PacketFence - BTS - PacketFence | ||||||||||
| View Issue Details | ||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |||||
| 0001174 | PacketFence | hardware modules | public | 2011-02-03 15:22 | 2015-02-13 15:26 | |||||
| Reporter | obilodeau | |||||||||
| Assigned To | obilodeau | |||||||||
| Priority | normal | Severity | feature | Reproducibility | N/A | |||||
| Status | closed | Resolution | open | |||||||
| Platform | OS | OS Version | ||||||||
| Product Version | ||||||||||
| Target Version | Fixed in Version | |||||||||
| fixed in git revision | ||||||||||
| fixed in mtn revision | ||||||||||
| Summary | 0001174: isDot1xEnabled() a la isPortSecurityEnabled() | |||||||||
| Description | Based on some findings made in 0001128, if a user forgets to disable security and/or link traps to PacketFence it will try to act based on them. We need a wrapper like isPortSecurityEnabled() to be called and verify if dot1x or MAC Auth hasn't been enabled too in which case they take precedence and we do not act on the trap. Also, we might take this as an opportunity to refactor that code to be cleaner and less "all in one big ass method". Hint of MIBs to look at:
dot1xPaeSystemAuthControl OBJECT-TYPE
SYNTAX INTEGER { enabled(1), disabled(2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The administrative enable/disable state for
Port Access Control in a System."
dot1xPaePortCapabilities OBJECT-TYPE
SYNTAX BITS {
dot1xPaePortAuthCapable(0),
-- Authenticator functions are supported
dot1xPaePortSuppCapable(1)
-- Supplicant functions are supported
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the PAE functionality that this Port
supports and that may be managed through this MIB."
| |||||||||
| Steps To Reproduce | ||||||||||
| Additional Information | - 802.1X is activated and we receive a security or a up/down trap. What happens? ** PF is setting the port to the MAC Detection VLAN, and tries to get the MAC address on the ifIndex, but fails : Jan 18 11:19:26 pfsetvlan(1) INFO: up trap received on 10.0.0.2 ifIndex 10004 (main::handleTrap) Jan 18 11:19:26 pfsetvlan(1) INFO: setting 10.0.0.2 port 10004 to MAC detection VLAN (main::handleTrap) Jan 18 11:21:33 pfsetvlan(5) WARN: couldn't get MAC at ifIndex 10004. This is a problem. (pf::SNMP::_getMacAtIfIndex) Jan 18 11:21:33 pfsetvlan(5) WARN: Tried to grab MAC address at ifIndex 10004 on switch 10.0.0.2 30 times and failed (main::handleTrap) Jan 18 11:21:33 pfsetvlan(5) INFO: cannot find MAC (maybe we found a VoIP, but they don't count here). Do nothing (main::handleTrap) Jan 18 11:21:33 pfsetvlan(5) INFO: finished (main::cleanupAfterThread) | |||||||||
| Tags | No tags attached. | |||||||||
| Relationships |
| |||||||||
| Attached Files | ||||||||||
| Issue History | ||||||||||
| Date Modified | Username | Field | Change | |||||||
| 2011-02-03 15:22 | obilodeau | New Issue | ||||||||
| 2011-02-03 15:22 | obilodeau | Status | new => assigned | |||||||
| 2011-02-03 15:22 | obilodeau | Assigned To | => obilodeau | |||||||
| 2011-02-03 15:22 | obilodeau | Relationship added | related to 0001128 | |||||||
| 2011-03-03 15:19 | obilodeau | Target Version | 2.0.2 => +1 | |||||||
| 2015-02-13 15:26 | lmunro | Note Added: 0003733 | ||||||||
| 2015-02-13 15:26 | lmunro | Status | assigned => closed | |||||||
| Notes | |||||
|
|
|||||
|
|
||||