squark-auth − Squark authentication helper for Squid
squark-auth [option]...
squark−auth is an external acl helper for Squid. It maps IP-address to credentials information collected from managed switches using SNMP.
The code first maps received IP to a MAC using SNMP query from the router connecting to client IP’s subnet.
This is followed with MAC tracing of the MAC address. The switch BRIDGE-MIB forwarding database is queried to detect which switch port is active for the MAC. LLDP-MIB is then queried to receive IP-address of the switch connected to this port. This is repeated until we end up in "edge switch" which does not have any LLDP information available for the port where the MAC address is assigned.
Finally, the edge switch is interrogated for detailed information of the port and connected client.
The following
options are recognized:
−c snmp−communicty
Allows specifying SNMP community. If specified SNMPv2c mode is assumed. To use SNMPv3 you need to configure the required version and authentication keys using standard net-snmp configuration files.
−r layer3−root−ip
The management IP-address of the default gateway router for the clients. If you have multiple "routing switches", this should be the closest such switch to the machine running squark−auth.
−i layer3−root−interface
The router’s network interface connected to the subnet containing the clients.
−R layer2−root−ip
In case the router and the first switch are different devices and the router does not support BRIDGE-MIB, this can be used to specify the IP-address of the first switch. Defaults to layer3−root−ip.
-v layer2−vlan
The VLAN index of the client’s subnet for the layer2 switches.
-f username−format
Specifies the format of the username to given back for squid. The following format specifiers are supported: |
Defaults to "%w".
-T topology−file
Load external topology information for switches not supporting LLDP.
Timo Teras <[email protected]>