.TH squark-auth 8 "23 July 2010" "" "Squark Documentation" .SH NAME squark-auth \- Squark authentication helper for Squid .SH SYNOPSIS .BI "squark-auth [" "option" "]..." .SH DESCRIPTION .B squark\-auth is an external acl helper for Squid. It maps IP-address to credentials information collected from managed switches using SNMP. .SS Theory Of Operation The code first maps received IP to a MAC using SNMP query from the router connecting to client IP's subnet. .PP This is followed with MAC tracing of the MAC address. The switch BRIDGE-MIB forwarding database is queried to detect which switch port is active for the MAC. LLDP-MIB is then queried to receive IP-address of the switch connected to this port. This is repeated until we end up in "edge switch" which does not have any LLDP information available for the port where the MAC address is assigned. .PP Finally, the edge switch is interrogated for detailed information of the port and connected client. .SH OPTIONS The following options are recognized: .IP "\fB\-c \fIsnmp\-communicty" Allows specifying SNMP community. If specified SNMPv2c mode is assumed. To use SNMPv3 you need to configure the required version and authentication keys using standard net-snmp configuration files. .IP "\fB\-r \fIlayer3\-root\-ip" The management IP-address of the default gateway router for the clients. If you have multiple "routing switches", this should be the closest such switch to the machine running squark\-auth. .IP "\fB\-i \fIlayer3\-root\-interface" The router's network interface connected to the subnet containing the clients. .IP "\fB\-R \fIlayer2\-root\-ip" In case the router and the first switch are different devices and the router does not support BRIDGE-MIB, this can be used to specify the IP-address of the first switch. Defaults to \fIlayer3\-root\-ip\fR. .IP "\fB-v \fIlayer2\-vlan" The VLAN index of the client's subnet for the layer2 switches. .IP "\fB-f \fIusername\-format" Specifies the format of the username to given back for squid. The following format specifiers are supported: .TS Header llw(2i). %I Client IP address %M Client MAC address %N Edge switch sysName %L Edge switch sysLocation %i Edge switch port ifIndex %n Edge switch port ifName %d Edge switch port ifDescr %w Edge switch HP ProCurve WebAuth username .TE Defaults to "%w". .IP "\fB-T \fItopology\-file" Load external topology information for switches not supporting LLDP. .SH AUTHORS Timo Teras