-A0-A5-5F-42-1A"

>>    Connect-Info = "CONNECT Unknown Radio"

>>    NAS-IP-Address = 10.224.232.220

>>    NAS-Port-Type = Wireless-802.11

>>    NAS-Port = 0

>>    Message-Authenticator = 0xd3eb20961c802bc6f8d777bf195d1715

>

> Do you see your SSID in the request? I'm asking just in case it's

> CONNECT or CONNECT Unknown Radio...

>

>>

>> Let me know if I can help you with anything.

>>

>

> First, lets try to see if there's not a VSA that isn't supported by

> FreeRADIUS. Can you do a tcpdump / wireshark of the Request and check if

> there is not a vendor specific attribute that we don't see in the

> radiusd output.

>

> Then, on Cisco Aironet in stand-alone mode, we need to enable a CLI

> parameter in order for it to send the SSID in a VSA. ex:

>   >  radius-server vsa send authentication

>

> If all else fails, at this point if you _really_ need SSID

> identification we could try to find an SNMP read query that could give

> it to us based on the Called-Station-Id.. but again, we would need a

> caching layer otherwise it would be ridiculous to do an SNMP read to the

> controller for every incoming RADIUS request we get.

>

> Thanks for helping us! We don't have a Meru here anymore..

>





--

Olivier Bilodeau

obilod...@inverse.ca  ::  +1.514.447.4918 *115  ::  www.inverse.ca

Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence

(www.packetfence.org)



------------------------------------------------------------------------------

Free Software Download: Index, Search & Analyze Logs and other IT data in

Real-Time with Splunk. Collect, index and harness all the fast moving IT data

generated by your applications, servers and devices whether physical, virtual

or in the cloud. Deliver compliance at lower cost and gain new business

insights. http://p.sf.net/sfu/splunk-dev2dev

_______________________________________________

Packetfence-devel mailing list

Packetfence-devel@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/packetfence-devel

------------------------------------------------------------------------------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d

_______________________________________________
Packetfence-devel mailing list
Packetfence-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-devel

Re: [Packetfence-devel] Meru Feature Devel

Reply via email to