[PacketFence-users] 答复: how to deploy acl via radius attribute 26?

Fri, 30 Aug 2024 10:57:54 -0700 

Yes, I can do the testing.
One more question, if code is working, will this patch available in 11.2?


发件人: Fabrice Durand via PacketFence-users 
<packetfence-users@lists.sourceforge.net>
发送时间: 2024年8月28日 21:23
收件人: packetfence-users@lists.sourceforge.net
抄送: Fabrice Durand <oeufd...@gmail.com>
主题: Re: [PacketFence-users] how to deploy acl via radius attribute 26?

Hello Joel,

in fact it's not yet implemented in the code.

If I do the code , can you test it ? (then it will be part of the code base of 
PacketFence).

Regards
Fabrice


Le mer. 28 août 2024 à 08:37, 平嘉伟 via PacketFence-users 
<packetfence-users@lists.sourceforge.net<mailto:packetfence-users@lists.sourceforge.net>>
 a écrit :
Hi folks!
         I have a pf 13.2 installation for wired 802.1x authentication with 
Huawei 57xx switches.
         Test-pc: win10
         Test-switch-model: Huawei S5720
         Test-switch-vrp-verion: V200R011C10SPC600
         802.1x authentication and role based vlan assignment working perfectly.

         Now here is the thing:
         I define an acl in [switch-group]-[roles]-[OA-MACHINE]-[access-list] 
for testing.
         The acl is pretty simple and has been tested with Huawei switch:
         acl 10001 deny dst-port 3389
         meaning: deny if tcp destination port is 3389
         after test-machine passed authentication , got correct 
role[OA-MACHINE] , the radius reply is:
[cid:image002.jpg@01DAF9F1.44433260]
         BUT, there is no ACL info in reply!
         After digging, I found radius-filter which is capable to send acl by 
using radius attribute 26-82 [Huawei data-filter], but it is hard to use.
         On the other hand, [access-list] of [switch-group]-[roles] is much 
more user-friendly.
         So, my question is:
how to make pf send acl which is predefined in [switch-group]-[roles]-[SOME 
ROLE]-[access-list] to Huawei switch using radius attribute 26-82[Huawei 
data-filter]?

         Any advice is appreciated.

         Joel.

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to