I have a need to delete old nodes (expire.node=##) while using port-security (mode=VLAN). Currently this is not possible in VLAN mode. For a few reasons. 1) While using port-security the client always has an active network location 2) you can't delete an active node.
In order to get around this limitation I am toying with idea of using "Last DHCP" as the indicator for inactive clients. I had to remove the piece of code that will not let you delete the clients if there is an active location present. So far my testing has not shown any problems with doing this. Port-security and MAC de/auth is still working fine with the node deleted. I changed the node_cleanup() function to use a custom node_expire_lastdhcp($time) which is very similar to node_expire_lastarp($time). Again this seems to work just fine. One issue might be static clients, but I think I can get around this (although it is a bad hack), by just ignoring anything that does not have a Last DHCP timer. Granted it won't clean up the database automatically, but at least it won't delete our records. Can anyone tell me why either of these 2 changes are a bad idea or won't work? So far my proof-of-concept code is working as expected. Thanks, -- Jason E. Murray [email protected] http://www.zweck.net/ . ------------------------------------------------------------------------------ Storage Efficiency Calculator This modeling tool is based on patent-pending intellectual property that has been used successfully in hundreds of IBM storage optimization engage- ments, worldwide. Store less, Store more with what you own, Move data to the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/ _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
