Commit def4a8e2 authored by Gabriel Detraz's avatar Gabriel Detraz Committed by root

Merge branch 'freeradius3'

parents beb7e202 a6ca634c
This diff is collapsed.
#
# Make sure the PYTHONPATH environmental variable contains the
# directory(s) for the modules listed below.
#
# Uncomment any func_* which are included in your module. If
# rlm_python is called for a section which does not have
# a function defined, it will return NOOP.
#
python crans {
# Path to the python modules
#
# Note that due to limitations on Python, this configuration
# item is GLOBAL TO THE SERVER. That is, you cannot have two
# instances of the python module, each with a different path.
#
python_path="/usr/scripts/:/usr/scripts/freeradius/3.0/:/usr/lib/python2.7/:/usr/lib/python2.7/dist-packages/:/usr/lib/python2.7/lib-dynload/"
module = auth
mod_instantiate = ${.module}
func_instantiate = instantiate
mod_detach = ${.module}
func_detach = detach
mod_authorize = ${.module}
func_authorize = authorize
mod_authenticate = ${.module}
func_authenticate = authenticate
mod_preacct = ${.module}
func_preacct = preacct
mod_accounting = ${.module}
func_accounting = accounting
mod_checksimul = ${.module}
func_checksimul = checksimul
mod_pre_proxy = ${.module}
func_pre_proxy = pre_proxy
mod_post_proxy = ${.module}
func_post_proxy = post_proxy
mod_post_auth = ${.module}
func_post_auth = post_auth
mod_recv_coa = ${.module}
func_recv_coa = recv_coa
mod_send_coa = ${.module}
func_send_coa = send_coa
}
../mods-available/crans
\ No newline at end of file
#
# Normalize the MAC Addresses in the Calling/Called-Station-Id
#
mac-addr-regexp = '([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})'
#
# Add "rewrite_called_station_id" in the "authorize" and
# "preacct" sections.
#
# Makes Called-Station-ID conform to what RFC3580 says should
# be provided by 802.1X authenticators.
#
rewrite_called_station_id_unix {
if (&Called-Station-Id && (&Called-Station-Id =~ /^${policy.mac-addr-regexp}([^0-9a-f](.+))?$/i)) {
update request {
&Called-Station-Id := "%{toupper:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}"
}
# SSID component?
if ("%{8}") {
update request {
&Called-Station-SSID := "%{8}"
}
}
updated
}
else {
noop
}
}
#
# Add "rewrite_calling_station_id" in the "authorize" and
# "preacct" sections.
#
# Makes Calling-Station-ID conform to what RFC3580 says should
# be provided by 802.1X authenticators.
#
rewrite_calling_station_id_unix {
if (&Calling-Station-Id && (&Calling-Station-Id =~ /^${policy.mac-addr-regexp}$/i)) {
update request {
&Calling-Station-Id := "%{toupper:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}"
}
updated
}
else {
noop
}
}
#
# Rewrite NAS-Identifier attribute to match the RADIUS request
# source IP address
#
rewrite_nas_ip_address {
update request {
&NAS-IP-Address := "%{Packet-Src-IP-Address}"
}
updated
}
-- Schéma de la table utilisée pour l'accounting RADIUS
CREATE TABLE IF NOT EXISTS accounting (
-- Adresse MAC du client
"mac" macaddr PRIMARY KEY,
-- Type de machine
"type" varchar NOT NULL,
-- Identifiant de session unique
"session_id" varchar UNIQUE NOT NULL,
-- Date de dernière mise à jour de l'entrée
"last_update" timestamp with time zone NOT NULL DEFAULT now(),
-- NAS ayant fourni le service au client
"nas" macaddr NOT NULL,
-- Port attribué au client par la NAS
"port" integer NOT NULL,
-- SSID auquel a accédé le client, le cas échéant
"ssid" varchar DEFAULT NULL,
-- BSS auquel le client a accédé, le cas échéant
"bss" macaddr,
-- VLAN sur lequel a été placé le client
"vlan" integer,
CHECK ("type" IN ('Wired', 'Wireless')),
CHECK (("type" = 'Wired' AND "ssid" IS NULL) OR ("type" = 'Wireless' AND "ssid" IS NOT NULL)),
CHECK ("vlan" IS NULL OR (0 <= "vlan" AND "vlan" <= 4094))
);
##
## Gestion de l'authentification des adhérents Crans
## Gère à la fois IEEE 802.1X et MAC Auth
##
server crans {
listen {
type = auth
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = acct
ipaddr = *
port = 0
limit {
max_pps = 100
}
}
listen {
type = auth
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = acct
ipv6addr = ::
port = 0
limit {
max_pps = 100
}
}
authorize {
# Pré-traitement des données du paquet
utf8
filter_username
preprocess
rewrite_nas_ip_address
rewrite_called_station_id_unix
rewrite_calling_station_id_unix
suffix
# Séparation entre IEEE 802.1X et MAC Auth
if (&EAP-Message) {
# Nos équipements utilisent PEAP pour transporter les informations
# utiles de manière sécurisée
eap {
ok = return
}
}
else {
# A priori, nos équipements en MAC Auth utilisent CHAP avec
# l'adresse MAC de l'utilisateur
chap
crans
}
}
authenticate {
# Le module "crans" sert ici à vérifier que la machine n'est pas
# un machine inconnue
Auth-Type CHAP {
chap
crans
}
Auth-Type eap {
eap
crans
}
}
preacct {
# Pré-traitement des requêtes de comptabilisation
utf8
preprocess
rewrite_nas_ip_address
rewrite_called_station_id_unix
rewrite_calling_station_id_unix
suffix
}
accounting {
# Traitement des requêtes de comptabilisation
# Le but de cette section est de déterminer si une session en cours doit
# être interrompue en fonction de l'état courant et des changements qui
# ont eu lieu entre temps
crans
if (&config:Send-Disconnect-Request) {
update disconnect {
&User-Name := &User-Name
&Acct-Session-Id := &Acct-Session-Id
&NAS-Identifier := &NAS-Identifier
&Event-Timestamp := "%l"
}
}
elsif (&config:Send-CoA-Request) {
update coa {
&User-Name := &User-Name
&Acct-Session-Id := &Acct-Session-Id
&NAS-Identifier := &NAS-Identifier
&NAS-IP-Address := &NAS-IP-Address
&NAS-IPv6-Address := &NAS-IPv6-Address
&Tunnel-Type := VLAN
&Tunnel-Medium-Type := IEEE-802
&Tunnel-Private-Group-ID := &config:Tunnel-Private-Group-ID
&Event-Timestamp := "%l"
}
}
else {
noop
}
}
post-auth {
# Une fois l'authentification effectuée, on vérifie les blacklistes
if (&Realm == "DEFAULT") {
noop
} else {
crans
}
}
post-proxy {
# Dans le cas d'une requête proxifiée, on droppe les attributs de la réponse
# qui pourraient nous poser problème et on rajoute les nôtres
attr_filter.post-proxy
switch &proxy-reply:Packet-Type {
# Dans le cas d'une réponse positive, on place l'invité sur le VLAN des invités
case Access-Accept {
update reply {
&Tunnel-Type := VLAN
&Tunnel-Medium-Type := 802
&Tunnel-Private-Group-ID := 22
&Class := "22"
&Reply-Message := "Authentication succeded"
}
updated
}
# Sinon, on le place sur le VLAN d'accueil
case Access-Reject {
update reply {
&Tunnel-Type := VLAN
&Tunnel-Medium-Type := 802
&Tunnel-Private-Group-ID := 7
&Class := "7"
&Reply-Message := "Authentication failed"
}
updated
}
# Réponses aux requêtes CoA proxyfiées
case CoA-ACK {
ok
}
case CoA-NAK {
fail
}
case Disconnect-ACK {
ok
}
case Disconnect-NAK {
fail
}
case {
noop
}
}
# Au cas où le serveur distant ne répond pas, on place l'invité sur le VLAN accueil
Post-Proxy-Type Fail {
update reply {
&Tunnel-Type := VLAN
&Tunnel-Medium-Type := 802
&Tunnel-Private-Group-ID := 7
&Class := "7"
&Reply-Message := "Remote authentication server is unreachable, please contact your administrator"
}
updated
}
Post-Proxy-Type Fail-CoA {
fail
}
Post-Proxy-Type Fail-Disconnect {
fail
}
}
}
This diff is collapsed.
../sites-available/crans
\ No newline at end of file
../sites-available/crans-inner-tunnel
\ No newline at end of file
......@@ -105,6 +105,12 @@ def disabled_radius():
results = cur.fetchall()
return [batiment.upper()+chambre for batiment, chambre in results]
@_need_conn
def poe_enabled():
cur = conn.cursor()
cur.execute("SELECT UPPER(batiment)||TO_CHAR(prise_crans, 'FM099'), poe_status FROM prises_prise;")
return cur.fetchall()
@_need_conn
def reverse(batiment, prise = None):
"""Correspondance prise -> chambre"""
......@@ -149,18 +155,20 @@ uplink_prises={ 'a' :
224 : 'uplink->backbone',
},
'b' :
{ 49 : 'uplink->batb-4', 50 : 'libre-service',
149 : 'uplink->batb-4',135 : 'libre-service', 150 : 'libre-service',
249 : 'uplink->batb-4', 250 : 'libre-service', # 249 morte ?! (olasd 21/01/2010)
349 : 'uplink->batb-4', 350 : 'libre-service',
401 : 'uplink->batb-0', 402 : 'uplink->batb-1',
403 : 'uplink->batb-2', 404 : 'uplink->batb-3',
{ 49 : 'libre-service', 50 : 'uplink->batb-4',
149 : 'libre-service', 150 : 'uplink->batb-4',
249 : 'libre-service', 250 : 'uplink->batb-4',
251 : 'libre-service', 252 : 'libre-service',
349 : 'libre-service', 350 : 'uplink->batb-4',
351 : 'libre-service', 352 : 'libre-service',
421 : 'uplink->batb-0', 422 : 'uplink->batb-1',
423 : 'uplink->batb-2', 424 : 'uplink->batb-3',
405 : 'uplink->backbone',
626 : 'uplink->backbone',
},
'c' :
{ 49 : 'uplink->batc-3', 50 : 'libre-service',
149 : 'uplink->batc-3', 150 : 'libre-service',
147 : 'uplink->batc-3',
224 : 'uplink->batc-3',
301 : 'uplink->batc-0', 302 : 'uplink->batc-1',
304 : 'uplink->batc-4',
......@@ -174,28 +182,28 @@ uplink_prises={ 'a' :
149 : 'uplink->batg-8', 150 : 'libre-service',
247 : 'uplink->batg-8',
249 : 'uplink->batg-8', 250 : 'libre-service',
449 : 'uplink->batg-9', 450 : 'uplink->batg-5',
449 : 'uplink->batg-9', 450 : 'libre-service',
549 : 'uplink->batg-9', 550 : 'uplink->batg-6',
549 : 'uplink->batg-9', 550 : 'libre-service',
649 : 'uplink->batg-9', 650 : 'uplink->batg-5',
649 : 'uplink->batg-9', 650 : 'libre-service',
801 : 'uplink->batg-1', 802 : 'uplink->batg-2',
825 : 'uplink->batg-0',
825 : 'uplink->batg-0', 826 : 'libre-service',
823 : 'uplink->batg-9',
901 : 'uplink->batg-4', 902 : 'uplink->batg-5',
903 : 'uplink->batg-6', 904 : 'uplink->batg-8',
},
'h' :
{ 49 : 'uplink->bath-2', 50 : 'libre-service',
149 : 'uplink->bath-2', 150 : 'libre-service',
219 : 'uplink->bath-0', 221 : 'uplink->bath-1',
{ 49 : 'libre-service', 50 : 'uplink->bath-2',
149 : 'libre-service', 150 : 'uplink->bath-2',
221 : 'uplink->bath-0',
222 : 'uplink->bath-3', 223 : 'uplink->backbone',
224 : 'libre-service',
224 : 'uplink->bath-1',
303 : 'uplink->bath-2' },
'i' :
{ 49 : 'uplink->bati-3', 50 : 'libre-service',
......@@ -204,10 +212,10 @@ uplink_prises={ 'a' :
328 : 'uplink->backbone' },
'j' :
{ 49 : 'uplink->batj-3', 50 : 'libre-service',
149 : 'uplink->batj-3', 150 : 'libre-service', # XXX: 150 semble morte
149 : 'uplink->batj-3', 147 : 'libre-service',
223 : 'uplink->batj-3', 224 : 'libre-service',
328 : 'uplink->backbone',
301 : 'uplink->batj-0', 303 : 'uplink->batj-1',
301 : 'uplink->batj-0', 326 : 'uplink->batj-1',
305 : 'uplink->batj-2', 307 : 'uplink->batj-4',
421 : 'uplink->batj-3', 422 : 'libre-service',
},
......@@ -216,28 +224,36 @@ uplink_prises={ 'a' :
},
'm' :
{
49 : 'libre-service', 50 : 'uplink->batm-7',
49 : 'libre-service', 50 : 'uplink->batm-7',
51 : 'libre-service', 52 : 'libre-service',
149 : 'libre-service', 150 : 'uplink->batm-7',
249 : 'libre-service', 250 : 'uplink->batm-7',
349 : 'libre-service', 350 : 'uplink->batm-7',
449 : 'libre-service', 450 : 'uplink->batm-7',
549 : 'libre-service', 550 : 'uplink->batm-7',
650 : 'uplink->batm-7',
151 : 'libre-service', 152 : 'libre-service',
249 : 'libre-service', 250 : 'uplink->batm-7',
251 : 'libre-service', 252 : 'libre-service',
#341 : '? 502b ? Label 5', 345 : 'Label 7',
349 : 'libre-service', 350 : 'uplink->batm-7',
351 : 'libre-service', 352 : 'libre-service',
449 : 'libre-service', 450 : 'uplink->batm-7',
451 : 'libre-service', 452 : 'libre-service',
549 : 'libre-service', 550 : 'uplink->batm-7',
551 : 'libre-service', 552 : 'libre-service',
650 : 'uplink->batm-7', 651 : 'libre-service',
652 : 'libre-service',
747 : 'libre-service', 750 : 'libre-service',
751 : 'libre-service', 752 : 'libre-service',
749 : 'uplink->backbone', 720 : 'uplink->batm-0',
719 : 'uplink->batm-1', 718 : 'uplink->batm-2',
717 : 'uplink->batm-3', 716 : 'uplink->batm-4',
715 : 'uplink->batm-5', 714 : 'uplink->batm-6',
719 : 'uplink->batm-1', 718 : 'uplink->batm-2',
717 : 'uplink->batm-3', 716 : 'uplink->batm-4',
715 : 'uplink->batm-5', 714 : 'uplink->batm-6',
},
'p' :
{
49 : 'uplink->batp-4 (R4.1)',
149: 'uplink->batp-4 (R3.1)',
249: 'uplink->batp-4 (R2.1)',
350: 'uplink->batp-4 (R1.2)',
347: 'uplink->batp-4 (R1.2)',
401: 'uplink->batp-3', 402: 'uplink->batp-2',
403: 'uplink->batp-1', 404: 'uplink->batp-0',
405: 'libre-service', 409: 'uplink->bato-1',
......
# -*- mode: python; coding: utf-8 -*-
# Mapping des versions de switchs <-> firmware à jour
hp_procurve_map = {
"J9776" : ("YA.16.05.0003", "HP 2530"),
"J9777" : ("YA.16.05.0003", "HP 2530"),
"J9773" : ("YA.16.05.0003", "HP 2530"),
"J9775" : ("YA.16.05.0003", "HP 2530"),
"J9772" : ("YA.16.05.0003", "HP 2530"),
"J4899" : ("H.10.119", "HP 2650"),
"J4900" : ("H.10.119", "HP 2626"),
"J9626" : ("RA.16.04.0009", "HP 2620"),
"J9623" : ("RA.16.04.0009", "HP 2620"),
"J9624" : ("RA.16.04.0009", "HP 2620"),
"J9145" : ("W.15.14.0016", "HP 2910 al"),
"J9085" : ("R.11.121", "HP 2610"),
"J9088" : ("R.11.121", "HP 2610"),
"J9021" : ("N.11.78", "HP 2810"),
"J9727" : ("WB.16.05.0003", "HP 2920"),
}
"""
Configuration pour les scripts travaillant sur des switches.
"""
all_models = [
"HP 2530", "HP 2626", "HP 2650", "HP 2620",
"HP 2910 al", "HP 2610", "HP 2810", "HP 2920",
## Fonctionnalités des switches
ALL_FEATURES = [
'POE', 'DHCP_SNOOPING', 'IPv6_MGMT', 'RA_GUARD',
'MLD_SNOOPING', 'SNTP_NEW_SYNTAX', 'GIGABIT', 'OOBM',
'FILTER_MDNS', 'RADIUS_DAE', 'DHCPv6_SNOOPING', 'IGMP_SNOOPING',
'ARP_PROTECT', 'IPv6_LOGGING',
]
# Support du PoE(+)
POE = "PoE"
# Support de l'IGMP Snooping
IGMP_SNOOPING = "IGMP Snooping"
# Support du DHCP Snooping
DHCP_SNOOPING = "DHCP Snooping"
# Support du DHCPv6 Snooping
DHCPv6_SNOOPING = "DHCPv6 Snooping"
#Support ARP protect
ARP_PROTECT = "Arp Protect"
# Support de RA Guard
RA_GUARD = "RA Guard"
# Management en IPv6
IPv6_MGMT = "IPv6 Management"
# Logs over ipv6
IPv6_LOGGING = "Ipv6 logging"
# Support du MLD snooping
MLD_SNOOPING = "MLD Snooping"
# Syntaxe de la configuration SNTP
SNTP_NEW_SYNTAX = "SNTP New Syntax"
# Ports Gigabit uniquement
GIGABIT = "Gigabit ports"
# Out-Of-Bandwidth Management
OOBM = "Out-Of-Bandwidth Management"
# Filtrage des trames mDNS
FILTER_MDNS = "mDNS filtering"
# Extensions dynamiques RADIUS
RADIUS_DAE = "RADIUS Dynamic Authorization Extensions"
## Configuration des différents modèles de switches
## Chaque référence de switch est représenté par un dictionnaire
## répertoriant :
## - Le modèle du switch (ex. HP 2530)
## - La version du firmware (ex. YA.16.04.0008)
## - La liste des fonctionnalités supportées par le switch
## - Une liste des ports (Q)SFP(+) du switch, le cas échéant
## - Une liste des modules qui le constituent, le cas échéant.
HP_PROCURVE_MAP = {
"J4899" : {
'model' : "HP 2650",
'firmware' : "H.10.119",
'features' : [IGMP_SNOOPING, DHCP_SNOOPING],
},
"J4900" : {
'model' : "HP 2626",
'firmware' : "H.10.119",
'features' : [IGMP_SNOOPING, DHCP_SNOOPING],
},
"J9021" : {
'model' : "HP 2810",
'firmware' : "N.11.78",
'features' : [GIGABIT],
},
"J9085" : {
'model' : "HP 2610",
'firmware' : "R.11.121",
'features' : [IGMP_SNOOPING, DHCP_SNOOPING, ARP_PROTECT],
'sfp' : range(27, 29),
},
"J9088" : {
'model' : "HP 2610",
'firmware' : "R.11.121",
'features' : [IGMP_SNOOPING, DHCP_SNOOPING, ARP_PROTECT],
'sfp' : range(51, 53),
},
"J9145" : {
'model' : "HP 2910al",
'firmware' : "W.15.14.0016",
'features' : [
IPv6_MGMT, IGMP_SNOOPING, DHCP_SNOOPING, RA_GUARD,
GIGABIT, SNTP_NEW_SYNTAX, RADIUS_DAE,
FILTER_MDNS, ARP_PROTECT,
],
'modules' : ["J9145A"],
'sfp' : range(21, 25),
},
"J9623" : {
'model' : "HP 2620",
'firmware' : "RA.16.04.0009",
'features' : [
IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD,
MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, RADIUS_DAE,
FILTER_MDNS, ARP_PROTECT, IPv6_LOGGING,
],
},
"J9624" : {
'model' : "HP 2620",
'firmware' : "RA.16.04.0009",
'features' : [
IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING,
RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX,
RADIUS_DAE, FILTER_MDNS, ARP_PROTECT, IPv6_LOGGING,
],
'sfp' : range(27, 29),
'poe' : range(1, 13),
},
"J9626" : {
'model' : "HP 2620",
'firmware' : "RA.16.04.0009",
'features' : [
IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD,
MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, RADIUS_DAE,
FILTER_MDNS, ARP_PROTECT, IPv6_LOGGING,
],
},
"J9727" : {
'model' : "HP 2920",
'firmware' : "WB.16.05.0003",
'features' : [
IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING,
RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX,
GIGABIT, OOBM, RADIUS_DAE, FILTER_MDNS, ARP_PROTECT, IPv6_LOGGING,
],
'modules' : ["J9727A"],
'sfp' : range(21, 25),
'poe' : range(1, 25),
},
"J9772" : {
'model' : "HP 2530",
'firmware' : "YA.16.05.0003",
'features' : [
IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING,
RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX,
GIGABIT, RADIUS_DAE, FILTER_MDNS, ARP_PROTECT, IPv6_LOGGING,
],
'sfp' : range(49, 53),
'poe' : range(1, 53),
},
"J9773" : {
'model' : "HP 2530",
'firmware' : "YA.16.05.0003",
'features' : [
IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING,
RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX,
GIGABIT, RADIUS_DAE, FILTER_MDNS, ARP_PROTECT, IPv6_LOGGING,
],
'sfp' : range(25, 29),
'poe' : range(1, 25),
},
"J9775" : {
'model' : "HP 2530",
'firmware' : "YA.16.05.0003",
'features' : [
IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD,
MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, GIGABIT,
RADIUS_DAE, FILTER_MDNS, ARP_PROTECT, IPv6_LOGGING,
],
'sfp' : range(49, 53),
},
"J9776" : {
'model' : "HP 2530",
'firmware' : "YA.16.05.0003",
'features' : [
IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD,
MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, GIGABIT,
RADIUS_DAE, FILTER_MDNS, ARP_PROTECT, IPv6_LOGGING,
],
'sfp' : range(25, 29),
},
"J9777" : {
'model' : "HP 2530",
'firmware' : "YA.16.05.0003",
'features' : [
IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD,
MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, GIGABIT,
RADIUS_DAE, FILTER_MDNS, ARP_PROTECT, IPv6_LOGGING,
],
'sfp' : range(9, 11),
},
}
ALL_MODELS = list({switch["model"] for switch in HP_PROCURVE_MAP.values()})
......@@ -51,9 +51,9 @@ class Dialog(certificat.Dialog, blacklist.Dialog):
to_display_borne = [(a.canal, 10),
(a.puissance, 10),
(a.positionBorne, 50),
(a.prise, 10)]
(a.prise, 10), (a.untagvlan, 10)]
to_display_machine_crans = [(a.prise, 10)]
to_display_machine_crans = [(a.prise, 10), (a.untagvlan, 10)]
to_display_switchs = [(a.nombrePrises, 10)]
......