Hi Rich, > > One thing for which I'm not adequately prepared is the person who brings a > switch or a wireless router in bridging (versus NAT) mode. If the bridge > chooses to participate in spanning tree, then BPDUGuard will shut them down; > but if they don't, then what I observe is rapid cycling among the various > MACs on the port. First, this is something we have been asked many times, but I do not have a fully working workaround using port-security. With MAB/802.1X, you have more options.
> > I isolated a few by grepping the log: > > egrep ' pfsetvlan.+ INFO: authorizing .+ at new location ' > ~pf/logs/packetfence.log|perl -pe 's/.+at new location //'|sort|uniq -c|sort > -rn|head -33 > > Then I put them in violation state. This doesn't stop the flapping, but > hopefully it gives them a chance to see what's going on and fix it. Is there > a better way to handle this? Using MAB and multi-domain (or single host) could put the port into err-disabled if multiple macs are seen in the "data" domain/vlan. Using syslog, you could be alerted. > > I don't think I want to set trap_limit because it would deny new connections > to any user of a switch where one user is misbehaving. True, but still, all the person currently authorized would stay authorized. Just the new ones would be impacted. Thanks! > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
