Hi Fabrice, Many thanks, herewith the pull request: https://github.com/inverse-inc/packetfence/pull/6375/commits/3149d08a318495a66b3570880a580403a20ce168
Regards David Herselman From: Fabrice Durand via PacketFence-users <packetfence-users@lists.sourceforge.net> Sent: Thursday, 20 May 2021 4:11 AM To: packetfence-users@lists.sourceforge.net Cc: Fabrice Durand <oeufd...@gmail.com> Subject: Re: [PacketFence-users] MikroTik dot1x (Ethernet not WiFi) Hello David, I will be happy to review your PR once done. Btw i am always impressed by the Mikrotik features, it's like a network equipment switch knife. Last thing, if the deauth method is not the same between wifi and wired , you can add the function wiredeauthTechniques in the switch module. (https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Cisco/Catalyst_2960.pm#L450) Regards Fabrice Le mer. 19 mai 2021 à 22:04, David Herselman via PacketFence-users <packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>> a écrit : Hi Fabrice, Even better! 😊 Herewith my minimal modifications, I’ll submit a patch after doing some more testing but everything looks good so far: --- Mikrotik.pm.orig 2021-05-08 07:38:14.976719201 +0200 +++ /usr/local/pf/lib/pf/Switch/Mikrotik.pm 2021-05-19 23:05:18.489619568 +0200 @@ -29,6 +29,7 @@ $SSID $WIRELESS_MAC_AUTH $WEBAUTH_WIRELESS + $WIRELESS ); sub description { 'Mikrotik' } @@ -46,6 +47,8 @@ # CAPABILITIES # access technology supported use pf::SwitchSupports qw( + WiredMacAuth + WiredDot1x WirelessMacAuth ExternalPortal WebFormRegistration @@ -139,7 +142,8 @@ sub deauthTechniques { my ($self, $method, $connection_type) = @_; my $logger = $self->logger; - my $default = $SNMP::SSH; + my $default = $SNMP::RADIUS; my %tech = ( $SNMP::SSH => 'deauthenticateMacSSH', $SNMP::RADIUS => 'deauthenticateMacRadius', @@ -257,8 +261,8 @@ Don't forget to fill /usr/share/freeradius/dictionary.mikrotik with the following attributes: -ATTRIBUTE Mikrotik-Wireless-VlanID 26 integer -ATTRIBUTE Mikrotik-Wireless-VlanIDType 27 integer +ATTRIBUTE Mikrotik-Wireless-VLANID 26 integer +ATTRIBUTE Mikrotik-Wireless-VLANID-Type 27 integer =cut @@ -276,10 +280,18 @@ # Inline Vs. VLAN enforcement my $role = ""; if ( (!$args->{'wasInline'} || ($args->{'wasInline'} && $args->{'vlan'} != 0) ) && isenabled($self->{_VlanMap})) { - $radius_reply_ref = { - 'Mikrotik-Wireless-VLANID' => $args->{'vlan'} . "", - 'Mikrotik-Wireless-VLANID-Type' => "0", - }; + if (($args->{'connection_type'} & $WIRELESS) == $WIRELESS) { + $radius_reply_ref = { + 'Mikrotik-Wireless-VLANID' => $args->{'vlan'} . "", + 'Mikrotik-Wireless-VLANID-Type' => "0", + }; + } else { + $radius_reply_ref = { + 'Tunnel-Type' => "13", + 'Tunnel-Medium-Type' => "6", + 'Tunnel-Private-Group-ID' => $args->{'vlan'} . "", + }; + } } $logger->info("(".$self->{'_id'}.") Returning ACCEPT with VLAN $args->{'vlan'} and role $role"); PS: mac fallback is confirmed to be a problem since 6.48 and should get fixed in the next stable release… Regards David Herselman From: Fabrice Durand <oeufd...@gmail.com<mailto:oeufd...@gmail.com>> Sent: Wednesday, 19 May 2021 3:00 AM To: David Herselman <d...@syrex.co<mailto:d...@syrex.co>> Subject: Re: [PacketFence-users] MikroTik dot1x (Ethernet not WiFi) Hello David, what you can do instead of merging wired and wireless attributes is to test the connection type. use pf::config qw( $MAC $SSID $WIRELESS_MAC_AUTH $WEBAUTH_WIRELESS $WIRELESS ); .... if (($args->{'connection_type'} & $WIRELESS) == $WIRELESS) { } else { } Regards Fabrice _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users