From 25593b5e6fea76ed7c08db586924032c0810c27e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= Date: Sun, 7 Nov 2010 00:47:39 +0200 Subject: squark: reorganize sources to src directory --- man/squark-auth-snmp.8 | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 man/squark-auth-snmp.8 (limited to 'man/squark-auth-snmp.8') diff --git a/man/squark-auth-snmp.8 b/man/squark-auth-snmp.8 new file mode 100644 index 0000000..ca4be00 --- /dev/null +++ b/man/squark-auth-snmp.8 @@ -0,0 +1,74 @@ +.TH squark-auth 8 "23 July 2010" "" "Squark Documentation" + +.SH NAME +squark-auth \- Squark authentication helper for Squid + +.SH SYNOPSIS +.BI "squark-auth [" "option" "]..." + +.SH DESCRIPTION +.B squark\-auth +is an external acl helper for Squid. It maps IP-address to +credentials information collected from managed switches using SNMP. + +.SS Theory Of Operation +The code first maps received IP to a MAC using SNMP query from the +router connecting to client IP's subnet. +.PP +This is followed with MAC tracing of the MAC address. The switch +BRIDGE-MIB forwarding database is queried to detect which switch port +is active for the MAC. LLDP-MIB is then queried to receive IP-address +of the switch connected to this port. This is repeated until we end up +in "edge switch" which does not have any LLDP information available +for the port where the MAC address is assigned. +.PP +Finally, the edge switch is interrogated for detailed information of +the port and connected client. + +.SH OPTIONS +The following options are recognized: + +.IP "\fB\-c \fIsnmp\-communicty" +Allows specifying SNMP community. If specified SNMPv2c mode is assumed. +To use SNMPv3 you need to configure the required version and authentication +keys using standard net-snmp configuration files. + +.IP "\fB\-r \fIlayer3\-root\-ip" +The management IP-address of the default gateway router for the clients. +If you have multiple "routing switches", this should be the closest such +switch to the machine running squark\-auth. + +.IP "\fB\-i \fIlayer3\-root\-interface" +The router's network interface connected to the subnet containing the +clients. + +.IP "\fB\-R \fIlayer2\-root\-ip" +In case the router and the first switch are different devices and the +router does not support BRIDGE-MIB, this can be used to specify the +IP-address of the first switch. Defaults to \fIlayer3\-root\-ip\fR. + +.IP "\fB-v \fIlayer2\-vlan" +The VLAN index of the client's subnet for the layer2 switches. + +.IP "\fB-f \fIusername\-format" +Specifies the format of the username to given back for squid. The +following format specifiers are supported: +.TS Header +llw(2i). +%I Client IP address +%M Client MAC address +%N Edge switch sysName +%L Edge switch sysLocation +%i Edge switch port ifIndex +%n Edge switch port ifName +%d Edge switch port ifDescr +%w Edge switch HP ProCurve WebAuth username +.TE + +Defaults to "%w". + +.IP "\fB-T \fItopology\-file" +Load external topology information for switches not supporting LLDP. + +.SH AUTHORS +Timo Teras -- cgit v1.2.3