Jake, I think MAC auth bypass (MAB) is the answer here - assuming your switches support it. It's designed for the case you outline, ie clients with no supplicant.
Yes, it's possible to spoof addresses etc - but in reality, people just won't know how to do it or be bothered. That's my experience anyway. Most switches can be configured to fall back to MAB if the client has no 8012x supplicant, so assuming you are making everybody do 'normal' 8012x with a username and password, you'd probably want do that (I assume PF supports a mixture of both methods?) . Personally, we just use MAB throughout as it's much simpler for the end user and I'm not a fan of security at the cost of making things overly complex for users - there should be a balance. Note:-one disadvantage I've found when using MAB is you can only have one device connected per port - at least, that's the case with HP/3Com gear as far as I can work out. Hope that helps, Mark -----Original Message----- From: Sallee, Stephen (Jake) [mailto:[email protected]] Sent: 25 April 2012 04:24 To: [email protected] Subject: [Packetfence-users] gaming consoles and 802.1x auth We are about to roll out 802.1x auth on our wireless network, and more importantly possibly on our wired network as well. For those using 802.1x authentication how do you handle gaming consoles? It seems that ALL of the console makers have left out support for 802.1x (an idiotic move, IMHO). The only thing we have come up with so far is to somehow whitelist the MAC of the device but that is HORRIBLE from a security standpoint since it is so easy to spoof a MAC. I would greatly appreciate any feedback / thoughts. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton TX. 76513 Fone: 254-295-4658 Phax: 254-295-4221 Nuffield College is a Registered Charity No. 1137506. Registered Office: Nuffield College, New Road, Oxford, OX1 1NF ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
