Add HW (Huawei) DPSK Radius attributes

inverse-inc / packetfence

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.

GNU General Public License v2.0

1.35k stars 286 forks source link

Since the latest R020 and R021 software releases, Huawei WLC's support DPSK, in addition to PPSK. Currently we are designing a solution where we want to use this authentication method, where the dynamically generated PSK is shown to a user by the DPSK provisioner. Generating and showing the key in the provisioner works. However, the generated DPSK is not sent back to the WLC. This DPSK is sent back in clear text by using Radius attribute HW-DPSK-Info; when used in conjunction with the HW-EPIV-Info attribute is sent back in ciphered text. See this article for more info.

Solution:

Add these attributes in the radius reply to the WLC when the DPSK is generated.

Alternatives: None so far, as this attribute currently is not in the radius dictionary.

inverse-inc / packetfence

Add HW (Huawei) DPSK Radius attributes #6557