Hi Luis, This the output, [root@sbmdehas06 ~]# perl -c -l /usr/local/pf/ /usr/local/pf/lib/pf/SNMP/Cisco/Aironet_1210.pm /usr/local/pf/ syntax OK
and this is switches.conf, # # Copyright 2006-2008 Inverse inc. # # See the enclosed file COPYING for license information (GPL). # If you did not receive this file, see # http://www.fsf.org/licensing/licenses/gpl.html [default] description=Switches Default Values vlans=1,2,3,4,5 normalVlan=1 registrationVlan=2 isolationVlan=3 macDetectionVlan=4 voiceVlan=5 inlineVlan=6 inlineTrigger= normalRole=normal registrationRole=registration isolationRole=isolation macDetectionRole=macDetection voiceRole=voice inlineRole=inline VoIPEnabled=no mode=testing macSearchesMaxNb=30 macSearchesSleepInterval=2 uplink=dynamic # # Command Line Interface # # cliTransport could be: Telnet, SSH or Serial cliTransport=Telnet cliUser= cliPwd= cliEnablePwd= # # SNMP section # # PacketFence -> Switch SNMPVersion=1 SNMPCommunityRead=public SNMPCommunityWrite=private #SNMPEngineID = 0000000000000 #SNMPUserNameRead = readUser #SNMPAuthProtocolRead = MD5 #SNMPAuthPasswordRead = authpwdread #SNMPPrivProtocolRead = DES #SNMPPrivPasswordRead = privpwdread #SNMPUserNameWrite = writeUser #SNMPAuthProtocolWrite = MD5 #SNMPAuthPasswordWrite = authpwdwrite #SNMPPrivProtocolWrite = DES #SNMPPrivPasswordWrite = privpwdwrite # Switch -> PacketFence SNMPVersionTrap=1 SNMPCommunityTrap=public #SNMPAuthProtocolTrap = MD5 #SNMPAuthPasswordTrap = authpwdread #SNMPPrivProtocolTrap = DES #SNMPPrivPasswordTrap = privpwdread # # Web Services Interface # # wsTransport could be: http or https wsTransport=http wsUser= wsPwd= # # RADIUS NAS Client config # # RADIUS shared secret with switch radiusSecret=XXXXXXXXX [10.11.61.253] mode=production type=Cisco::Aironet_1210 description=Lab AP defaultVlan=192 deauthMethod=RADIUS VoIPEnabled=N isolationVlan=250 registrationVlan=150 SNMPCommunityRead=xxxxxx SNMPAuthProtocolRead=MD5 SNMPCommunityWrite=XXXXXXXXXXXXXXXXXX SNMPUserNameTrap=ROUSER SNMPPrivPasswordTrap=XXXXXXXXXXXXXX SNMPAuthProtocolTrap=MD5 SNMPAuthProtocolWrite=MD5 SNMPUserNameWrite=RWUSER SNMPVersionTrap=3 SNMPEngineID=800000000000000000000099 SNMPUserNameRead=ROUSER SNMPVersion=3 SNMPPrivPasswordRead=XXXXXXXXXXXXXXXXX SNMPPrivProtocolWrite=DES SNMPAuthPasswordWrite=XXXXXXXXXXXXXXXX SNMPPrivPasswordWrite=XXXXXXXXXXXXXXXXX SNMPAuthPasswordRead=XXXXXXXXXXXXXXXXX SNMPCommunityTrap=xxxxx SNMPPrivProtocolTrap=DES SNMPPrivProtocolRead=DES SNMPAuthPasswordTrap=XXXXXXXXXXXXXXXXXXX empleado_bcolVlan=192 I replaced the passwords with XXXX, I double check it that so shouldn be the issue, since I dont have access to switches.conf with the GUI, I reviewed and just added the LINE deauthMethod=RADIUS and restarted PF without problems. So I don't have a clue, Regards, On Tue, Apr 1, 2014 at 8:52 AM, Louis Munro <lmu...@inverse.ca> wrote: > Hi Juan, > Please post your switches.conf file, at least the relevant parts (stripped > of secrets and passwords, of course). > > Regards, > -- > Louis Munro > lmu...@inverse.ca :: www.inverse.ca > +1.514.447.4918 *125 :: +1 (866) 353-6153 > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( > www.packetfence.org) > > On 2014-04-01, at 9:48 , Juan Camilo Valencia < > juan.valen...@seguratec.com.co> wrote: > > Hi Louis, > > Sorry I forget to include the pf libraries, I ran again the command and > says syntax OK, another idea?, I will review the switches.conf again and > see if I catch something. > > Regards, > > > On Tue, Apr 1, 2014 at 8:40 AM, Juan Camilo Valencia < > juan.valen...@seguratec.com.co> wrote: > >> HI Louis, >> >> I just made the test that you suggest, Yes I have a problem in the >> compilation, it can not locate pf/config.pm, but the file is there, some >> suggestions, Do you prefer that I post the entire output of the command?, >> let me know. >> >> Regards, >> >> >> On Tue, Apr 1, 2014 at 8:34 AM, Louis Munro <lmu...@inverse.ca> wrote: >> >>> Hi Juan, >>> Did you check the file for syntax errors? >>> >>> I.e. run this command: >>> perl -c -I/usr/local/pf/lib /usr/local/pf/lib/SNMP/Cisco/Aironet_1210.pm >>> >>> Please report any errors. >>> >>> Regards, >>> -- >>> Louis Munro >>> lmu...@inverse.ca :: www.inverse.ca >>> +1.514.447.4918 *125 :: +1 (866) 353-6153 >>> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence ( >>> www.packetfence.org) >>> >>> On 2014-04-01, at 9:28 , Juan Camilo Valencia < >>> juan.valen...@seguratec.com.co> wrote: >>> >>> HI Fabrice, >>> >>> I create a file named Aironet_1210.pm in lib/pf/SNMP/Cisco/, I make it >>> part of pf:pf, when I go thorug the admin gui to configuration->Switches >>> appear an error, looking into the logs nothing appear, however when I did >>> test with the AP in packetfence.log said, "ERROR Can not load perl module >>> for swith x.x.x.x, type: pf::SNMP::Cisco::Aironet_1210. Either the type is >>> unknown or the perl module has compilation errors", and the following line >>> said, "WARN: Can't instantiate switch x.x.x.x This request will be failed. >>> Are you sure your switches.conf is correct? (pf::radius::authorize)", Maybe >>> I'm missing something in the conf, since the log said can not load perl >>> module I tough that I need to compile the module or something like that. >>> The AP has the conf line that I mentioned in the past e-mail, and there is >>> not traffic since PF can not instantiate the module. >>> What do you think? >>> >>> Best Regards, >>> >>> >>> On Tue, Apr 1, 2014 at 8:18 AM, Fabrice DURAND <fdur...@inverse.ca>wrote: >>> >>>> Hi Juan, >>>> >>>> i have just change a line but the code look good. >>>> >>>> What you have to check is if the module appear in the module list in >>>> the admin gui (Switch config). >>>> And did you enable RFC 3576 on the access point, and do you have >>>> traffic on the udp port 3799 from pf to the access point ? >>>> >>>> Fabrice >>>> >>>> >>>> >>>> package pf::SNMP::Cisco::Aironet_1210; >>>> >>>> =head1 NAME >>>> >>>> pf::SNMP::Cisco::Aironet_1210 - Object oriented module to access SNMP >>>> enabled Cisco Aironet 1210 APs >>>> >>>> =head1 SYNOPSIS >>>> >>>> The pf::SNMP::Cisco::Aironet_1210 module implements an object oriented >>>> interface >>>> to access SNMP enabled Cisco Aironet_1210 APs. >>>> >>>> This modules extends pf::SNMP::Cisco::Aironet >>>> >>>> =cut >>>> use strict; >>>> use warnings; >>>> use Log::Log4perl; >>>> use Net::SNMP; >>>> >>>> use pf::config; >>>> >>>> use base ('pf::SNMP::Cisco::Aironet'); >>>> >>>> sub description { 'Cisco Aironet 1210' } >>>> >>>> =item deauthenticateMacDefault >>>> >>>> De-authenticate a MAC address from wireless network (including 802.1x). >>>> >>>> Diverges from L<pf::SNMP::Cisco::WLC> in the following aspects: >>>> >>>> =over >>>> >>>> =item No Service-Type >>>> >>>> =item Called-Station-Id in the Cisco format (aabb.ccdd.eeff) >>>> >>>> =back >>>> >>>> =cut >>>> >>>> sub deauthenticateMacDefault { >>>> my ( $self, $mac, $is_dot1x ) = @_; >>>> my $logger = Log::Log4perl::get_logger(__PACKAGE__); >>>> >>>> if ( !$self->isProductionMode() ) { >>>> $logger->info("not in production mode... we won't perform >>>> deauthentication"); >>>> return 1; >>>> } >>>> >>>> >>>> if (!defined($self)) { >>>> $logger->error("deauthentication impossible, could not find AP >>>> for MAC $mac"); >>>> return; >>>> } >>>> >>>> $logger->debug("deauthenticate $mac on AP $ap_ip using RADIUS >>>> Disconnect-Request deauth method"); >>>> return $self->radiusDisconnect($mac); >>>> >>>> } >>>> >>>> >>>> >>>> >>>> >>>> =item deauthTechniques >>>> >>>> Return the reference to the deauth technique or the default deauth >>>> technique. >>>> We implement the RADIUS technique using a PoD server in the AP. >>>> >>>> =cut >>>> >>>> sub deauthTechniques { >>>> my ($this, $method) = @_; >>>> my $logger = Log::Log4perl::get_logger( ref($this) ); >>>> my $default = $SNMP::RADIUS; >>>> my %tech = ( >>>> $SNMP::RADIUS => \&deauthenticateMacDefault, >>>> ); >>>> >>>> if (!defined($method) || !defined($tech{$method})) { >>>> $method = $default; >>>> } >>>> return $method,$tech{$method}; >>>> } >>>> >>>> >>>> =head1 AUTHOR >>>> >>>> Inverse inc. <i...@inverse.ca> <i...@inverse.ca> >>>> >>>> =head1 COPYRIGHT >>>> >>>> Copyright (C) 2005-2014 Inverse inc. >>>> >>>> =head1 LICENSE >>>> >>>> This program is free software; you can redistribute it and/or >>>> modify it under the terms of the GNU General Public License >>>> as published by the Free Software Foundation; either version 2 >>>> of the License, or (at your option) any later version. >>>> >>>> This program is distributed in the hope that it will be useful, >>>> but WITHOUT ANY WARRANTY; without even the implied warranty of >>>> MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >>>> GNU General Public License for more details. >>>> >>>> You should have received a copy of the GNU General Public License >>>> along with this program; if not, write to the Free Software >>>> Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA >>>> 02110-1301, >>>> USA. >>>> >>>> =cut >>>> >>>> 1; >>>> >>>> Le 2014-04-01 09:02, Juan Camilo Valencia a écrit : >>>> >>>> Hi Fabrice, >>>> >>>> sure Here it is, >>>> >>>> This is based on the Aironet_WDS that I work like two years ago with >>>> Olivier, the device is a Aironet 1210 with IOS, in the AP you need to >>>> configure normally without the need of SNMP lines and you need to add the >>>> following line, "aaa pod server clients x.x.x.x por 3799 auth-type any >>>> server-key StrOnGSecreT" where x.x.x.x is the IP of the PF BOX. This is the >>>> Aironet_1210.pm that I thinking, >>>> >>>> package pf::SNMP::Cisco::Aironet_1210; >>>> >>>> =head1 NAME >>>> >>>> pf::SNMP::Cisco::Aironet_1210 - Object oriented module to access SNMP >>>> enabled Cisco Aironet 1210 APs >>>> >>>> =head1 SYNOPSIS >>>> >>>> The pf::SNMP::Cisco::Aironet_1210 module implements an object >>>> oriented interface >>>> to access SNMP enabled Cisco Aironet_1210 APs. >>>> >>>> This modules extends pf::SNMP::Cisco::Aironet >>>> >>>> =cut >>>> use strict; >>>> use warnings; >>>> use Log::Log4perl; >>>> use Net::SNMP; >>>> >>>> use pf::config; >>>> use pf::util qw(format_mac_as_cisco); >>>> >>>> use base ('pf::SNMP::Cisco::Aironet'); >>>> >>>> sub description { 'Cisco Aironet 1210' } >>>> >>>> =item deauthenticateMacDefault >>>> >>>> De-authenticate a MAC address from wireless network (including >>>> 802.1x). >>>> >>>> Diverges from L<pf::SNMP::Cisco::WLC> in the following aspects: >>>> >>>> =over >>>> >>>> =item No Service-Type >>>> >>>> =item Called-Station-Id in the Cisco format (aabb.ccdd.eeff) >>>> >>>> =back >>>> >>>> =cut >>>> >>>> sub deauthenticateMacDefault { >>>> my ( $self, $mac, $is_dot1x ) = @_; >>>> my $logger = Log::Log4perl::get_logger(__PACKAGE__); >>>> >>>> if ( !$self->isProductionMode() ) { >>>> $logger->info("not in production mode... we won't perform >>>> deauthentication"); >>>> return 1; >>>> } >>>> >>>> >>>> if (!defined($self)) { >>>> $logger->error("deauthentication impossible, could not find AP >>>> for MAC $mac"); >>>> return; >>>> } >>>> >>>> $logger->debug("deauthenticate $mac on AP $ap_ip using RADIUS >>>> Disconnect-Request deauth method"); >>>> my $mac_for_deauth = format_mac_as_cisco($mac); >>>> return $self->radiusDisconnect($mac, { >>>> 'NAS-IP-Address' => $ap_ip, >>>> 'Calling-Station-Id' => $mac_for_deauth, >>>> }); >>>> } >>>> >>>> >>>> >>>> >>>> >>>> =item deauthTechniques >>>> >>>> Return the reference to the deauth technique or the default deauth >>>> technique. >>>> We implement the RADIUS technique using a PoD server in the AP. >>>> >>>> =cut >>>> >>>> sub deauthTechniques { >>>> my ($this, $method) = @_; >>>> my $logger = Log::Log4perl::get_logger( ref($this) ); >>>> my $default = $SNMP::RADIUS; >>>> my %tech = ( >>>> $SNMP::RADIUS => \&deauthenticateMacDefault, >>>> ); >>>> >>>> if (!defined($method) || !defined($tech{$method})) { >>>> $method = $default; >>>> } >>>> return $method,$tech{$method}; >>>> } >>>> >>>> >>>> =head1 AUTHOR >>>> >>>> Inverse inc. <i...@inverse.ca> >>>> >>>> =head1 COPYRIGHT >>>> >>>> Copyright (C) 2005-2014 Inverse inc. >>>> >>>> =head1 LICENSE >>>> >>>> This program is free software; you can redistribute it and/or >>>> modify it under the terms of the GNU General Public License >>>> as published by the Free Software Foundation; either version 2 >>>> of the License, or (at your option) any later version. >>>> >>>> This program is distributed in the hope that it will be useful, >>>> but WITHOUT ANY WARRANTY; without even the implied warranty of >>>> MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >>>> GNU General Public License for more details. >>>> >>>> You should have received a copy of the GNU General Public License >>>> along with this program; if not, write to the Free Software >>>> Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA >>>> 02110-1301, >>>> USA. >>>> >>>> =cut >>>> >>>> 1; >>>> >>>> I need to contribute the doc of the Aironet WDS modules, I will try >>>> to have a time for that and the doc of this module to if it works. >>>> >>>> Best Regards and thanks for your advance, >>>> >>>> >>>> On Tue, Apr 1, 2014 at 6:59 AM, Fabrice DURAND <fdur...@inverse.ca>wrote: >>>> >>>>> Hi Juan, >>>>> >>>>> can you paste your module ? >>>>> >>>>> Regards >>>>> Fabrice >>>>> >>>>> >>>>> Hi Guys, >>>>> >>>>> I trying to test a new ap module in packetfence, an aironet 1210 >>>>> with radius deauth, i have created the perl package, my question is, what >>>>> are the steps necessaries to make packetfence recognize that. I was >>>>> reading >>>>> the developers guide but didn't see how. >>>>> >>>>> Thanks foir your advance, >>>>> >>>>> Best regards, >>>>> >>>>> -- >>>>> JUAN CAMILO VALENCIA VARGAS >>>>> Ingeniero de Operaciones >>>>> SeguraTec S.A.S >>>>> Calle 11 # 43B-50 of 307 >>>>> Medelllín Colombia >>>>> >>>>> *"Choose a job you love, and you will never have to work a day in your >>>>> life"* >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> PacketFence-devel mailing >>>>> listPacketFence-devel@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-devel >>>>> >>>>> >>>>> >>>>> -- >>>>> Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) :: >>>>> www.inverse.ca >>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>> (http://packetfence.org) >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> >>>>> _______________________________________________ >>>>> PacketFence-devel mailing list >>>>> PacketFence-devel@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-devel >>>>> >>>>> >>>> >>>> >>>> -- >>>> JUAN CAMILO VALENCIA VARGAS >>>> Ingeniero de Operaciones >>>> SeguraTec S.A.S >>>> Calle 11 # 43B-50 of 307 >>>> Medelllín Colombia >>>> >>>> *"Choose a job you love, and you will never have to work a day in your >>>> life"* >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> >>>> >>>> >>>> _______________________________________________ >>>> PacketFence-devel mailing >>>> listPacketFence-devel@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-devel >>>> >>>> >>>> >>>> -- >>>> Fabrice durandfdur...@inverse.ca :: +1.514.447.4918 (x135) :: >>>> www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>> (http://packetfence.org) >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> >>>> _______________________________________________ >>>> PacketFence-devel mailing list >>>> PacketFence-devel@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-devel >>>> >>>> >>> >>> >>> -- >>> JUAN CAMILO VALENCIA VARGAS >>> Ingeniero de Operaciones >>> SeguraTec S.A.S >>> Calle 11 # 43B-50 of 307 >>> Medelllín Colombia >>> >>> *"Choose a job you love, and you will never have to work a day in your >>> life"* >>> ------------------------------------------------------------------------------ >>> _______________________________________________ >>> PacketFence-devel mailing list >>> PacketFence-devel@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/packetfence-devel >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> PacketFence-devel mailing list >>> PacketFence-devel@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/packetfence-devel >>> >>> >> >> >> -- >> JUAN CAMILO VALENCIA VARGAS >> Ingeniero de Operaciones >> SeguraTec S.A.S >> Calle 11 # 43B-50 of 307 >> Medelllín Colombia >> >> *"Choose a job you love, and you will never have to work a day in your >> life"* >> > > > > -- > JUAN CAMILO VALENCIA VARGAS > Ingeniero de Operaciones > SeguraTec S.A.S > Calle 11 # 43B-50 of 307 > Medelllín Colombia > > *"Choose a job you love, and you will never have to work a day in your > life"* > ------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-devel mailing list > PacketFence-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-devel > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > PacketFence-devel mailing list > PacketFence-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-devel > > -- JUAN CAMILO VALENCIA VARGAS Ingeniero de Operaciones SeguraTec S.A.S Calle 11 # 43B-50 of 307 Medelllín Colombia *"Choose a job you love, and you will never have to work a day in your life"*
------------------------------------------------------------------------------
_______________________________________________ PacketFence-devel mailing list PacketFence-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-devel
