VMPS with MySQL default VLAN
Daniel Pogac
dano.pogac at gmail.com
Thu Oct 29 17:37:02 CET 2015
Good afternoon.
I've got problem with configuring VMPS with MySQL and default VLAN.
This is relevant part of vmps config which i use:
update reply {
&VMPS-Packet-Type = VMPS-Join-Response
&VMPS-Cookie = &VMPS-Mac
&VMPS-VLAN-Name = "Public_INET"
# If you have VLAN's in a database, you can select
# the VLAN name based on the MAC address.
#
&VMPS-VLAN-Name = "%{sql:select vlan from mac2vlan
where mac='%{VMPS-Mac}'}"
}
In this configuration, VMPS always return VLAN value as Public_INET. Even
if i use MAC address which is in MySQL database. In debug output i can see
that VLAN is successfully returned from MySQL, but return from FreeRADIUS
is Public_INET. Debug output is as follows :
VMPS-Packet-Type = VMPS-Join-Request
VMPS-Error-Code = VMPS-No-Error
VMPS-Sequence-Number = 4660
VMPS-Client-IP-Address = 127.0.0.1
VMPS-Port-Name = "Fa0/1"
VMPS-VLAN-Name = ""
VMPS-Domain-Name = ""
VMPS-Unknown = 0x00
VMPS-MAC = 68:f7:28:e7:d8:ec
(1) Received Access-Request Id 4660 from 127.0.0.1:59323 to 127.0.0.1:1589
length 60
(1) VMPS-Packet-Type = VMPS-Join-Request
(1) VMPS-Error-Code = VMPS-No-Error
(1) VMPS-Sequence-Number = 4660
(1) VMPS-Client-IP-Address = 127.0.0.1
(1) VMPS-Port-Name = "Fa0/1"
(1) VMPS-VLAN-Name = ""
(1) VMPS-Domain-Name = ""
(1) VMPS-Unknown = 0x00
(1) VMPS-MAC = 68:f7:28:e7:d8:ec
Doing VMPS
(1) vmps {
(1) if (!&VMPS-Mac) {
(1) if (!&VMPS-Mac) -> FALSE
(1) [mac2vlan] = ok
(1) update reply {
(1) &VMPS-Packet-Type = VMPS-Join-Response
(1) &VMPS-Cookie = &VMPS-Mac -> 68:f7:28:e7:d8:ec
(1) &VMPS-VLAN-Name = "Public_INET"
(1) EXPAND %{User-Name}
(1) -->
(1) SQL-User-Name set to ''
rlm_sql (sql): Reserved connection (2)
(1) Executing select query: select vlan from mac2vlan where
mac='68:f7:28:e7:d8:ec'
rlm_sql (sql): Released connection (2)
rlm_sql (sql): Need 4 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (6), 1 of 26 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket,
server version 5.1.73, protocol version 10
(1) EXPAND %{sql:select vlan from mac2vlan where mac='%{VMPS-Mac}'}
(1) --> OFFICE
(1) VMPS-VLAN-Name = OFFICE
(1) } # update reply = noop
(1) if (&VMPS-Packet-Type == VMPS-Reconfirm-Request){
(1) if (&VMPS-Packet-Type == VMPS-Reconfirm-Request) -> FALSE
(1) } # vmps = ok
Done VMPS
(1) vmps {
(1) if (!&VMPS-Mac) {
(1) if (!&VMPS-Mac) -> FALSE
(1) [mac2vlan] = ok
(1) update reply {
(1) &VMPS-Packet-Type = VMPS-Join-Response
(1) &VMPS-Cookie = &VMPS-Mac -> 68:f7:28:e7:d8:ec
(1) &VMPS-VLAN-Name = "Public_INET"
(1) EXPAND %{User-Name}
(1) -->
(1) SQL-User-Name set to ''
rlm_sql (sql): Reserved connection (3)
(1) Executing select query: select vlan from mac2vlan where
mac='68:f7:28:e7:d8:ec'
rlm_sql (sql): Released connection (3)
(1) EXPAND %{sql:select vlan from mac2vlan where mac='%{VMPS-Mac}'}
(1) --> OFFICE
(1) VMPS-VLAN-Name = OFFICE
(1) } # update reply = noop
(1) if (&VMPS-Packet-Type == VMPS-Reconfirm-Request){
(1) if (&VMPS-Packet-Type == VMPS-Reconfirm-Request) -> FALSE
(1) } # vmps = ok
(1) Sent Access-Accept Id 4660 from 127.0.0.1:1589 to 127.0.0.1:59323
length 0
VMPS-VLAN-Name = "Public_INET"
VMPS-Cookie = 68:f7:28:e7:d8:ec
(1) Finished request
(1) Cleaning up request packet ID 4660 with timestamp +24
Ready to process requests
When i place first mysql request and then i set default VLAN, than returned
VLAN from VMPS is correct when i use MAC address which is in DB, but when i
use other MAC returned VLAN is empty. Config as follows:
update reply {
&VMPS-Packet-Type = VMPS-Join-Response
&VMPS-Cookie = &VMPS-Mac
# If you have VLAN's in a database, you can select
# the VLAN name based on the MAC address.
#
&VMPS-VLAN-Name = "%{sql:select vlan from mac2vlan
where mac='%{VMPS-Mac}'}"
&VMPS-VLAN-Name = "Public_INET"
}
Debug output with MAC from DB:
VMPS-Packet-Type = VMPS-Join-Request
VMPS-Error-Code = VMPS-No-Error
VMPS-Sequence-Number = 4660
VMPS-Client-IP-Address = 127.0.0.1
VMPS-Port-Name = "Fa0/1"
VMPS-VLAN-Name = ""
VMPS-Domain-Name = ""
VMPS-Unknown = 0x00
VMPS-MAC = 68:f7:28:e7:d8:ec
(0) Received Access-Request Id 4660 from 127.0.0.1:60360 to 127.0.0.1:1589
length 60
(0) VMPS-Packet-Type = VMPS-Join-Request
(0) VMPS-Error-Code = VMPS-No-Error
(0) VMPS-Sequence-Number = 4660
(0) VMPS-Client-IP-Address = 127.0.0.1
(0) VMPS-Port-Name = "Fa0/1"
(0) VMPS-VLAN-Name = ""
(0) VMPS-Domain-Name = ""
(0) VMPS-Unknown = 0x00
(0) VMPS-MAC = 68:f7:28:e7:d8:ec
Doing VMPS
(0) vmps {
(0) if (!&VMPS-Mac) {
(0) if (!&VMPS-Mac) -> FALSE
(0) [mac2vlan] = ok
(0) update reply {
(0) &VMPS-Packet-Type = VMPS-Join-Response
(0) &VMPS-Cookie = &VMPS-Mac -> 68:f7:28:e7:d8:ec
(0) EXPAND %{User-Name}
(0) -->
(0) SQL-User-Name set to ''
rlm_sql (sql): Reserved connection (0)
(0) Executing select query: select vlan from mac2vlan where
mac='68:f7:28:e7:d8:ec'
rlm_sql (sql): Released connection (0)
rlm_sql (sql): Need 5 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket,
server version 5.1.73, protocol version 10
(0) EXPAND %{sql:select vlan from mac2vlan where mac='%{VMPS-Mac}'}
(0) --> OFFICE
(0) VMPS-VLAN-Name = OFFICE
(0) &VMPS-VLAN-Name = "Public_INET"
(0) } # update reply = noop
(0) if (&VMPS-Packet-Type == VMPS-Reconfirm-Request){
(0) if (&VMPS-Packet-Type == VMPS-Reconfirm-Request) -> FALSE
(0) } # vmps = ok
Done VMPS
(0) vmps {
(0) if (!&VMPS-Mac) {
(0) if (!&VMPS-Mac) -> FALSE
(0) [mac2vlan] = ok
(0) update reply {
(0) &VMPS-Packet-Type = VMPS-Join-Response
(0) &VMPS-Cookie = &VMPS-Mac -> 68:f7:28:e7:d8:ec
(0) EXPAND %{User-Name}
(0) -->
(0) SQL-User-Name set to ''
rlm_sql (sql): Reserved connection (1)
(0) Executing select query: select vlan from mac2vlan where
mac='68:f7:28:e7:d8:ec'
rlm_sql (sql): Released connection (1)
(0) EXPAND %{sql:select vlan from mac2vlan where mac='%{VMPS-Mac}'}
(0) --> OFFICE
(0) VMPS-VLAN-Name = OFFICE
(0) &VMPS-VLAN-Name = "Public_INET"
(0) } # update reply = noop
(0) if (&VMPS-Packet-Type == VMPS-Reconfirm-Request){
(0) if (&VMPS-Packet-Type == VMPS-Reconfirm-Request) -> FALSE
(0) } # vmps = ok
(0) Sent Access-Accept Id 4660 from 127.0.0.1:1589 to 127.0.0.1:60360
length 0
VMPS-VLAN-Name = "OFFICE"
VMPS-Cookie = 68:f7:28:e7:d8:ec
(0) Finished request
(0) Cleaning up request packet ID 4660 with timestamp +5
Ready to process requests
This is debug output with MAC not present in DB:
VMPS-Packet-Type = VMPS-Join-Request
VMPS-Error-Code = VMPS-No-Error
VMPS-Sequence-Number = 4660
VMPS-Client-IP-Address = 127.0.0.1
VMPS-Port-Name = "Fa0/1"
VMPS-VLAN-Name = ""
VMPS-Domain-Name = ""
VMPS-Unknown = 0x00
VMPS-MAC = 68:f7:28:e7:d8:ea
(1) Received Access-Request Id 4660 from 127.0.0.1:58809 to 127.0.0.1:1589
length 60
(1) VMPS-Packet-Type = VMPS-Join-Request
(1) VMPS-Error-Code = VMPS-No-Error
(1) VMPS-Sequence-Number = 4660
(1) VMPS-Client-IP-Address = 127.0.0.1
(1) VMPS-Port-Name = "Fa0/1"
(1) VMPS-VLAN-Name = ""
(1) VMPS-Domain-Name = ""
(1) VMPS-Unknown = 0x00
(1) VMPS-MAC = 68:f7:28:e7:d8:ea
Doing VMPS
(1) vmps {
(1) if (!&VMPS-Mac) {
(1) if (!&VMPS-Mac) -> FALSE
(1) [mac2vlan] = ok
(1) update reply {
(1) &VMPS-Packet-Type = VMPS-Join-Response
(1) &VMPS-Cookie = &VMPS-Mac -> 68:f7:28:e7:d8:ea
(1) EXPAND %{User-Name}
(1) -->
(1) SQL-User-Name set to ''
rlm_sql (sql): Reserved connection (2)
(1) Executing select query: select vlan from mac2vlan where
mac='68:f7:28:e7:d8:ea'
(1) SQL query returned no results
rlm_sql (sql): Released connection (2)
rlm_sql (sql): Need 4 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (6), 1 of 26 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket,
server version 5.1.73, protocol version 10
(1) EXPAND %{sql:select vlan from mac2vlan where mac='%{VMPS-Mac}'}
(1) -->
(1) VMPS-VLAN-Name =
(1) &VMPS-VLAN-Name = "Public_INET"
(1) } # update reply = noop
(1) if (&VMPS-Packet-Type == VMPS-Reconfirm-Request){
(1) if (&VMPS-Packet-Type == VMPS-Reconfirm-Request) -> FALSE
(1) } # vmps = ok
Done VMPS
(1) vmps {
(1) if (!&VMPS-Mac) {
(1) if (!&VMPS-Mac) -> FALSE
(1) [mac2vlan] = ok
(1) update reply {
(1) &VMPS-Packet-Type = VMPS-Join-Response
(1) &VMPS-Cookie = &VMPS-Mac -> 68:f7:28:e7:d8:ea
(1) EXPAND %{User-Name}
(1) -->
(1) SQL-User-Name set to ''
rlm_sql (sql): Reserved connection (3)
(1) Executing select query: select vlan from mac2vlan where
mac='68:f7:28:e7:d8:ea'
(1) SQL query returned no results
rlm_sql (sql): Released connection (3)
(1) EXPAND %{sql:select vlan from mac2vlan where mac='%{VMPS-Mac}'}
(1) -->
(1) VMPS-VLAN-Name =
(1) &VMPS-VLAN-Name = "Public_INET"
(1) } # update reply = noop
(1) if (&VMPS-Packet-Type == VMPS-Reconfirm-Request){
(1) if (&VMPS-Packet-Type == VMPS-Reconfirm-Request) -> FALSE
(1) } # vmps = ok
(1) Sent Access-Accept Id 4660 from 127.0.0.1:1589 to 127.0.0.1:58809
length 0
VMPS-VLAN-Name = ""
VMPS-Cookie = 68:f7:28:e7:d8:ea
(1) Finished request
(1) Cleaning up request packet ID 4660 with timestamp +44
Ready to process requests
It looks like first value set to attribute &VMPS-VLAN-Name is mandatory and
it cant be overwrited. Is there any possibility to read VLANs from DB but
if MAC is not in DB table to set some default VLAN?
Thank You
Daniel
More information about the Freeradius-Users
mailing list