> > The problem I seeing and may be inherent with port security is that if > they are not running the PDA emulator or the VM and a separate device is > plugged in the port doesn’t through a violation to Packetfence. > > A violation only occurs when the max on that vlan is hit. >
Correct, adding an additional MAC to the maximum won't do it. > > > Would moving to MAB or 802.1x correct this? I have never used these 2 > security methods and so I have been hesitant to move that direction. > Unsure about MAC-Auth (Cisco's MAB) but in 802.1X there's a mode where the first MAC to authenticate enables any MAC on the port to communicate to the network. It's the multi-host mode. You might want to look into that. Be aware that MAC-Auth / 802.1X was accidentally broken between 2.1.0 and 2.2.1. -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
