Development

2026-06-07 17:37:59 -04:00 · 2026-06-07 17:37:59 -04:00 · 3b2f645254
commit 3b2f645254
parent 351ce39558
4 changed files with 34 additions and 30 deletions
--- a/docker/routlin-dash/app/pages/radius/action.py
+++ b/docker/routlin-dash/app/pages/radius/action.py
@ -71,7 +71,7 @@ def auth_mode_save():
        eap_protocol = 'eap_peap'
    tunneled_reply  = 'tunneled_reply' in request.form
    include_length  = 'include_length' in request.form
-    mab_fallback    = 'mab_fallback' in request.form
+    mab_first    = 'mab_first' in request.form
    inner_protocol  = request.form.get('inner_protocol', '')

    _valid_inner = {
@ -85,7 +85,7 @@ def auth_mode_save():
    if auth_mode == 'eap_password':
        after['eap_protocol']   = eap_protocol
        after['tunneled_reply'] = tunneled_reply and eap_protocol in ('eap_peap', 'eap_ttls')
-        after['mab_fallback']   = mab_fallback
+        after['mab_first']   = mab_first
        if eap_protocol in _valid_inner and inner_protocol in _valid_inner[eap_protocol]:
            after['inner_protocol'] = inner_protocol
        else:
@ -96,7 +96,7 @@ def auth_mode_save():
            after.pop('include_length', None)
    elif auth_mode == 'eap_credential':
        after['include_length'] = include_length
-        after['mab_fallback']   = mab_fallback
+        after['mab_first']   = mab_first
        after.pop('eap_protocol',   None)
        after.pop('tunneled_reply', None)
        after.pop('inner_protocol', None)
@ -105,7 +105,7 @@ def auth_mode_save():
        after.pop('tunneled_reply', None)
        after.pop('inner_protocol', None)
        after.pop('include_length', None)
-        after.pop('mab_fallback',   None)
+        after.pop('mab_first',   None)
    cfg.setdefault('radius', {})['options'] = after

    changes = config_utils.diff_fields(before, after)
--- a/docker/routlin-dash/app/pages/radius/content.json
+++ b/docker/routlin-dash/app/pages/radius/content.json
@ -196,11 +196,11 @@
            {
              "type": "field",
              "label": "",
-              "name": "mab_fallback",
+              "name": "mab_first",
              "input_type": "checkbox",
              "checkbox_label": "Try MAB first before prompting supplicant",
-              "value": "%RADIUS_MAB_FALLBACK%",
-              "hint": "When a device fails or skips 802.1X, RADIUS will attempt to authenticate it by MAC address before rejecting it. Useful for networks with a mix of 802.1X-capable and non-802.1X devices."
+              "value": "%RADIUS_MAB_FIRST%",
+              "hint": "RADIUS checks the device's MAC address first. Known devices (those with a DHCP reservation) are admitted immediately without waiting for 802.1X negotiation or credential entry. Unknown devices fall through to 802.1X."
            },
            {
              "type": "raw_html",
--- a/docker/routlin-dash/app/pages/radius/view.py
+++ b/docker/routlin-dash/app/pages/radius/view.py
@ -122,7 +122,7 @@ def collect_tokens(cfg):

    tokens['RADIUS_TUNNELED_REPLY']  = 'true' if fr_opts.get('tunneled_reply', False) else ''
    tokens['RADIUS_INCLUDE_LENGTH']  = 'true' if fr_opts.get('include_length', False) else ''
-    tokens['RADIUS_MAB_FALLBACK']    = 'true' if fr_opts.get('mab_fallback', False) else ''
+    tokens['RADIUS_MAB_FIRST']    = 'true' if fr_opts.get('mab_first', True) else ''

    vlans = cfg.get('vlans', [])
    default_vlan = next((v['name'] for v in vlans if v.get('radius_default') is True), '')