So, the freshman horde arrives next Tuesday. Thus far, PacketFence has survived contact with the early arrivals. I'm using all Cisco switches (3550, 3650, and 6509) in port-security mode.
One thing for which I'm not adequately prepared is the person who brings a switch or a wireless router in bridging (versus NAT) mode. If the bridge chooses to participate in spanning tree, then BPDUGuard will shut them down; but if they don't, then what I observe is rapid cycling among the various MACs on the port. I isolated a few by grepping the log: egrep ' pfsetvlan.+ INFO: authorizing .+ at new location ' ~pf/logs/packetfence.log|perl -pe 's/.+at new location //'|sort|uniq -c|sort -rn|head -33 Then I put them in violation state. This doesn't stop the flapping, but hopefully it gives them a chance to see what's going on and fix it. Is there a better way to handle this? I don't think I want to set trap_limit because it would deny new connections to any user of a switch where one user is misbehaving. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
