diff --git a/Changes b/Changes index d5aebd4e..d4eac3ff 100644 --- a/Changes +++ b/Changes @@ -3,6 +3,7 @@ [NEW FEATURES] * ACLs portctl_no and portctl_only for limiting port control targets + * Config setting portctl_nowaps to prevent port control on WAP ports 2.049001 - 2021-08-22 diff --git a/lib/App/Netdisco/Util/Port.pm b/lib/App/Netdisco/Util/Port.pm index e1cb2e45..cc9ac979 100644 --- a/lib/App/Netdisco/Util/Port.pm +++ b/lib/App/Netdisco/Util/Port.pm @@ -11,7 +11,7 @@ our @EXPORT = (); our @EXPORT_OK = qw/ vlan_reconfig_check port_reconfig_check get_port get_iid get_powerid - is_vlan_interface port_has_phone + is_vlan_interface port_has_phone port_has_wap /; our %EXPORT_TAGS = (all => \@EXPORT_OK); @@ -101,6 +101,7 @@ sub port_reconfig_check { my $ip = $port->ip; my $name = $port->port; + my $has_wap = port_has_wap($port); my $has_phone = port_has_phone($port); my $is_vlan = is_vlan_interface($port); @@ -119,6 +120,10 @@ sub port_reconfig_check { if ($port->is_uplink or $port->remote_type) and not $has_phone and not setting('portctl_uplinks'); + # wap check + return "forbidden: port [$name] on [$ip] is a wireless ap" + if $has_wap and setting('portctl_nowaps'); + # phone check return "forbidden: port [$name] on [$ip] is a phone" if $has_phone and setting('portctl_nophones'); @@ -234,4 +239,15 @@ sub port_has_phone { return ($properties ? $properties->remote_is_phone : undef); } +=head2 port_has_wap( $port ) + +Returns true if the C<$port> L object has a wireless AP connected. + +=cut + +sub port_has_wap { + my $properties = (shift)->properties; + return ($properties ? $properties->remote_is_wap : undef); +} + 1; diff --git a/share/config.yml b/share/config.yml index 1010f67a..ae854b97 100644 --- a/share/config.yml +++ b/share/config.yml @@ -186,6 +186,7 @@ vlanctl: true portctl_nameonly: false portctl_no: [] portctl_only: [] +portctl_nowaps: false portctl_nophones: false portctl_vlans: false portctl_uplinks: false