Issues with 802.1X deployment
38 views
Skip to first unread message
Filip Perz
Nov 15, 2023, 3:16:49 PM11/15/23
to faucet
Hi everyone,
I'm writing because I encountered an issue that I can't get past by myself. I know this project is not very active right now but maybe there is someone that could help me :)
What I'm trying to do?
As a part of my uni project I want to deploy a Faucet with dot1x support to showcase dynamic ACL allocation. My setup:
- linux VM in virtualbox
- faucet demon installed working with sample config
- radius server listening on localhost
- openvswitch configured with 3 ports
What is the issue?
I can't get Chewie to correctly create a socket on nfv interface. I tried creating veth or my virtualbox VM interface but I always have the same messgae:
Nov 15 14:44:35 faucet.Chewie.EapSocket ERROR Unable to setup socket: [Errno 1] Operation not permitted
The cause might be (and i'm pretty sure it is) my lack of knowledge of Linux but if someone could point me into the right direction I would be very grateful :)
Here is my faucet.yaml:
1 vlans:
2 office:
3 vid: 100
4 description: "office network"
5 radius:
6 vid: 200
7 description: "radius network"
8
9 dps:
10 sw1:
11 dp_id: 0x1
12 dot1x:
13 nfv_intf: veth-nfv-port
14 nfv_sw_port: 3
15 radius_ip: 127.0.0.1
16 radius_port: 18120
17 radius_secret:
18 hardware: "Open vSwitch"
19 interfaces:
20 1:
21 name: "RADIUS for host 1"
22 dot1x: true
23 dot1x_dyn_acl: true
24 native_vlan: 100
25 2:
26 name: "host2"
27 description: "host2 network namespace"
28 native_vlan: office
29 3:
30 name: "RADIUS interface"
31 output_only: true
32
33 acls:
34 block-ping:
35 - rule:
36 dl_type: 0x800 # IPv4
37 ip_proto: 1 # ICMP
38 actions:
39 allow: False
40 - rule:
41 dl_type: 0x86dd # IPv6
42 ip_proto: 58 # ICMPv6
43 actions:
44 allow: False
2 office:
3 vid: 100
4 description: "office network"
5 radius:
6 vid: 200
7 description: "radius network"
8
9 dps:
10 sw1:
11 dp_id: 0x1
12 dot1x:
13 nfv_intf: veth-nfv-port
14 nfv_sw_port: 3
15 radius_ip: 127.0.0.1
16 radius_port: 18120
17 radius_secret:
18 hardware: "Open vSwitch"
19 interfaces:
20 1:
21 name: "RADIUS for host 1"
22 dot1x: true
23 dot1x_dyn_acl: true
24 native_vlan: 100
25 2:
26 name: "host2"
27 description: "host2 network namespace"
28 native_vlan: office
29 3:
30 name: "RADIUS interface"
31 output_only: true
32
33 acls:
34 block-ping:
35 - rule:
36 dl_type: 0x800 # IPv4
37 ip_proto: 1 # ICMP
38 actions:
39 allow: False
40 - rule:
41 dl_type: 0x86dd # IPv6
42 ip_proto: 58 # ICMPv6
43 actions:
44 allow: False
and my openvswitch config:
Bridge br0
Controller "tcp:127.0.0.1:6653"
Controller "tcp:127.0.0.1:6654"
is_connected: true
fail_mode: secure
Port veth-host1
Interface veth-host1
Port veth-host2
Interface veth-host2
Port br0
Interface br0
type: internal
Port veth-nfv-port
Interface veth-nfv-port
ovs_version: "2.13.8"
Controller "tcp:127.0.0.1:6653"
Controller "tcp:127.0.0.1:6654"
is_connected: true
fail_mode: secure
Port veth-host1
Interface veth-host1
Port veth-host2
Interface veth-host2
Port br0
Interface br0
type: internal
Port veth-nfv-port
Interface veth-nfv-port
ovs_version: "2.13.8"
Thanks in advance,
Filip
Reply all
Reply to author
Forward
0 new messages