Hi folks!
I have a pf 13.2 installation for wired 802.1x authentication with
Huawei 57xx switches.
Test-pc: win10
Test-switch-model: Huawei S5720
Test-switch-vrp-verion: V200R011C10SPC600
802.1x authentication and role based vlan assignment working perfectly.
Now here is the thing:
I define an acl in [switch-group]-[roles]-[OA-MACHINE]-[access-list]
for testing.
The acl is pretty simple and has been tested with Huawei switch:
acl 10001 deny dst-port 3389
meaning: deny if tcp destination port is 3389
after test-machine passed authentication , got correct
role[OA-MACHINE] , the radius reply is:
[cid:image001.jpg@01DAF95A.B2251B00]
BUT, there is no ACL info in reply!
After digging, I found radius-filter which is capable to send acl by
using radius attribute 26-82 [Huawei data-filter], but it is hard to use.
On the other hand, [access-list] of [switch-group]-[roles] is much
more user-friendly.
So, my question is:
how to make pf send acl which is predefined in [switch-group]-[roles]-[SOME
ROLE]-[access-list] to Huawei switch using radius attribute 26-82[Huawei
data-filter]?
Any advice is appreciated.
Joel.
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
