Re: [PacketFence-users] tagged VLANs, RFC 4675, Egress-VLANID

Wed, 08 May 2019 15:40:42 -0700 

Hello David,

can you try that:

    [mymachine1]
    filter = mac
    operator = is
    value = 07:3d:95:14:aa:ee

    [mac:mymachine1]
    scope = returnRadiusAccessAccept
    merge_answer = yes
    answer1 = Egress-VLANID => 0x31000190;0x32000064

Regards

Fabrice


Le 19-05-08 à 13 h 14, David Magda a écrit :

On Tue, May 7, 2019 22:29, Durand fabrice via PacketFence-users wrote:

Hello David,

for that you can use the radius filter to add on the fly the additional
attribute.

[mac]
filter = mac
operator = is
value = 00:11:22:33:44:55

[1:mac]
scope = returnRadiusAccessAccept
merge_answer = yes
answer1 = Egress-VLANID => 22

If the mac is 00:11:22:33:44:55 then add Egress-VLANID = 22 attribute in
the reply.

I created the following at the end of pf/conf/radius_filters.conf:

        [mymachine1]
        filter = mac
        operator = is
        value = 07:3d:95:14:aa:ee

        [mac:mymachine1]
        scope = returnRadiusAccessAccept
        merge_answer = yes
        answer1 = Egress-VLANID => 0x31000190
        answer2 = Egress-VLANID => 0x32000064

It only seems to be returning one result:

         Reply-Message = "Request processed by PacketFence"
         Tunnel-Type:0 = VLAN
         Tunnel-Private-Group-Id:0 = "100"
         Egress-VLANID = 838860900
         Tunnel-Medium-Type:0 = IEEE-802

Only the last entry is sent back? If I then add a third entry:

        answer3 = Egress-VLANID => 0x32000065

I get back

        Egress-VLANID = 838860901



For changes to take effect, it looks like I need to restart httpd.aaa, but
when I do so from the web UI, I get DB connection errors:

        May  8 11:41:15 pf1 packetfence: INFO pfcmd.pl(13907): Connecting to
MySQL database (pfconfig::backend::mysql::_get_db)
        May  8 11:41:15 pf1 packetfence: ERROR pfcmd.pl(13907): Can't get any
result from DB while trying to check for database schema version
(pf::version::version_check_db)
        May  8 11:41:16 pf1 packetfence: INFO pfcmd.pl(13907): Preprocessing
filter condition 'mymachine'
(pf::config::builder::scoped_filter_engines::preprocessCondition)
        May  8 11:41:16 pf1 packetfence: INFO pfcmd.pl(13907): Processing rule
'mac:mymachine'
(pf::config::builder::scoped_filter_engines::preprocessRule)






_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to