diff options
Diffstat (limited to 'src/conf_mode/interfaces-wireless.py')
| -rwxr-xr-x | src/conf_mode/interfaces-wireless.py | 46 |
1 files changed, 41 insertions, 5 deletions
diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 5289208d9..19e1f01b8 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -25,9 +25,10 @@ from grp import getgrnam from subprocess import Popen, PIPE from psutil import pid_exists +from netifaces import interfaces from vyos.ifconfig import EthernetIf -from vyos.ifconfig_vlan import apply_vlan_config +from vyos.ifconfig_vlan import apply_vlan_config, verify_vlan_config from vyos.configdict import list_diff, vlan_to_dict from vyos.config import Config from vyos import ConfigError @@ -640,9 +641,16 @@ wpa_key_mgmt=WPA-EAP # IP addresses, but this field can be used to force a specific address to be # used, e.g., when the device has multiple IP addresses. radius_client_addr={{ sec_wpa_radius_source }} + +# The own IP address of the access point (used as NAS-IP-Address) +own_ip_addr={{ sec_wpa_radius_source }} +{% else %} +# The own IP address of the access point (used as NAS-IP-Address) +own_ip_addr=127.0.0.1 {% endif %} {% for radius in sec_wpa_radius -%} +{%- if not radius.disabled -%} # RADIUS authentication server auth_server_addr={{ radius.server }} auth_server_port={{ radius.port }} @@ -653,6 +661,7 @@ acct_server_addr={{ radius.server }} acct_server_port={{ radius.acc_port }} acct_server_shared_secret={{ radius.key }} {% endif %} +{% endif %} {% endfor %} {% endif %} @@ -760,6 +769,8 @@ network={ ssid="{{ ssid }}" {%- if sec_wpa_passphrase %} psk="{{ sec_wpa_passphrase }}" +{% else %} + key_mgmt=NONE {% endif %} } @@ -836,7 +847,8 @@ default_config_data = { 'ssid' : '', 'type' : 'monitor', 'vif': [], - 'vif_remove': [] + 'vif_remove': [], + 'vrf': '' } def get_conf_file(conf_type, intf): @@ -1148,6 +1160,10 @@ def get_config(): if conf.exists('mode'): wifi['mode'] = conf.return_value('mode') + # retrieve VRF instance + if conf.exists('vrf'): + wifi['vrf'] = conf.return_value('vrf') + # Wireless physical device if conf.exists('phy'): wifi['phy'] = conf.return_value('phy') @@ -1204,6 +1220,7 @@ def get_config(): radius = { 'server' : server, 'acc_port' : '', + 'disabled': False, 'port' : 1812, 'key' : '' } @@ -1216,6 +1233,10 @@ def get_config(): if conf.exists('accounting'): radius['acc_port'] = radius['port'] + 1 + # Check if RADIUS server was temporary disabled + if conf.exists(['disable']): + radius['disabled'] = True + # RADIUS server shared-secret if conf.exists('key'): radius['key'] = conf.return_value('key') @@ -1248,6 +1269,9 @@ def get_config(): conf.set_level(cfg_base + ' vif ' + vif) wifi['vif'].append(vlan_to_dict(conf)) + # disable interface + if conf.exists('disable'): + wifi['disable'] = True # retrieve configured regulatory domain conf.set_level('system') @@ -1273,7 +1297,6 @@ def verify(wifi): if not wifi['channel']: raise ConfigError('Channel must be set for {}'.format(wifi['intf'])) - if len(wifi['sec_wep_key']) > 4: raise ConfigError('No more then 4 WEP keys configurable') @@ -1293,7 +1316,12 @@ def verify(wifi): if not radius['key']: raise ConfigError('Misssing RADIUS shared secret key for server: {}'.format(radius['server'])) + vrf_name = wifi['vrf'] + if vrf_name and vrf_name not in interfaces(): + raise ConfigError(f'VRF "{vrf_name}" does not exist') + # use common function to verify VLAN configuration + verify_vlan_config(wifi) return None @@ -1390,6 +1418,12 @@ def apply(wifi): # ignore link state changes w.set_link_detect(wifi['disable_link_detect']) + # assign to VRF + if wifi['vrf']: + w.add_vrf(wifi['vrf']) + else: + w.del_vrf(wifi['vrf']) + # Change interface MAC address - re-set to real hardware address (hw-id) # if custom mac is removed if wifi['mac']: @@ -1406,8 +1440,10 @@ def apply(wifi): # configure ARP ignore w.set_arp_ignore(wifi['ip_enable_arp_ignore']) - # enable interface - if not wifi['disable']: + # Enable/Disable interface + if wifi['disable']: + w.set_state('down') + else: w.set_state('up') # Configure interface address(es) |