Hello Fabrice,Thanks for your support.I did some tests with the patched
Meru.pm file.Unfortunately there are some errors on the packetfence log and the
disconnection didn't work. It's my fault, the partially working module wasn't
Aruba but Fortigate Firewall, probably because Meru now is a Fortinet
company.Except for the message:
PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(670) INFO:
[mac:44:03:2c:e0:d5:35] External portal enforcement either not supported '1' or
not configured 'N' on network equipment '192.168.70.80'
(pf::Switch::externalPortalEnforcement)
The external portal enforcement is not selected in the switch configuration
For your information I report below the notes about of the Meru-Fortinet
controller with 8.3.3 software version.Hope it helps
• Controller listens to COA messages on UDP port 3799• User sessions in a COA
messages can be identified using MAC-address and/or username.• Disconnect or
CoA requests can be sent from any configured RADIUS server in the controller.•
CoA requests on UDP 1700, to enable Cisco ISE Interoperability.• For Disconnect
Message, only station mac-address is required. When disconnected, theclient is
completely disconnected from the network and its session data, 1x, PMK Cache
isalso cleared. In case of captive portal session, session aging timer is also
cleared. After adisconnect, the client must be go through complete
authentication sequence to reconnect.258 RADIUS Authentication• While sending a
CoA message, only the change of Filter-ID is supported.• RADIUS based filter-ID
and CoA for filter-ID change for MAC authenticated (RADIUS) clients is
supported.
Erwin
Il venerdì 1 marzo 2019, 01:16:13 CET, Durand fabrice via PacketFence-users
<[email protected]> ha scritto:
Here we go:
cd /usr/local/pf
curl https://github.com/inverse-inc/packetfence/compare/feature/meru_coa.diff |
patch -p1
then restart packetfence
Regards
Fabrice
Le 19-02-28 à 18 h 42, Durand fabrice via PacketFence-users a écrit :
Hello Erwin,
i will provide you a patch to test.
Regards
Fabrice
Le 19-02-28 à 17 h 47, Erwin via PacketFence-users a écrit :
Hello, I would like to know if is possible to try to use the MERU:MC module
with COA. From 8.3.3 version, it is supported in Meru controllers, as reported
in the release note.
But at the moment, the de-authentication is still only via CLI. I tried to
use COA using others equipment modules, like Aruba, an it works as expected.
Also the Meru PMK Caching issue seems solved in this way.
Thanks Erwin
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
