pf::Switch::Cisco::WLC - Object oriented module to parse SNMP traps and manage Cisco Wireless Controllers (WLC) and Wireless Service Modules (WiSM)
Developed and tested on firmware version 4.2.130 altought the new RADIUS RFC3576 support requires firmware v5 and later.
Issue with Windows 7: 802.1x+WPA2. It's not a PacketFence issue.
We had intermittent issues with DHCP. Disabling DHCP Proxy resolved it. Not a PacketFence issue.
SNMP deassociation is not working in WPA2. It only works if using an Open (unencrypted) SSID.
NOTE: This is no longer relevant since we rely on RADIUS Disconnect by default now.
SNMP de-authentication no longer works. It it believed to be caused by the new firmware not accepting SNMP requests with 2 bytes request-id. Doing the same SNMP set with `snmpset` command issues a 4 bytes request-id and the controllers are happy with these. Not a PacketFence issue. I would think it relates to the following open caveats CSCtw87226: http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7_2.html#wp934687
NOTE: This is no longer relevant since we rely on RADIUS Disconnect by default now.
Access Points in Hybrid Remote Edge Access Point (H-REAP) mode, now known as FlexConnect, don't support RADIUS dynamic VLAN assignments (AAA override).
Customer specific work-arounds are possible. For example: per-SSID registration, auto-registration, etc. The goal being that only one VLAN is ever 'assigned' and that is the local VLAN set on the AP for the SSID.
Update: FlexConnect AAA Override support was introduced in firmware 7.2 series
There's an issue with this firmware regarding the AAA Override functionality required by PacketFence. The issue is fixed in 7.2.104.16 which is not released as the time of this writing.
The workaround mentioned by Cisco is to downgrade to 7.0.230.0 but it doesn't support the FlexConnect AAA Override feature...
So you can use 7.2.103.0 with PacketFence but not in FlexConnect mode.
Caveat CSCty44701
De-authenticate a MAC address from wireless network (including 802.1x).
New implementation using RADIUS Disconnect-Request.
deauthenticate a MAC address from wireless network (including 802.1x)
This implementation is deprecated since RADIUS Disconnect-Request (aka RFC3576 aka CoA) is better and also it no longer worked with firmware 7.2 and up. See "BUGS AND LIMITATIONS" for details.
What RADIUS Attribute (usually VSA) should the role returned into.
Return the reference to the deauth technique or the default deauth technique.
This is called when we receive a http request from the device and return specific attributes:
client mac address SSID client ip address redirect url grant url status code
Inverse inc. <info@inverse.ca>
Copyright (C) 2005-2015 Inverse inc.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.