I've also noticed the nas-py.yml file in doesn't have the command to
de-associate the mac
which is "no station xx:xx:xx:xx:xx:xx"
0000default : {}
MeruOS :
prompt : '/[\/a-zA-Z0-9._-]+(\([0-9]+\))? ?(?:\(config[^)]*\))? ?[#>] ?$/'
basic_prompt : '/> ?$/'
privileged_prompt : '/# ?$/'
configure_prompt : '/\(config[^)]*\)# ?$/'
user_prompt : '/(?:[Ll]ogin|[Uu]sername)/'
userpass_prompt : '/(?:[Ll]ogin|[Uu]sername|[Pp]assword): ?$/'
pass_prompt : '/[Pp]assword: ?$/'
begin_configure_cmd : 'configure terminal'
end_configure_cmd : 'end'
begin_privileged_cmd : 'enable'
begin_privileged_with_user_cmd : 'login'
end_privileged_cmd : 'exit'
disconnect : 'exit'
completion : '?'
err_string : '/ ?(?:Error|Type "[^?]+\?"|(?:Incomplete|Unknown) command|Invalid
input|The entry)/'
paging_cmd : 'terminal length'
to de-associate on the meru you have to login, then "configure terminal" then
issue no station "mac"
or is that configured elsewhere I cannot see ?
mind you Packetfence isn't getting that far it's not even trying to login, one
step at a time eh ?
Derek
From: "packetfence-users" <packetfence-users@lists.sourceforge.net>
To: "packetfence-users" <packetfence-users@lists.sourceforge.net>
Cc: "Durand fabrice" <fdur...@inverse.ca>
Sent: Friday, 16 February, 2018 03:02:55
Subject: Re: [PacketFence-users] Meru 3200 & packetfence 7.4 ssh & telnet not
working
Hello Derek,
it looks that the per library has been updated and is not still compatible with
the packetfence code.
You can try to use the Transport and personality parameter when it use
Net::Appliance::Session there
https://github.com/inverse-inc/packetfence/blob/devel/lib/pf/Switch/Meru.pm#L158
.
http://search.cpan.org/~oliver/Net-Appliance-Session-4.300001/lib/Net/Appliance/Session.pm
Regards
Fabrice
Le 2018-02-13 à 14:34, Derek Brabrook via PacketFence-users a écrit :
We run a Meru 3200 controller (software Version 5.1-75), I have Packetfence
(7.4) running from
an ESXi VM on a trunked connection on a Debian Jessie flavour of linux and
everything seems to be working.
except for de-association via telnet or ssh on the Meru, every time it attempts
to de-associate via telnet or ssh
it throws this in
/usr/local/pf/logs/packetfence.log
Feb 10 17:15:58 packet pfqueue: pfqueue(14065) INFO: [mac:d0:df:9a:66:af:d4]
[d0:df:9a:66:af:d4] DesAssociating mac on switch (10.11.60.2)
(pf::api::desAssociate)
Feb 10 17:15:58 packet pfqueue: pfqueue(14065) ERROR: [mac:d0:df:9a:66:af:d4]
Unable to connect to 10.11.60.2 using SSH. Failed with Missing required
arguments: personality, transport at (eval 1979) line 75.
(pf::Switch::Meru::deauthenticateMacDefault)
or
Feb 8 16:11:12 packet pfqueue: pfqueue(7868) ERROR: [mac:d0:df:9a:66:af:d4]
Unable to connect to 10.11.60.2 using Telnet.
Failed with Missing required arguments: personality, transport at (eval 2035)
line 75.
I've tried all combinations in the Switches settings from SNMP to Telnet and
SSH ....I've even logged into the packetfence server
su'd to the packetfence user and initiated an SSH connection to the Meru to
accept the keys, but always the same error in packetfence.log
functionally it works if you connect to the wifi then register on the portal,
then turn off your wifi, turn back on and connect to the same SSID
it puts you in the right VLAN and everything works as it should, it just won't
de-associate on the Meru with ssh or telnet.....
I'm aware of the PMK caching issues, our version allows you to turn off PMK
caching, and I'm aware that Meru doesn't pass the SSID with the radius
request on an open wifi and only supports CLI de-association via telnet or SSH,
but I've run out of steam on this one I cannot see how I can get it to
de-associate
if it won't connect to the Meru CLI.
the user I've created on the Meru has level 15 access so it doesn't need
elevated privs on the meru but it never gets that far
switches.conf
[10.11.60.2]
registrationVlan=10
defaultVlan=40
isolationVlan=20
description=Meru
radiusSecret=redacted
deauthMethod=Telnet
cliUser=pf
cliPwd=redacted
cliEnablePwd=redacted
guestVlan=248
VoIPLLDPDetect=N
controllerIp=10.11.60.2
cliAccess=Y
VoIPCDPDetect=N
ExternalPortalEnforcement=Y
VoIPDHCPDetect=N
macDetectionVlan=232
type=Meru::MC
Am I missing something glaringly obvious here ? Any help appreciated
Regards
Derek
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Derek Brabrook
Technegydd TG | IT Technician
01267 245326
Ysgol Uwchradd Y Frenhines Elisabeth | Queen Elizabeth High School
Heol Llansteffan, Tre Ioan, Caerfyrddin, SA31 3NL | Llanstephan Road,
Johnstown,
Carmarthen, SA31 3NL
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users