So, in a couple of months, PF 3.3+ will be taking over my wired network with (nearly) 100% Cisco 3560's (various models), all running IOS 12.2(55) or later.
Most of the docs advise 802.1X/MAB. Fine. How do state changes happen when devices need to go in/out of registration/isolation? Is it CoA (I thought that was only supported on wireless)? SNMP? Scripted CLI? [How] could I support multiple MACs per switch port? Some of our buildings have inadequate copper plant, so hubs are legitimately in use. I'd be OK with a model that allowed all access to normalVlan if one connected device is registered, and isolated the port if one connected device is in violation. Does this require port security or link trap instead? (I guess buying a bunch of cheap manageable switches as "roaming devices" is a possibility, with each roaming device itself becoming PF-managed, but this requires boots on the ground...) -- Rich Graves http://claimid.com/rcgraves Carleton.edu Sr UNIX and Security Admin ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
