blob: ca4be00dfcedd5090a0a28576a84f96ea4477f72 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
.TH squark-auth 8 "23 July 2010" "" "Squark Documentation"
.SH NAME
squark-auth \- Squark authentication helper for Squid
.SH SYNOPSIS
.BI "squark-auth [" "option" "]..."
.SH DESCRIPTION
.B squark\-auth
is an external acl helper for Squid. It maps IP-address to
credentials information collected from managed switches using SNMP.
.SS Theory Of Operation
The code first maps received IP to a MAC using SNMP query from the
router connecting to client IP's subnet.
.PP
This is followed with MAC tracing of the MAC address. The switch
BRIDGE-MIB forwarding database is queried to detect which switch port
is active for the MAC. LLDP-MIB is then queried to receive IP-address
of the switch connected to this port. This is repeated until we end up
in "edge switch" which does not have any LLDP information available
for the port where the MAC address is assigned.
.PP
Finally, the edge switch is interrogated for detailed information of
the port and connected client.
.SH OPTIONS
The following options are recognized:
.IP "\fB\-c \fIsnmp\-communicty"
Allows specifying SNMP community. If specified SNMPv2c mode is assumed.
To use SNMPv3 you need to configure the required version and authentication
keys using standard net-snmp configuration files.
.IP "\fB\-r \fIlayer3\-root\-ip"
The management IP-address of the default gateway router for the clients.
If you have multiple "routing switches", this should be the closest such
switch to the machine running squark\-auth.
.IP "\fB\-i \fIlayer3\-root\-interface"
The router's network interface connected to the subnet containing the
clients.
.IP "\fB\-R \fIlayer2\-root\-ip"
In case the router and the first switch are different devices and the
router does not support BRIDGE-MIB, this can be used to specify the
IP-address of the first switch. Defaults to \fIlayer3\-root\-ip\fR.
.IP "\fB-v \fIlayer2\-vlan"
The VLAN index of the client's subnet for the layer2 switches.
.IP "\fB-f \fIusername\-format"
Specifies the format of the username to given back for squid. The
following format specifiers are supported:
.TS Header
llw(2i).
%I Client IP address
%M Client MAC address
%N Edge switch sysName
%L Edge switch sysLocation
%i Edge switch port ifIndex
%n Edge switch port ifName
%d Edge switch port ifDescr
%w Edge switch HP ProCurve WebAuth username
.TE
Defaults to "%w".
.IP "\fB-T \fItopology\-file"
Load external topology information for switches not supporting LLDP.
.SH AUTHORS
Timo Teras <timo.teras@iki.fi>
|
