Hi Fabrice, Sorry for coming back to you on this issue so late, I got caught up in other things unfortunately.
So I re-used the Cisco's Catalyst_2960.pm sub returnRadiusAccessAccept in Pica8.pm to allow downloadable ACLs. I only replaced Cisco-AVPair with Pica8-AVPair. When I used Cisco-AVPair, I can see the access-list in radius reply on the Auditing tab but I dont see the access-list sent when I change it to Pica8-AVPair. Not sure where it is dropped. I see in the log (Packetfence.log) that access list added to radius reply but somehow gets lost. All I get at the switch is a simple Access-Accept with no other VSA's. Works fine for Cisco VSA though. Can you please point me to where I should be looking at to fix this. Thanks you Ali On Wed, Sep 4, 2019 at 9:37 PM Fabrice Durand via PacketFence-users < [email protected]> wrote: > Hello Ali, > > in fact when you authenticate with 802.1x you authenticate the user and > not the device. > > So if you associate the user to a role then the role to an acl it mean > user = ACL. > > Also i checked the code of the module and it looks that it doesn't support > dynamic ACL. Btw it looks to use the same kind of attributes than a cisco > switch. > > So the support of dynamic acl should be trivial. > > Regards > > Fabrice > > > > Le 19-09-04 à 06 h 57, Amjad Ali via PacketFence-users a écrit : > > Hello there, > > We are working on a use case where downloadable and dynamic ACLs are used > as separate features independent of web authentication. > > The use case is simple, lets say we have an 802.1X user and I want to > associate a dynamic or downloadable ACL with it when the authentication > passes. > > Our switch (Pica8) supports both dynamic and downloadable ACL's, I just > need to know how we can deliver those ACLs with Access-Accept for both > 802.1X and MAB. > > I checked the device admin guide, the Role Mapping by Access List, but its > on a per device assignment, we want a per user assignment. > > Any suggestions would be very well appreciated. > > Thanks > Ali > > > > > _______________________________________________ > PacketFence-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- > Fabrice [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Amjad Ali
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
