From: Olivier B. <obi...@in...> - 2011-02-28 17:42:27
|
Hi Antonio, A quick re-post of François' last message: > I just spoke with our Meru contact, and he told me that the SSID is sent > when doing 802.1X. Since I do not have access to a Meru controller, can > you grab a capture of a 802.1X RADIUS request? It would be really appreciated. Thanks, On 22/02/11 4:02 PM, Manueco, Antonio wrote: > Nop, I don't see any SSID in the request. > > > > -----Original Message----- > From: Olivier Bilodeau [mailto:obi...@in...] > Sent: Tuesday, February 22, 2011 3:47 PM > To: pac...@li... > Subject: Re: [Packetfence-devel] Meru Feature Devel > > Hi, > >> I am sending you the Request from the controller for MAC Auth. >> >> MAC Auth: >> >> rad_recv: Access-Request packet from host 10.224.232.220 port 32769, id=229, length=182 >> Service-Type = Login-User >> Framed-MTU = 1250 >> User-Name = "00-11-22-33-44-55" >> User-Password = "00-11-22-33-44-55" >> Calling-Station-Id = "00-11-22-33-44-55" >> Called-Station-Id = "00-A0-A5-5F-42-1A" >> Connect-Info = "CONNECT Unknown Radio" >> NAS-IP-Address = 10.224.232.220 >> NAS-Port-Type = Wireless-802.11 >> NAS-Port = 0 >> Message-Authenticator = 0xd3eb20961c802bc6f8d777bf195d1715 > > Do you see your SSID in the request? I'm asking just in case it's > CONNECT or CONNECT Unknown Radio... > >> >> Let me know if I can help you with anything. >> > > First, lets try to see if there's not a VSA that isn't supported by > FreeRADIUS. Can you do a tcpdump / wireshark of the Request and check if > there is not a vendor specific attribute that we don't see in the > radiusd output. > > Then, on Cisco Aironet in stand-alone mode, we need to enable a CLI > parameter in order for it to send the SSID in a VSA. ex: > > radius-server vsa send authentication > > If all else fails, at this point if you _really_ need SSID > identification we could try to find an SNMP read query that could give > it to us based on the Called-Station-Id.. but again, we would need a > caching layer otherwise it would be ridiculous to do an SNMP read to the > controller for every incoming RADIUS request we get. > > Thanks for helping us! We don't have a Meru here anymore.. > -- Olivier Bilodeau obi...@in... :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) |