On 03/10/2012 16:35, Sallee, Stephen (Jake) wrote: > Did you enable mac auth bypass?
Yes, but we have to re-check freeradius mab conf ;) > I believe you will need to use MAB if the 802.1x fails, without it your port > goes into the err-disable state and after 30 seconds (by default) it will try > to auth again. We're trying to follow this method ... work in progress, thank you for confirming we're in the right direction :) Luca > > -----Original Message----- > From: Luca Benassi [mailto:[email protected]] > Sent: Wednesday, October 03, 2012 9:24 AM > To: [email protected] > Subject: [PacketFence-users] Is it possible to ... hum ... bypass second > 802.1x auth? > > We are testing the following scenario (always in our routed test lab): > > 1) if the client is 802.1x enabled (and has the correct credentials) it's > moved from *registration* vlan to *normal-1* vlan (IT WORKS) > > 2) if the client has no 802.1x support, it has to authenticate through > captive-portal, and if succeeds it's moved from *registration* to > *normal-2* vlan. > > Our phase 2 doesn't work: the client is correctly moved from > *registration* to *normal-2* vlan, but after 10-15 seconds it's moved back to > *registration* and then loops between *registration* and > *normal-2* :( > > Does this happens because the cisco switch wants to reauthenticate through > 802.1x? > > Any hints on how to achieve our goal? :) > > Luca ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
