If two nodes have the same mac (Bob and Mallory) but you are using port-sec, the switches will enter into a authorize/de-authorize fight loop. Technically, both parties should stop working as both will be auth/deauth/auth/deauth/etc.
In 802.1X, if Mallory spoof the mac of Bob, Mallory still need valid domain credentials to login. In MAB, I don't think there are protections against that. Both Mallory and Bob would be authorized if they are not on the same switch. And this is why MAB should be only used for guests or for devices not on critical vlans (aka printer vlan). Maybe some have other thoughts. I guess the best way to validate all that is for you to test the scenarios. On 2013-07-11 10:40 AM, Tim DeNike wrote: > I was thinking about Mac spoofing. > > Sent from my iPhone > > On Jul 11, 2013, at 10:29 AM, Francois Gaudreault > <[email protected]> wrote: > >> Depends if you use port-sec or 802.1x/MAB. >> >> If you use port-sec, PF will put back the generic mac address on the >> device's old port. If you use 802.1x/mab, well as soon as you unplug >> the cable, session is gone anyway so.. >> >> >> On 2013-07-11 9:51 AM, Tim DeNike wrote: >>> Havent tested it yet, but if the same mac shows up on another switch, >>> will PF de-auth the other session? What happens? >>> >>> >>> ------------------------------------------------------------------------------ >>> See everything from the browser to the database with AppDynamics >>> Get end-to-end visibility with application monitoring from AppDynamics >>> Isolate bottlenecks and diagnose root cause in seconds. >>> Start your free trial of AppDynamics Pro today! >>> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk >>> >>> >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> -- >> Francois Gaudreault >> Architecte de Solution Cloud | Cloud Solutions Architect >> [email protected] >> 514-629-6775 >> - - - >> CloudOps >> 420 rue Guy >> Montréal QC H3J 1S6 >> www.cloudops.com >> @CloudOps_ >> >> >> ------------------------------------------------------------------------------ >> See everything from the browser to the database with AppDynamics >> Get end-to-end visibility with application monitoring from AppDynamics >> Isolate bottlenecks and diagnose root cause in seconds. >> Start your free trial of AppDynamics Pro today! >> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- Francois Gaudreault Architecte de Solution Cloud | Cloud Solutions Architect [email protected] 514-629-6775 - - - CloudOps 420 rue Guy Montréal QC H3J 1S6 www.cloudops.com @CloudOps_ ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
