[RADIATOR] MAC Address Log Format

Ehlers, Y.W. (Ydo) y.ehlers at ru.nl
Fri Feb 21 09:17:34 UTC 2020 

Roberto,



we have a wireless controller that sends MAC addresses in this format:

    20-5e-aa-33-18-2f

It does so for the client (Calling-Station) MAC as well as that of the WAP being used (Called-Station).
To get these addresses to match the format used by other systems I use the following method.

In the main Radiator config file there is the following hook:
…
 # Rewrite Cisco-style '20-5e-aa-33-18-2f' to common '20:5e:aa:33:18:2f'
 #
 PreClientHook  file:"/usr/local/etc/radiator/hook-files/RewriteMAC.pl"
…

The hook-file itself looks like this

# Rewrite MAC addresses
#
# The cisco Wireless Controllers use dashes (-) for MAC addresses in
# the Radius requests.
# For analyses purposes they are rewritten to more commen colons (:).
sub
{
    my $p = ${$_[0]};
    my $clientmac;
    my $wapmac;

    if ($clientmac = $p->get_attr('Calling-Station-Id'))
    {
        &main::log($main::LOG_DEBUG,
            "Calling-Station-Id = $clientmac");
        $clientmac =~ tr/-/:/;
        $p->change_attr('Calling-Station-Id', $clientmac);
    }
    if ($wapmac = $p->get_attr('Called-Station-Id'))
    {
        &main::log($main::LOG_DEBUG,
            "Called-Station-Id = $wapmac");
        $wapmac =~ tr/-/:/;
        $p->change_attr('Called-Station-Id', $wapmac);
    }
    return;
}

A proper Perl coder could do a better job, but for us, this gets the job done.
As your starting format differs, you will have to change the two actual rewrites; they probably should look something like this:

    $clientmac =~ s/^([a-f0-9]{2})([a-f0-9]{2}:[a-f0-9]{2})([a-f0-9]{2}:[a-f0-9]{2})([a-f0-9]{2})$/$1:$2:$3:$4/;
and
    $wapmac =~ s/^([a-f0-9]{2})([a-f0-9]{2}:[a-f0-9]{2})([a-f0-9]{2}:[a-f0-9]{2})([a-f0-9]{2})$/$1:$2:$3:$4/;



Hope this can help getting to where you want!


Ydo

--
Ydo Ehlers | IT Beheerder | ICT Service Center | Radboud Universiteit | Postbus 9102, 6500 HC Nijmegen | (024) 361 78 94 | www.ru.nl/isc

Dit bericht en elke eventuele bijlage is uitsluitend bestemd voor de geadresseerde(n) en kan vertrouwelijke informatie bevatten. Indien u niet de geadresseerde bent mag u dit bericht en de bijlage niet kopiëren of aan derden ter inzage geven of verspreiden.
U wordt verzocht de afzender hiervan onmiddellijk op de hoogte te stellen en het bericht te vernietigen.

> -----Original Message-----
> From: radiator <radiator-bounces at lists.open.com.au> On Behalf Of Hugh Irvine
> Sent: Thursday, February 20, 2020 10:53 PM
> To: Ullfig, Roberto Alfredo <rullfig at uic.edu>
> Cc: radiator at lists.open.com.au
> Subject: Re: [RADIATOR] MAC Address Log Format
>
>
> Hello Roberto -
>
> Take a look at a Trace 4 debug - I’m guessing what you show below is what is in the
> Calling-Station-Id sent be the client.
>
> If that is the case you will probably need a hook to reformat it as you want.
>
> regards
>
> Hugh
>
>
> > On 21 Feb 2020, at 07:40, Ullfig, Roberto Alfredo <rullfig at uic.edu<mailto:rullfig at uic.edu>> wrote:
> >
> > Can the MAC Address format be changed for logging purposes to this:
> >
> > ab:cd:ef:12:34:56
> >
> > it currently logs as this
> >
> > abcd:ef12:3456
> >
> > using %{OuterRequest:Calling-Station-Id}
> >
> > ---
> > Roberto Ullfig - rullfig at uic.edu<mailto:rullfig at uic.edu>
> > Systems Administrator
> > Enterprise Architecture and Development | ACCC University of Illinois
> > - Chicago _______________________________________________
> > radiator mailing list
> > radiator at lists.open.com.au<mailto:radiator at lists.open.com.au>
> > https://lists.open.com.au/mailman/listinfo/radiator
>
>
> --
>
> Hugh Irvine
> hugh at open.com.au<mailto:hugh at open.com.au>
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER, SIM, etc.
> Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.
>
> _______________________________________________
> radiator mailing list
> radiator at lists.open.com.au<mailto:radiator at lists.open.com.au>
> https://lists.open.com.au/mailman/listinfo/radiator

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20200221/68c30108/attachment.html>

More information about the radiator mailing list