Hi there,
I'm currently planning to use PacketFence to manage my wired networks.
I'm using Cisco 3560G and 4510-E. PacketFence works well with the first, but
fails with the last because there is no way to reliably map Nas port to
IfIndex. The mapping depends on the physical configuration of the switch (line
cards, number of sups, number of ports on sups, etc).
One way to overcome the problem is to use CoA instead. I already tried to send
CoA on my own, and I can confirm the switch supports it and works great. There
is no need for IfIndex or NasPort, I can target session id, or mac address.
So, I wonder if I can make PacketFence send CoA also for this switches.
The CoA should have the following information:
Cisco:Avpair="subscriber:command=reauthenticate <- Will send EAP-Start to
host
Calling-Station-ID
= <MAC Address of host>
OR
Cisco:Avpair="subscriber:command=bounce-host-port"
<- Will shutdown the port for some seconds
Calling-Station-ID
= <MAC Address of host>
Example:
/bin/echo
"Calling-Station-Id="00-55-44-33-22-11",cisco-avpair=\"subscriber:command=reauthenticate\""
| /usr/bin/radclient -x 192.168.1.1:1700 coa useStrongSecret
Does anyone has some guidance?
Thanks.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
