PacketFence
Bug Tracking System

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001842PacketFencehardware modulespublic2014-11-04 11:472015-03-04 11:28
Reporterae3 
Assigned Tolmunro 
PrioritynormalSeverityminorReproducibilityalways
StatusacknowledgedResolutionopen 
PlatformAllOSAllOS VersionAll
Product Version4.5.0 
Target VersionFixed in Version 
Summary0001842: Implement RADIUS de-authentication for Meru Wireless Controllers
DescriptionPer a post to the PF-users list by Tim DeNike on 6 March 2014, Meru has added RADIUS de-auth to their firmware starting with System Director 5.3.x. He even posted sample code to use the feature, which I can't use since the directory structure appears to have changed with PF 4.5. Long story short, the existing module keeps telling us to pressure the vendor to implement RADUIS de-auth. We have done our part. Tag, you're it... :-)
Additional InformationTim's email to packetfence-users:

Date: March 6, 2014 at 10:20:46 AM EST
From: Tim DeNike <tim.denike@mcc.edu>
To: "packetfence-users@lists.sourceforge.net" <packetfence-users@lists.sourceforge.net>
Subject: Re: [PacketFence-users] Per SSID VLAN - Meru Networks
Reply-To: <packetfence-users@lists.sourceforge.net>

Actually, looking through the code, no patch will be required for MAC-based SSID evaluation, its already there and should work (It already does with 802.1x)

We are on SD 5.3.xyz right now and RADIUS deauth does work.

Drop this in a file called /usr/local/pf/lib/pf/SNMP/Meru/MC_MCC.pm

Minus the cut lines obviously. In switch config, you'll have the option for Meru MC_MCC. It will do radius de-auths instead of the Telnet/SSH method. Much faster, much lighter weight.


^^^^^^^^^^^^^CUT^^^^^^^^^^^

package pf::SNMP::Meru::MC_MCC;

=head1 NAME

pf::SNMP::Meru::MC_MCC - Object oriented module to access MC series controllers

=head1 SYNOPSIS

Known to work with RADIUS deauth on System Director 5.3

=head1 STATUS

=cut

use strict;
use warnings;
use Log::Log4perl;

use base ('pf::SNMP::Meru');

sub description { 'Meru MC_MCC' }

sub deauthTechniques {
    my ($this, $method) = @_;
    my $logger = Log::Log4perl::get_logger( ref($this) );
    my $default = $SNMP::RADIUS;
    my %tech = (
        $SNMP::RADIUS => \&deauthenticateMacRadius,
    );

    if (!defined($method) || !defined($tech{$method})) {
        $method = $default;
    }
    return $method,$tech{$method};
}
sub deauthenticateMacRadius {
    my ( $self, $mac, $is_dot1x ) = @_;
    my $logger = Log::Log4perl::get_logger( ref($self) );

    if ( !$self->isProductionMode() ) {
        $logger->info("not in production mode... we won't perform deauthentication");
        return 1;
    }

    $logger->debug("deauthenticate $mac using RADIUS Disconnect-Request deauth method");
    return $self->radiusDisconnect($mac);
}
=head1 AUTHOR

Tim DeNike <tim.denike@mcc.edu>

=cut

1;


^^^^^^^^^^^^^CUT^^^^^^^^^^^
TagsNo tags attached.
fixed in git revision
fixed in mtn revision
Attached Files

- Relationships

-  Notes
(0003967)
lmunro (administrator)
2015-03-04 11:28

Will look into it.
There may now be an even easier way to do this than Tim's code.

- Issue History
Date Modified Username Field Change
2014-11-04 11:47 ae3 New Issue
2015-03-04 11:27 lmunro Assigned To => lmunro
2015-03-04 11:27 lmunro Status new => assigned
2015-03-04 11:28 lmunro Note Added: 0003967
2015-03-04 11:28 lmunro Status assigned => acknowledged


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker