Re: [PacketFence-users] Issue with PacketFence 12 and Cisco WLC
RESTRICTED HI Fabrice, Long time since I did anything with our PF server but we are having to upgrade from 6.5 and I am unsure how to code the override in WLC.pm. I have simply added a 'tweaked' copy of the 'extractSSIDFromCalledStationId' subroutine into the WLC.pm file assuming it will take precedence over the definition in Switch.pm but it does not appear to be working as we are still getting:- packetfence.log:Feb 28 10:33:48 packetfence httpd.aaa-docker-wrapper[4185393]: httpd.aaa(7) INFO: [mac:[undef]] Unable to extract MAC from Called-Station-Id: Tremough_HSE_0_MG29_AP1:ISETest (pf::radius::extractApMacFromRadiusRequest) packetfence.log:Feb 28 10:33:48 packetfence httpd.aaa-docker-wrapper[4185393]: httpd.aaa(7) INFO: [mac:ee:d5:c7:dc:8f:84] Unable to extract SSID of Called-Station-Id: Tremough_HSE_0_MG29_AP1:ISETest (pf::Switch::extractSSIDFromCalledStationId) packetfence.log:Feb 28 10:33:48 packetfence httpd.aaa-docker-wrapper[4185393]: httpd.aaa(7) WARN: [mac:ee:d5:c7:dc:8f:84] Unable to extract SSID for module pf::Switch::Cisco::WLC_5500. SSID-based VLAN assignments won't work. Please let us know so we can add support for it. (pf::Switch::extractSsid) In WLC.pm we now have:- . . . Snip . . . =item extractSSIDFromCalledStationId Parse the Called-Station-Id attribute sent by a Cisco WLC differently as it can be configured to send a non-standard string that can be anything rather than a formatted MAC Address followed by :SSID =cut sub extractSSIDFromCalledStationId { my ($self, $radius_request) = @_; # it's put in Called-Station-Id # ie: Called-Station-Id = "aa-bb-cc-dd-ee-ff:Secure SSID" or "aa:bb:cc:dd:ee:ff:Secure SSID" if (defined($radius_request->{'Called-Station-Id'})) { if ($radius_request->{'Called-Station-Id'} =~ /^ # below is MAC Address with supported separators: :, - or nothing # [a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2} .* : # : delimiter (.*) # SSID $/ix) { return $1; } else { my $logger = $self->logger; $logger->info("Unable to extract SSID of Called-Station-Id: ".$radius_request->{'Called-Station-Id'}); } } return undef; } I am not Perl expert so may be missing something here. Regards Andrew From: Fabrice Durand Sent: 28 February 2023 01:42 To: packetfence-users@lists.sourceforge.net Cc: Andrew Torry ; Angus Hibberd Subject: Re: [PacketFence-users] Issue with PacketFence 12 and Cisco WLC CAUTION: This email originated from outside of the organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe. Hello Andrew, since it's just cisco wlc related, then you can put this function in WLC.pm instead. What you can do is to open a PR on github with your change, we will review it and merge it in the code base. Regards Fabrice Le lun. 27 févr. 2023 à 16:14, Andrew Torry via PacketFence-users mailto:packetfence-users@lists.sourceforge.net>> a écrit : RESTRICTED Greetings fellow PF users, We have an issue that I was wondering if there is any chance of someone from the dev team to look at for me. The Cisco WLC provide for the transmission of the CalledStationID field of a RADIUS packet to be based on different formats:- [cid:image001.png@01D94B61.048E0EF0] In our specific case with a campus stretched out over a huge areas containing about 1300 AP's it is very useful to have the RADIUS logs refer to the NAME of an AP rather than simply it's MAC address. This works find with all our systems except PF. The code inside Switch.pm is hardwired to recognise XX:XX:XX:XX:XX:XX:SSID or :SSDI or XX-XX-XX-XX-XX-XX:SSID but rejects any other format (such as AP Name:SSID) above. This renders our WLC configuration incompatible with PF. There is a simple tweak to the code that we can perform by replacing the REGEXP in the code from:- sub extractSSIDFromCalledStationId { my ($self, $radius_request) = @_; # it's put in Called-Station-Id # ie: Called-Station-Id = "aa-bb-cc-dd-ee-ff:Secure SSID" or "aa:bb:cc:dd:ee:ff:Secure SSID" if (defined($radius_request->{'Called-Station-Id'})) { if ($radius_request->{'Called-Station-Id'} =~ /^ # below is MAC Address with supported separators: :, - or nothing [a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2} : # : delimiter (.*)
Re: [PacketFence-users] Issue with PacketFence 12 and Cisco WLC
Hello Andrew, since it's just cisco wlc related, then you can put this function in WLC.pm instead. What you can do is to open a PR on github with your change, we will review it and merge it in the code base. Regards Fabrice Le lun. 27 févr. 2023 à 16:14, Andrew Torry via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > RESTRICTED > > Greetings fellow PF users, > > > > We have an issue that I was wondering if there is any chance of someone > from the dev team to look at for me. > > > > The Cisco WLC provide for the transmission of the CalledStationID field of > a RADIUS packet to be based on different formats:- > > > > > > In our specific case with a campus stretched out over a huge areas > containing about 1300 AP’s it is very useful to have the RADIUS logs refer > to the NAME of an AP rather than simply it’s MAC address. > > > > This works find with all our systems except PF. > > > > The code inside Switch.pm is hardwired to recognise XX:XX:XX:XX:XX:XX:SSID > or :SSDI or XX-XX-XX-XX-XX-XX:SSID but rejects any other format > (such as AP Name:SSID) above. > > > > This renders our WLC configuration incompatible with PF. > > > > There is a simple tweak to the code that we can perform by replacing the > REGEXP in the code from:- > > > > sub extractSSIDFromCalledStationId { > > my ($self, $radius_request) = @_; > > # it's put in Called-Station-Id > > # ie: Called-Station-Id = "aa-bb-cc-dd-ee-ff:Secure SSID" or > "aa:bb:cc:dd:ee:ff:Secure SSID" > > if (defined($radius_request->{'Called-Station-Id'})) { > > if ($radius_request->{'Called-Station-Id'} =~ /^ > > # below is MAC Address with supported separators: :, - or > nothing > > > [a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2} > > : > > # > : delimiter > > > (.*) > # SSID > > $/ix) { > > return $1; > > } else { > > my $logger = $self->logger; > > $logger->info("Unable to extract SSID of Called-Station-Id: > ".$radius_request->{'Called-Station-Id'}); > > } > > } > > > > return undef; > > } > > > > To:- > > > > sub extractSSIDFromCalledStationId { > > my ($self, $radius_request) = @_; > > # it's put in Called-Station-Id > > # ie: Called-Station-Id = "aa-bb-cc-dd-ee-ff:Secure SSID" or > "aa:bb:cc:dd:ee:ff:Secure SSID" > > if (defined($radius_request->{'Called-Station-Id'})) { > > if ($radius_request->{'Called-Station-Id'} =~ /^ > > # below is MAC Address with supported separators: :, - or > nothing > > # > [a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2} > > .* > > : > # : delimiter > > > (.*) > # SSID > > $/ix) { > > return $1; > > } else { > > my $logger = $self->logger; > > $logger->info("Unable to extract SSID of Called-Station-Id: > ".$radius_request->{'Called-Station-Id'}); > > } > > } > > > > return undef; > > } > > > > But we are reluctant to modify CORE code as this will be lost at upgrades. > > > > What would be nice is to have some sort of ‘Called-Station-ID format > specifier’ included in the Configuration system. > > > > Andrew > > RESTRICTED > ___ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
[PacketFence-users] Issue with PacketFence 12 and Cisco WLC
RESTRICTED Greetings fellow PF users, We have an issue that I was wondering if there is any chance of someone from the dev team to look at for me. The Cisco WLC provide for the transmission of the CalledStationID field of a RADIUS packet to be based on different formats:- [cid:image003.png@01D94ACB.45CC1740] In our specific case with a campus stretched out over a huge areas containing about 1300 AP's it is very useful to have the RADIUS logs refer to the NAME of an AP rather than simply it's MAC address. This works find with all our systems except PF. The code inside Switch.pm is hardwired to recognise XX:XX:XX:XX:XX:XX:SSID or :SSDI or XX-XX-XX-XX-XX-XX:SSID but rejects any other format (such as AP Name:SSID) above. This renders our WLC configuration incompatible with PF. There is a simple tweak to the code that we can perform by replacing the REGEXP in the code from:- sub extractSSIDFromCalledStationId { my ($self, $radius_request) = @_; # it's put in Called-Station-Id # ie: Called-Station-Id = "aa-bb-cc-dd-ee-ff:Secure SSID" or "aa:bb:cc:dd:ee:ff:Secure SSID" if (defined($radius_request->{'Called-Station-Id'})) { if ($radius_request->{'Called-Station-Id'} =~ /^ # below is MAC Address with supported separators: :, - or nothing [a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2} : # : delimiter (.*) # SSID $/ix) { return $1; } else { my $logger = $self->logger; $logger->info("Unable to extract SSID of Called-Station-Id: ".$radius_request->{'Called-Station-Id'}); } } return undef; } To:- sub extractSSIDFromCalledStationId { my ($self, $radius_request) = @_; # it's put in Called-Station-Id # ie: Called-Station-Id = "aa-bb-cc-dd-ee-ff:Secure SSID" or "aa:bb:cc:dd:ee:ff:Secure SSID" if (defined($radius_request->{'Called-Station-Id'})) { if ($radius_request->{'Called-Station-Id'} =~ /^ # below is MAC Address with supported separators: :, - or nothing # [a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2}[-:]?[a-f0-9]{2} .* : # : delimiter (.*) # SSID $/ix) { return $1; } else { my $logger = $self->logger; $logger->info("Unable to extract SSID of Called-Station-Id: ".$radius_request->{'Called-Station-Id'}); } } return undef; } But we are reluctant to modify CORE code as this will be lost at upgrades. What would be nice is to have some sort of 'Called-Station-ID format specifier' included in the Configuration system. Andrew RESTRICTED ___ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users