Comparing attributes containing MAC addresses
Alan DeKok
aland at deployingradius.com
Wed Apr 20 13:24:41 UTC 2022
On Apr 20, 2022, at 8:46 AM, Paul Moser via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> Is there a simple built in way to compare attributes that are MAC addresses for equivalence?
>
> I need to be able to compare 2 attributes in a packet to see if they are the same, unfortunately the network kit vendor does not format MAC addresses consistently across all attributes (eg User-Name = aa.bb.cc.dd.ee.ff whilst Calling-Station-Id = aabb:ccdd:eeff) so a simple string comparison does not work.
You'll need to write regular expressions and rules to match each format, and normalize them. Place the normalized MAC addresses into a new attribute, and then compare that.
e.g. edit raddb/dictionary, and add:
ATTRIBUTE MAC-Address 3000 string
then in authorize, write a regex. See policy.d/canonicalization for examples
if (Calling-Station-Id =~/regex1/) {
update request {
MAC-Address := "%{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}"
}
}
elsif (Calling-Station-Id =~/regex2/) {
update request {
MAC-Address := "%{toupper:..."
}
}
Unfortunately while the RFCs have a recommended string format for MAC addresses, many vendors don't bother following (or even reading) the standards.
Alan DeKok.
More information about the Freeradius-Users
mailing list