Hi Alan, PF will always keep the reg/unreg status to a NODE (aka PC/Phone/Smartphone) not a USER. It is really important to understand the difference.
> What if the user logs off and > another user logs on, but the device never changes state WRT the > network? Does a signal/trap get generated in this case that causes a > re-authentication to occur? If not, shouldn't it? Two possibilities here. If we use port-security, we do not "care" of if the machine is connected or not, and we do not know which user is connected on the machine itself. Once the machine is authorized on the port on a certain VLAN, it will stay like this until the node is unregistered in PF. If we use 802.1X, we know the user that authenticated to get port access, and every time an authentication happens, a RADIUS call is made with the proper attributes. With this technology, we can do some more complex flows (ie. VLAN per Domain, VLAN per AD group, etc). So, for example, if a user logout, and another login, we could potentially change the attributes of the NODE (likely the category), and return a different VLAN since a new user connected. I hope it answers your questions! -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
