Tim, > Am I crazy here?
Ahah! We are not the kind of guys to decide that ;) > I swear mac-vendor violations used to trigger on the radius provided mac > address. Now, it seems they only trigger when it hits pfdhcplistener. > > Does this have something to do with the migration from using a decimal > encoded mac prefix in the violation to using the mac vendor ID? > > Violations that match a specific mac address still work off the RADIUS > provided mac. I guess you are referring to a pre 5.X version ? Changes to the way PacketFence triggers violations based on device type were made with the introduction of Fingerbank, which was part of 5.X. I’m pretty sure there was no hook in the RADIUS flow to trigger such violation but I can have a look. The thing is, we are now triggering violation mainly based on device types, which is the result of a Fingerbank lookup. That lookup happens both in pfdhcplistener and on the portal. The reason why it is not in the RADIUS flow is basically because the Fingerbank lookup works with device parameters (dhcp fingerprint, dhcp vendor, mac oui, useragent) and since the RADIUS flow only contains the MAC oui, and we are not considering this value as a “good flawless value” we are then not doing Fingerbank lookup. One thing tho is that we could effectively create a hook in the RADIUS flow that would trigger violations not only based on device type but on the MAC OUI. We did a major rework of violations which should be part of future PacketFence version, we will make sure that we cover that. Cheers! dw. — Derek Wuelfrath dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110) Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) > On Oct 8, 2015, at 9:47 AM, Tim DeNike <tim.den...@mcc.edu> wrote: > > I swear mac-vendor violations used to trigger on the radius provided mac > address. Now, it seems they only trigger when it hits pfdhcplistener. > > Does this have something to do with the migration from using a decimal > encoded mac prefix in the violation to using the mac vendor ID? > > Violations that match a specific mac address still work off the RADIUS > provided mac. > > Am I crazy here? > > > ------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users