Re: Question on Cisco-AVPair = device-traffic-class=voice
On Sat, Jun 23, 2012 at 08:35:31AM +0800, John wrote:
With this solution, both Ip phone or other device will be marked
as 'voice', right?
Yes
Can we distinguish it is a 'voice' device? then add
Cisco-AVPair = device-traffic-class=voice . otherwise, don't
add this attribute.
I hit exactly this issue this week.
It depends on what your NAS sends in the request. Annoyingly it
seems that Cisco doesn't send anything useful apart from the MAC
address in Calling-Station-Id (that I can find), or the username
or certificate checks if you're using 802.1x rather than MAB.
(In my case, at this stage, I'm less concerned about the security
and would more like logging and an easy way to block a MAC
address, so if the switch send device class details, or even PoE
state, from LLDP or CDP, it would be much more useful, but I
haven't yet found a way to get it to do that.)
So you either look it up in a database, or check the MAC prefix.
Something like
if (Calling-Station-Id =~ /^001122/) {
update reply...
}
As I said before -
man unlang
Cisco specifically say in their documentation that you can't check
the mac address prefix if you're using Cisco phones, though, as
unlike some other more useful manufacturers they use many
different prefixes for their phones. That pushes you to have to
use a database of some kind if you use their system (which
thankfully we don't).
Cheers,
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Question on Cisco-AVPair = device-traffic-class=voice
Hi, Is there a way that freeradius can tell it is a VOICE device? Like ACS server: Cisco-AVPair = device-traffic-class=voice. Here is a link to IP Telephony In IEEE 802.1X ... http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/config_guide_c17-605524.html#wp9000357 Thanks a lot, Hangjun- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Cisco-AVPair = device-traffic-class=voice
On Sat, Jun 23, 2012 at 06:24:40AM +0800, John wrote:
Is there a way that freeradius can tell it is a VOICE device?
Like ACS server: Cisco-AVPair = device-traffic-class=voice.
man unlang
update reply {
cisco-avpair := device-traffic-class=voice
}
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on Cisco-AVPair = device-traffic-class=voice
Thanks. Matthew
With this solution, both Ip phone or other device will be marked as 'voice',
right?
Can we distinguish it is a 'voice' device? then add Cisco-AVPair =
device-traffic-class=voice . otherwise, don't add this attribute.
Hangjun
--- 12年6月23日,周六, Matthew Newton m...@leicester.ac.uk 写道:
发件人: Matthew Newton m...@leicester.ac.uk
主题: Re: Question on Cisco-AVPair = device-traffic-class=voice
收件人: FreeRadius users mailing list freeradius-users@lists.freeradius.org
日期: 2012年6月23日,周六,上午6:52
On Sat, Jun 23, 2012 at 06:24:40AM +0800, John wrote:
Is there a way that freeradius can tell it is a VOICE device?
Like ACS server: Cisco-AVPair = device-traffic-class=voice.
man unlang
update reply {
cisco-avpair := device-traffic-class=voice
}
Matthew
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
