Re: [Packetfence-devel] Meru Feature Devel

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi Antonio,

A quick re-post of François' last message:

> I just spoke with our Meru contact, and he told me that the SSID is sent
> when doing 802.1X.  Since I do not have access to a Meru controller, can
> you grab a capture of a 802.1X RADIUS request?

It would be really appreciated.

Thanks,

On 22/02/11 4:02 PM, Manueco, Antonio wrote:
> Nop, I don't see any SSID in the request.
>
>
>
> -----Original Message-----
> From: Olivier Bilodeau [mailto:obi...@in...]
> Sent: Tuesday, February 22, 2011 3:47 PM
> To: pac...@li...
> Subject: Re: [Packetfence-devel] Meru Feature Devel
>
> Hi,
>
>> I am sending you the Request from the controller for MAC Auth.
>>
>> MAC Auth:
>>
>> rad_recv: Access-Request packet from host 10.224.232.220 port 32769, id=229, length=182
>> 	Service-Type = Login-User
>> 	Framed-MTU = 1250
>> 	User-Name = "00-11-22-33-44-55"
>> 	User-Password = "00-11-22-33-44-55"
>> 	Calling-Station-Id = "00-11-22-33-44-55"
>> 	Called-Station-Id = "00-A0-A5-5F-42-1A"
>> 	Connect-Info = "CONNECT Unknown Radio"
>> 	NAS-IP-Address = 10.224.232.220
>> 	NAS-Port-Type = Wireless-802.11
>> 	NAS-Port = 0
>> 	Message-Authenticator = 0xd3eb20961c802bc6f8d777bf195d1715
>
> Do you see your SSID in the request? I'm asking just in case it's
> CONNECT or CONNECT Unknown Radio...
>
>>
>> Let me know if I can help you with anything.
>>
>
> First, lets try to see if there's not a VSA that isn't supported by
> FreeRADIUS. Can you do a tcpdump / wireshark of the Request and check if
> there is not a vendor specific attribute that we don't see in the
> radiusd output.
>
> Then, on Cisco Aironet in stand-alone mode, we need to enable a CLI
> parameter in order for it to send the SSID in a VSA. ex:
>   >  radius-server vsa send authentication
>
> If all else fails, at this point if you _really_ need SSID
> identification we could try to find an SNMP read query that could give
> it to us based on the Called-Station-Id.. but again, we would need a
> caching layer otherwise it would be ridiculous to do an SNMP read to the
> controller for every incoming RADIUS request we get.
>
> Thanks for helping us! We don't have a Meru here anymore..
>

-- 
Olivier Bilodeau
obi...@in...  ::  +1.514.447.4918 *115  ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence 
(www.packetfence.org)