Chetan Gaonker | 7f4bf74 | 2016-05-04 15:56:08 -0700 | [diff] [blame] | 1 | # -*- text -*- |
| 2 | ###################################################################### |
| 3 | # |
| 4 | # As of version 2.0.0, the server also supports the VMPS |
| 5 | # protocol. |
| 6 | # |
| 7 | # $Id: 8703902cafb5cc2b869dc42da9f554da313825ad $ |
| 8 | # |
| 9 | ###################################################################### |
| 10 | |
| 11 | server vmps { |
| 12 | listen { |
| 13 | # VMPS sockets only support IPv4 addresses. |
| 14 | ipaddr = * |
| 15 | |
| 16 | # Port on which to listen. |
| 17 | # Allowed values are: |
| 18 | # integer port number |
| 19 | # 1589 is the default VMPS port. |
| 20 | port = 1589 |
| 21 | |
| 22 | # Type of packets to listen for. Here, it is VMPS. |
| 23 | type = vmps |
| 24 | |
| 25 | # Some systems support binding to an interface, in addition |
| 26 | # to the IP address. This feature isn't strictly necessary, |
| 27 | # but for sites with many IP addresses on one interface, |
| 28 | # it's useful to say "listen on all addresses for |
| 29 | # eth0". |
| 30 | # |
| 31 | # If your system does not support this feature, you will |
| 32 | # get an error if you try to use it. |
| 33 | # |
| 34 | # interface = eth0 |
| 35 | } |
| 36 | |
| 37 | # If you have switches that are allowed to send VMPS, but NOT |
| 38 | # RADIUS packets, then list them here as "client" sections. |
| 39 | # |
| 40 | # Note that for compatibility with RADIUS, you still have to |
| 41 | # list a "secret" for each client, though that secret will not |
| 42 | # be used for anything. |
| 43 | |
| 44 | |
| 45 | # And the REAL contents. This section is just like the |
| 46 | # "post-auth" section of radiusd.conf. In fact, it calls the |
| 47 | # "post-auth" component of the modules that are listed here. |
| 48 | # But it's called "vmps" to highlight that it's for VMPS. |
| 49 | # |
| 50 | vmps { |
| 51 | # |
| 52 | # Some requests may not have a MAC address. Try to |
| 53 | # create one using other attributes. |
| 54 | if (!VMPS-Mac) { |
| 55 | if (VMPS-Ethernet-Frame =~ /0x.{12}(..)(..)(..)(..)(..)(..).*/) { |
| 56 | update request { |
| 57 | VMPS-Mac = "%{1}:%{2}:%{3}:%{4}:%{5}:%{6}" |
| 58 | } |
| 59 | } |
| 60 | else { |
| 61 | update request { |
| 62 | VMPS-Mac = "%{VMPS-Cookie}" |
| 63 | } |
| 64 | } |
| 65 | } |
| 66 | |
| 67 | # Do a simple mapping of MAC to VLAN. |
| 68 | # |
| 69 | # See radiusd.conf for the definition of the "mac2vlan" |
| 70 | # module. |
| 71 | # |
| 72 | #mac2vlan |
| 73 | |
| 74 | # required VMPS reply attributes |
| 75 | update reply { |
| 76 | VMPS-Packet-Type = VMPS-Join-Response |
| 77 | VMPS-Cookie = "%{VMPS-Mac}" |
| 78 | |
| 79 | VMPS-VLAN-Name = "please_use_real_vlan_here" |
| 80 | |
| 81 | # |
| 82 | # If you have VLAN's in a database, you can select |
| 83 | # the VLAN name based on the MAC address. |
| 84 | # |
| 85 | #VMPS-VLAN-Name = "%{sql:select ... where mac='%{VMPS-Mac}'}" |
| 86 | } |
| 87 | |
| 88 | # correct reply packet type for reconfirmation requests |
| 89 | # |
| 90 | if (VMPS-Packet-Type == VMPS-Reconfirm-Request){ |
| 91 | update reply { |
| 92 | VMPS-Packet-Type := VMPS-Reconfirm-Response |
| 93 | } |
| 94 | } |
| 95 | } |
| 96 | |
| 97 | # Proxying of VMPS requests is NOT supported. |
| 98 | } |