Chewie uses PAE Group address as SA #190
Comments
|
Hi @knoll01, Thanks for reporting this issue and interested in hearing how integrating Chewie with other switches go, we haven't done much integration testing with external systems that aren't faucet as yet. I took a look at this and I think the piece we need to modify is this function: Lines 300 to 307 in dab415d If you want to attempt to get a patch out, then I'm happy to review it, or if that code doesn't make sense I'm happy to take a crack at fixing it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am using Chewie as a standalone authenticator (as a component in a system outside of faucetsdn) for a switch that does not have a built-in authenticator.
When a supplicant attached to the switch sends an EAPOL-Start, it sets the DA to the PAE Group address (01-80-C2-00-00-03), and SA to its own MAC address.
Chewie receives the EAPOL-Start and responds, as expected, with an EAPOL-EAP message. This message sets DA to the MAC address of the supplicant, and SA to the PAE Group Address.
I believe setting SA=PAE Group Address is invalid, and is being dropped by the supplicant and/or other network elements in the path between Chewie and the supplicant (depending on the specific network topology I am testing).
I think the cause of this is that Chewie is simply setting the SA of sent EAPOL frames to the port_id which is copied from the DA of the received EAPOL-Start. I think the fix is as simple as checking if the received DA is 01-80-C2-00-00-03, and if it is, setting port_id to the local MAC address.
I am willing to submit a patch to fix this, but it is unclear where in the code is best to make this check.
Please provide guidance and I will make my best attempt to supply a patch.
The text was updated successfully, but these errors were encountered: