Hello Joel, in fact it's not yet implemented in the code.
If I do the code , can you test it ? (then it will be part of the code base of PacketFence). Regards Fabrice Le mer. 28 août 2024 à 08:37, 平嘉伟 via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hi folks! > > I have a pf 13.2 installation for wired 802.1x authentication > with Huawei 57xx switches. > > Test-pc: win10 > > Test-switch-model: Huawei S5720 > > Test-switch-vrp-verion: V200R011C10SPC600 > > 802.1x authentication and role based vlan assignment working > perfectly. > > > > Now here is the thing: > > I define an acl in [switch-group]-[roles]-[OA-MACHINE]-[access-list] > for testing. > > The acl is pretty simple and has been tested with Huawei switch: > > acl 10001 deny dst-port 3389 > > meaning: deny if tcp destination port is 3389 > > after test-machine passed authentication , got correct > role[OA-MACHINE] , the radius reply is: > > BUT, there is no ACL info in reply! > > After digging, I found radius-filter which is capable to send acl > by using radius attribute 26-82 [Huawei data-filter], but it is hard to use. > > On the other hand, [access-list] of [switch-group]-[roles] is > much more user-friendly. > > So, my question is: > > how to make pf send acl which is predefined in > [switch-group]-[roles]-[SOME ROLE]-[access-list] to Huawei switch using > radius attribute 26-82[Huawei data-filter]? > > > > Any advice is appreciated. > > > > Joel. > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
