Hi Chelsi
> Is there a way to get the port placed back into the normal VLAN when the
> registered device plugs back in to the port where it is still authorized? We
> would prefer to use Mac Security traps if possible. We could use Link Up/Down
> traps but would like to avoid it due to the volume of traps it would generate.
Port security enforcement method is a bit tricky / picky depending on which
network equipment you are using.
All of them act a bit differently and that cause the whole thing to be
difficult to support because there is no real “standard”.
Unfortunately, we don’t have that model of switch here (at least, not that I
can remember) and that kind of testing / development for PacketFence would
require you to get some support contract with us since it will require some
engineering time on our side.
Maybe someone on the list already ran into that issue and can help tho?
Cheers!
dw.
--
Derek Wuelfrath
[email protected] :: +1.514.447.4918 (x110) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
On Oct 21, 2013, at 2:49 PM, Chelsi Doyle <[email protected]> wrote:
> We’re running PacketFence 4.0.3 and our switches are Nortel/Avaya 5500 and
> 5600 series.
>
> A problem we’ve seen lately is that on switches where we allow more than one
> MAC address per port, the following happens:
>
> 1. User unplugs a registered device
> 2. User plugs in an unregistered device that doesn’t have a web browser
> (ie. Xbox 360), port gets put in the registration VLAN
> 3. User does not register the device and unplugs it
> 4. User plugs registered device back in to the same port
> 5. Because the registered device is still authorized on the port, a Mac
> Security trap is not sent, therefore the port stays in the registration VLAN
>
> Is there a way to get the port placed back into the normal VLAN when the
> registered device plugs back in to the port where it is still authorized? We
> would prefer to use Mac Security traps if possible. We could use Link Up/Down
> traps but would like to avoid it due to the volume of traps it would generate.
>
> Thank you,
> Chelsi Doyle
>
> --
> Chelsi Doyle
> Network Analyst
> Information Technology Services
> University of New Brunswick
> [email protected]
> (506) 447-3033
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
