HI Fabrice,
I create a file named Aironet_1210.pm in lib/pf/SNMP/Cisco/, I make it part
of pf:pf, when I go thorug the admin gui to configuration->Switches appear
an error, looking into the logs nothing appear, however when I did test
with the AP in packetfence.log said, "ERROR Can not load perl module for
swith x.x.x.x, type: pf::SNMP::Cisco::Aironet_1210. Either the type is
unknown or the perl module has compilation errors", and the following line
said, "WARN: Can't instantiate switch x.x.x.x This request will be failed.
Are you sure your switches.conf is correct? (pf::radius::authorize)", Maybe
I'm missing something in the conf, since the log said can not load perl
module I tough that I need to compile the module or something like that.
The AP has the conf line that I mentioned in the past e-mail, and there is
not traffic since PF can not instantiate the module.
What do you think?
Best Regards,
On Tue, Apr 1, 2014 at 8:18 AM, Fabrice DURAND <fdur...@inverse.ca> wrote:
> Hi Juan,
>
> i have just change a line but the code look good.
>
> What you have to check is if the module appear in the module list in the
> admin gui (Switch config).
> And did you enable RFC 3576 on the access point, and do you have traffic
> on the udp port 3799 from pf to the access point ?
>
> Fabrice
>
>
>
> package pf::SNMP::Cisco::Aironet_1210;
>
> =head1 NAME
>
> pf::SNMP::Cisco::Aironet_1210 - Object oriented module to access SNMP
> enabled Cisco Aironet 1210 APs
>
> =head1 SYNOPSIS
>
> The pf::SNMP::Cisco::Aironet_1210 module implements an object oriented
> interface
> to access SNMP enabled Cisco Aironet_1210 APs.
>
> This modules extends pf::SNMP::Cisco::Aironet
>
> =cut
> use strict;
> use warnings;
> use Log::Log4perl;
> use Net::SNMP;
>
> use pf::config;
>
> use base ('pf::SNMP::Cisco::Aironet');
>
> sub description { 'Cisco Aironet 1210' }
>
> =item deauthenticateMacDefault
>
> De-authenticate a MAC address from wireless network (including 802.1x).
>
> Diverges from L<pf::SNMP::Cisco::WLC> in the following aspects:
>
> =over
>
> =item No Service-Type
>
> =item Called-Station-Id in the Cisco format (aabb.ccdd.eeff)
>
> =back
>
> =cut
>
> sub deauthenticateMacDefault {
> my ( $self, $mac, $is_dot1x ) = @_;
> my $logger = Log::Log4perl::get_logger(__PACKAGE__);
>
> if ( !$self->isProductionMode() ) {
> $logger->info("not in production mode... we won't perform
> deauthentication");
> return 1;
> }
>
>
> if (!defined($self)) {
> $logger->error("deauthentication impossible, could not find AP for
> MAC $mac");
> return;
> }
>
> $logger->debug("deauthenticate $mac on AP $ap_ip using RADIUS
> Disconnect-Request deauth method");
> return $self->radiusDisconnect($mac);
>
> }
>
>
>
>
>
> =item deauthTechniques
>
> Return the reference to the deauth technique or the default deauth
> technique.
> We implement the RADIUS technique using a PoD server in the AP.
>
> =cut
>
> sub deauthTechniques {
> my ($this, $method) = @_;
> my $logger = Log::Log4perl::get_logger( ref($this) );
> my $default = $SNMP::RADIUS;
> my %tech = (
> $SNMP::RADIUS => \&deauthenticateMacDefault,
> );
>
> if (!defined($method) || !defined($tech{$method})) {
> $method = $default;
> }
> return $method,$tech{$method};
> }
>
>
> =head1 AUTHOR
>
> Inverse inc. <i...@inverse.ca> <i...@inverse.ca>
>
> =head1 COPYRIGHT
>
> Copyright (C) 2005-2014 Inverse inc.
>
> =head1 LICENSE
>
> This program is free software; you can redistribute it and/or
> modify it under the terms of the GNU General Public License
> as published by the Free Software Foundation; either version 2
> of the License, or (at your option) any later version.
>
> This program is distributed in the hope that it will be useful,
> but WITHOUT ANY WARRANTY; without even the implied warranty of
> MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> GNU General Public License for more details.
>
> You should have received a copy of the GNU General Public License
> along with this program; if not, write to the Free Software
> Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
> USA.
>
> =cut
>
> 1;
>
> Le 2014-04-01 09:02, Juan Camilo Valencia a écrit :
>
> Hi Fabrice,
>
> sure Here it is,
>
> This is based on the Aironet_WDS that I work like two years ago with
> Olivier, the device is a Aironet 1210 with IOS, in the AP you need to
> configure normally without the need of SNMP lines and you need to add the
> following line, "aaa pod server clients x.x.x.x por 3799 auth-type any
> server-key StrOnGSecreT" where x.x.x.x is the IP of the PF BOX. This is the
> Aironet_1210.pm that I thinking,
>
> package pf::SNMP::Cisco::Aironet_1210;
>
> =head1 NAME
>
> pf::SNMP::Cisco::Aironet_1210 - Object oriented module to access SNMP
> enabled Cisco Aironet 1210 APs
>
> =head1 SYNOPSIS
>
> The pf::SNMP::Cisco::Aironet_1210 module implements an object oriented
> interface
> to access SNMP enabled Cisco Aironet_1210 APs.
>
> This modules extends pf::SNMP::Cisco::Aironet
>
> =cut
> use strict;
> use warnings;
> use Log::Log4perl;
> use Net::SNMP;
>
> use pf::config;
> use pf::util qw(format_mac_as_cisco);
>
> use base ('pf::SNMP::Cisco::Aironet');
>
> sub description { 'Cisco Aironet 1210' }
>
> =item deauthenticateMacDefault
>
> De-authenticate a MAC address from wireless network (including 802.1x).
>
> Diverges from L<pf::SNMP::Cisco::WLC> in the following aspects:
>
> =over
>
> =item No Service-Type
>
> =item Called-Station-Id in the Cisco format (aabb.ccdd.eeff)
>
> =back
>
> =cut
>
> sub deauthenticateMacDefault {
> my ( $self, $mac, $is_dot1x ) = @_;
> my $logger = Log::Log4perl::get_logger(__PACKAGE__);
>
> if ( !$self->isProductionMode() ) {
> $logger->info("not in production mode... we won't perform
> deauthentication");
> return 1;
> }
>
>
> if (!defined($self)) {
> $logger->error("deauthentication impossible, could not find AP for
> MAC $mac");
> return;
> }
>
> $logger->debug("deauthenticate $mac on AP $ap_ip using RADIUS
> Disconnect-Request deauth method");
> my $mac_for_deauth = format_mac_as_cisco($mac);
> return $self->radiusDisconnect($mac, {
> 'NAS-IP-Address' => $ap_ip,
> 'Calling-Station-Id' => $mac_for_deauth,
> });
> }
>
>
>
>
>
> =item deauthTechniques
>
> Return the reference to the deauth technique or the default deauth
> technique.
> We implement the RADIUS technique using a PoD server in the AP.
>
> =cut
>
> sub deauthTechniques {
> my ($this, $method) = @_;
> my $logger = Log::Log4perl::get_logger( ref($this) );
> my $default = $SNMP::RADIUS;
> my %tech = (
> $SNMP::RADIUS => \&deauthenticateMacDefault,
> );
>
> if (!defined($method) || !defined($tech{$method})) {
> $method = $default;
> }
> return $method,$tech{$method};
> }
>
>
> =head1 AUTHOR
>
> Inverse inc. <i...@inverse.ca>
>
> =head1 COPYRIGHT
>
> Copyright (C) 2005-2014 Inverse inc.
>
> =head1 LICENSE
>
> This program is free software; you can redistribute it and/or
> modify it under the terms of the GNU General Public License
> as published by the Free Software Foundation; either version 2
> of the License, or (at your option) any later version.
>
> This program is distributed in the hope that it will be useful,
> but WITHOUT ANY WARRANTY; without even the implied warranty of
> MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> GNU General Public License for more details.
>
> You should have received a copy of the GNU General Public License
> along with this program; if not, write to the Free Software
> Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
> USA.
>
> =cut
>
> 1;
>
> I need to contribute the doc of the Aironet WDS modules, I will try to
> have a time for that and the doc of this module to if it works.
>
> Best Regards and thanks for your advance,
>
>
> On Tue, Apr 1, 2014 at 6:59 AM, Fabrice DURAND <fdur...@inverse.ca> wrote:
>
>> Hi Juan,
>>
>> can you paste your module ?
>>
>> Regards
>> Fabrice
>>
>>
>> Hi Guys,
>>
>> I trying to test a new ap module in packetfence, an aironet 1210 with
>> radius deauth, i have created the perl package, my question is, what are
>> the steps necessaries to make packetfence recognize that. I was reading the
>> developers guide but didn't see how.
>>
>> Thanks foir your advance,
>>
>> Best regards,
>>
>> --
>> JUAN CAMILO VALENCIA VARGAS
>> Ingeniero de Operaciones
>> SeguraTec S.A.S
>> Calle 11 # 43B-50 of 307
>> Medelllín Colombia
>>
>> *"Choose a job you love, and you will never have to work a day in your
>> life"*
>>
>>
>>
>> ------------------------------------------------------------------------------
>>
>>
>>
>> _______________________________________________
>> PacketFence-devel mailing
>> listPacketFence-devel@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-devel
>>
>>
>>
>> --
>> Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) ::
>> www.inverse.ca
>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
>> (http://packetfence.org)
>>
>>
>>
>> ------------------------------------------------------------------------------
>>
>> _______________________________________________
>> PacketFence-devel mailing list
>> PacketFence-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-devel
>>
>>
>
>
> --
> JUAN CAMILO VALENCIA VARGAS
> Ingeniero de Operaciones
> SeguraTec S.A.S
> Calle 11 # 43B-50 of 307
> Medelllín Colombia
>
> *"Choose a job you love, and you will never have to work a day in your
> life"*
>
>
> ------------------------------------------------------------------------------
>
>
>
> _______________________________________________
> PacketFence-devel mailing
> listPacketFence-devel@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-devel
>
>
>
> --
> Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
> (http://packetfence.org)
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> PacketFence-devel mailing list
> PacketFence-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-devel
>
>
--
JUAN CAMILO VALENCIA VARGAS
Ingeniero de Operaciones
SeguraTec S.A.S
Calle 11 # 43B-50 of 307
Medelllín Colombia
*"Choose a job you love, and you will never have to work a day in your
life"*
------------------------------------------------------------------------------
_______________________________________________
PacketFence-devel mailing list
PacketFence-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-devel
