We recently (two days before freshmen arrived, brilliant) added a second Aruba
wireless controller (6.2.x), configured master/local. Previously they were an
active/passive failover pair, but we now have more radios than licenses, so we
dropped the redundancy.
DeAuth is not working for clients on the second controller. PacketFence (3.4.x)
is sending DeAuth packets to the aruba-master interface, which returns
Disconnect-NAK: Session-Context-Not-Found. I observe that accounting packets
sent by the secondary local controller include the aruba-master inferface in
the NAS-IP-Address field. Is this how PacketFence knows where to send the
DeAuth?
I have "solved" the problem by hacking at SNMP.pm's radiusDisconnect() to retry
the secondary controller's IP address if the primary returns NAK. This "works,"
but surely there's a better way.
Is the Aruba master controller (ArubaOS 6.2.x) supposed to accept and forward
DeAuth requests for its locals? Currently it's not. Should the local be sending
its own address in the NAS-IP-Address field? How would I configure that? Or
should PacketFence consult some mysterious oracle to know whether to send
DeAuths to the master or the local?
--
Rich Graves http://claimid.com/rcgraves
Carleton.edu Sr UNIX and Security Admin
------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13.
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
