RESTRICTED
Greetings fellow PF users,
We have an issue that I was wondering if there is any chance of someone from
the dev team to look at for me.
The Cisco WLC provide for the transmission of the CalledStationID field of a
RADIUS packet to be based on different formats:-
[cid:image003.png@01D94ACB.45CC1740]
In our specific case with a campus stretched out over a huge areas containing
about 1300 AP's it is very useful to have the RADIUS logs refer to the NAME of
an AP rather than simply it's MAC address.
This works find with all our systems except PF.
The code inside Switch.pm is hardwired to recognise XX:XX:XX:XX:XX:XX:SSID or
XXXXXXXXXXXX:SSDI or XX-XX-XX-XX-XX-XX:SSID but rejects any other format (such
as AP Name:SSID) above.
This renders our WLC configuration incompatible with PF.
There is a simple tweak to the code that we can perform by replacing the REGEXP
in the code from:-
sub extractSSIDFromCalledStationId {
my ($self, $radius_request) = @_;
# it's put in Called-Station-Id
# ie: Called-Station-Id = "aa-bb-cc-dd-ee-ff:Secure SSID" or
"aa:bb:cc:dd:ee:ff:Secure SSID"
if (defined($radius_request->{'Called-Station-Id'})) {
if ($radius_request->{'Called-Station-Id'} =~ /^
# below is MAC Address with supported separators: :, - or nothing
[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}
:
# : delimiter
(.*)
# SSID
$/ix) {
return $1;
} else {
my $logger = $self->logger;
$logger->info("Unable to extract SSID of Called-Station-Id:
".$radius_request->{'Called-Station-Id'});
}
}
return undef;
}
To:-
sub extractSSIDFromCalledStationId {
my ($self, $radius_request) = @_;
# it's put in Called-Station-Id
# ie: Called-Station-Id = "aa-bb-cc-dd-ee-ff:Secure SSID" or
"aa:bb:cc:dd:ee:ff:Secure SSID"
if (defined($radius_request->{'Called-Station-Id'})) {
if ($radius_request->{'Called-Station-Id'} =~ /^
# below is MAC Address with supported separators: :, - or nothing
#
[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}
.*
:
# : delimiter
(.*)
# SSID
$/ix) {
return $1;
} else {
my $logger = $self->logger;
$logger->info("Unable to extract SSID of Called-Station-Id:
".$radius_request->{'Called-Station-Id'});
}
}
return undef;
}
But we are reluctant to modify CORE code as this will be lost at upgrades.
What would be nice is to have some sort of 'Called-Station-ID format specifier'
included in the Configuration system.
Andrew
RESTRICTED
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
