Hello Markus, PacketFence will only deal with one mac address for the data vlan and another one for the voice vlan, you can't have 2 macs in the data vlan.
What we recommend is to use nat for your virtual machine or check if your switch is able to do multi auth (http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe-3se/3850/sec-user-8021x-xe-3se-3850-book/sec-ieee-802x-multi-auth.html). Regards Fabrice Le 2017-01-03 à 15:24, Markus Kuttke a écrit : > Hi, > I need some fresh ideas because I am kind of stuck with the following problem: > > We use PF as a Network Access Control solution together with Cisco-Switches. > The enforcement is based on the switches configured with port-security and > SNMP. Everything works so far without any problems. According to their > role/attached MAC the switch ports belong to certain VLANs. Switch ports with > new nodes belong to the registration-VLAN. The nodes are enabled to be part > of the production-system by changing their roles/VLANs. Everything quite > straight forward. > > However, there are some nodes with two/multiple MAC addresses. Simplified > these nodes use their hardware MACs for communication in order to detect if > they are in a trusted network. If they can reach a specific host for > authentication a Virtual-Machine is started with a MAC derived form the > Hardware-MAC-but not the same. The NIC of the VM is bridged to the > Hardware-Interface. The behavior of these nodes is not changeable. > > The switch port sees now at least two MACs: One from the Hardware-NIC and one > from the VM. > > The only way to tackle this problem is to take out specific switch ports from > NAC and nail them manually to the MACs. > > I’d appreciate any different approaches. > > Thanks > Markus > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
