Hi, I need some fresh ideas because I am kind of stuck with the following problem:
We use PF as a Network Access Control solution together with Cisco-Switches. The enforcement is based on the switches configured with port-security and SNMP. Everything works so far without any problems. According to their role/attached MAC the switch ports belong to certain VLANs. Switch ports with new nodes belong to the registration-VLAN. The nodes are enabled to be part of the production-system by changing their roles/VLANs. Everything quite straight forward. However, there are some nodes with two/multiple MAC addresses. Simplified these nodes use their hardware MACs for communication in order to detect if they are in a trusted network. If they can reach a specific host for authentication a Virtual-Machine is started with a MAC derived form the Hardware-MAC-but not the same. The NIC of the VM is bridged to the Hardware-Interface. The behavior of these nodes is not changeable. The switch port sees now at least two MACs: One from the Hardware-NIC and one from the VM. The only way to tackle this problem is to take out specific switch ports from NAC and nail them manually to the MACs. I’d appreciate any different approaches. Thanks Markus ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
