Hi Daniel,
Boyd, Daniel wrote:
> Didn’t I see somewhere that 1.9.0 will auto-register devices based on
> MAC address matches? If so, how do I accomplish this? I have students
> with Blue-Ray players equipped with NetFlix and they need to auto-register.
>
Yes, you can do so. Create a violation with VENDORMAC trigger and
autoreg action. The VENDORMAC trigger is documented in the
conf/violations.conf file:
#
# Example config to block a whole class of devices based on their MAC
address
# Trigger format: The number is a decimal representation of the OUI
(Vendor) portion of the MAC.
# To generate such a representation you can use perl -e "print
hex('001620');"
# There is a copy of the oui.txt file in conf/ to help you match vendor
name and vendor mac.
#
[1100002]
desc=Block a type of Sony Ericsson Mobile MAC addresses
url=/content/index.php?template=banned_devices
trigger=VENDORMAC::5664
actions=trap,email,log
disable=Y
So as you could see, you need to transform the Vendor portion of the MAC
(first 6 hex) into integer and then define the trigger as:
VENDORMAC::integer
Then in actions=... use autoreg and when the violation will be met, the
node will be auto-registered.
Notice: Remember that a MAC address can easily be spoofed and they could
do so explicitly to gain network access without authentication. I always
suggest putting them in another VLAN with more surveillance using node
categories and custom VLANs.
That said, you should look into auto-registration by dhcp fingerprint if
possible. It is harder to trick (students are less aware of these
counter-measures and they require more work to perform).
To use it, the blu-ray players needs to be properly identified by the OS
detection system (using dhcp fingerprints). If they are not identified
and you know they are blu-ray systems, you can submit the dhcp
fingerprints to us and we will update our database.
To enable a dhcp fingerprint autoreg violation:
- Find the dhcp fingerprint to authorize. Right now it is harder than it
should be, I filed an issue about it[1].
-- edit a node where you see the wanted fingerprint and go look in
conf/dhcp_fingerprints.conf what is the fingerprint. take the number
written besides os so 700 for TiVo (fingerprint 28,2,3,15,6,12) under
[os 700].
- In the violation, add OS::700 and actions autoreg.
- voilà
Let me know how it goes.
Have a nice day!
[1] http://www.packetfence.org/bugs/view.php?id=1075
--
Olivier Bilodeau
[email protected] :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
