Hello all,
I am working with PacketFence and i try to find a way to desassociate a device connected to a OmniTIK U-5hdN.
The access point has been configured with CAPsMAN and the vlan association is working as expected.
The only issue is when i want to change the vlan id, i need PacketFence to be able to send a request to the access point.
I tried first with CoA with something like that:
Sending Disconnect-Request of id 200 to 172.20.20.246 port 3799
Acct-Session-Id = "ba7684f052142ace"
User-Name = "10:68:3F:71:D7:50"
rad_recv: Disconnect-NAK packet from host 172.20.20.246 port 3799, id=200, length=42
Error-Cause = Unsupported-Extension
NAS-Identifier = "MikroTik"
NAS-IP-Address = 172.20.20.246
In the log: Radius disconnect with no ip provided
So i tried with:
Sending Disconnect-Request of id 25 to 172.20.20.246 port 3799
Framed-IP-Address = 172.21.135.10
Acct-Session-Id = "ba7684f052142ace"
User-Name = "10:68:3F:71:D7:50"
rad_recv: Disconnect-NAK packet from host 172.20.20.246 port 3799, id=25, length=42
Error-Cause = Session-Context-Not-Found
NAS-Identifier = "MikroTik"
NAS-IP-Address = 172.20.20.246
With in the log: Radius disconnect request for unknown ip 172.21.135.10
172.21.135.10 is the current device ip address.
So i tried to check if it was possible with snmp (something near oid :iso.3.6.1.4.1.14988.1.1.1.5.1 ) but it look that there is no way to desassociate the device (and where i can find the mib ? this one look outdated http://www.mikrotik.com/download/Mikrotik.mib).
So the last way to do it is to use the cli:
[admin@MikroTik] /caps-man registration-table> print
# INTERFACE MAC-ADDRESS UPTIME RX-SIGNAL
0 cap1 10:68:3F:71:D7:50 4s900ms -39
[admin@MikroTik] /caps-man registration-table> remove 0
i am now able to receive a new radius request, but it mean that i have to connect with telnet/ssh, then parse the print result and find the index that correspond to my device mac address and remove the index (it´s possible but for each device i will have to do it).
So my question is, is there a way to do a CoA without the Framed-IP-Address attribute ?
or is there a way to do it by snmp ?
Thanks
Regards
Fabrice