And Firewall SSO doesn't send updates for V6 addresses..... :(
On Mon, Sep 25, 2017 at 3:29 PM, Tim DeNike <[email protected]> wrote:
> PS: This doesn't solve the potential issue of the # of active IPv6
> addresses a device could potentially have on 1 interface.
>
> 1. Link Local
> 2. SLAAC temporary address
> 3. SLAAC address
> 4. DHCPv6 address
> 5. DHCPv6 PD Prefix
>
> The only issue that would affect my network is on the wireless side with
> multiple SLAAC addresses. We can't use DHCPv6 there because of Android
> problems.
>
>
>
> On Mon, Sep 25, 2017 at 2:57 PM, Tim DeNike <[email protected]> wrote:
>
>> Finally getting around to 7.2 upgrade and testing IPv6 functionality.
>> Couple issues.
>>
>> #1. Our switches send multiple Framed-IPv6-Address values in a single
>> accounting packet. Needed to keep the value of Framed-IPv6-Address from
>> API into an array and break it down in handle_accounting_metadata.
>> #2. IPlog from accounting packets wasn't working at all because it was
>> set to == when it should have been != in api.pm
>> #3. IPlog from accounting packets wasn't set to function on IP6
>> addresses.
>> #4. pf/util/dictionary is missing:
>> ATTRIBUTE Framed-IPv6-Address 168 ipv6addr
>> ATTRIBUTE Framed-IPv6-Prefix 97 ipv6prefix #Could
>> be used in future
>>
>> The following diffs against 7.2 appear to function properly in my lab.
>>
>> lib/pf/radius/rest.pm
>> 70,71c70
>> < $_ =~ /Framed-IPv6-Address/ ? ($_ => $request->{$_}->{value}) :
>> ($_ => $request->{$_}->{value}->[0]);
>> < # $_ => $request->{$_}->{value}->[0];
>> ---
>> > $_ => $request->{$_}->{value}->[0];
>>
>>
>> lib/pf/api.pm
>> 1349c1349
>> < if ($RAD_REQUEST{'Acct-Status-Type'} != $ACCOUNTING::STOP){
>> ---
>> > if ($RAD_REQUEST{'Acct-Status-Type'} == $ACCOUNTING::STOP){
>> 1352,1361c1352,1353
>> < if ($RAD_REQUEST{'Framed-IP-Address'} ) {
>> < $logger->info("Updating ip4log from accounting request
>> wit $RAD_REQUEST{'Framed-IP-Address'}");
>> < $client->notify("update_ip4log", mac => $mac, ip =>
>> $RAD_REQUEST{'Framed-IP-Address'});
>> < }
>> < if ( $RAD_REQUEST{'Framed-IPv6-Address'} ) {
>> < foreach my $ip6addr (
>> @{$RAD_REQUEST{'Framed-IPv6-Address'}}
>> ) {
>> < $logger->info("Updating ip6log froun accounting
>> $ip6addr");
>> < $client->notify("update_ip6log", mac => $mac, ip =>
>> $ip6addr) if ($ip6addr !~ m/^fe80.*/ );
>> < }
>> < }
>> ---
>> > $logger->info("Updating iplog from accounting request");
>> > $client->notify("update_ip4log", mac => $mac, ip =>
>> $RAD_REQUEST{'Framed-IP-Address'}) if ($RAD_REQUEST{'Framed-IP-Address'}
>> );
>>
>>
>>
>>
>>
>> Tim - MCC
>>
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
