We have several thousand chromebooks that are currently authenticating
with a pre-shared key. We try and keep the key from getting out, but
eventually it does. Then we need to change it on the controller and get
the new key on all the chromebooks. It's a pain, so we're trying to move
away from pre-shared keys.
We thought that a solution would be to use MAC filtering and have
Packetfence do the authenticating, rather than load the thousands of MAC
addresses onto the controller.
As a separate project, we're looking at Packetfence to provide secure
limited access wireless to our network for outside vendors coming in.
On 6/28/2018 12:35 PM, Sallee, Jake via PacketFence-users wrote:
I think I'm confused.
I thought your problem was you had lots of chromebooks you wanted to register
without having to go through the captive portal on each one.
There are two ways you can do this:
1) setup a registration switch / AP and connect the units to it
or
2) get a list of the MAC addresses and import them via the Admin GUI
Does MAC filtering really not do anything?
PF doesn't do MAC filtering by default. Unless you specifically tell PF to
deny a connection it will be accepted, but the endpoint will be placed into a
vlan or network segment which corresponds to the role you have specified for
that endpoint.
So it is less MAC filtering and more MAC sorting. The idea being that you
setup your roles to restrict the access of the nodes on the segment to only
what you want them to have.
I think I am missing some info that will help me help you. Can you give me a
quick rundown of your situation and the issue you are having?
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
WWW.UMHB.EDU
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
________________________________________
From: Steve Pfister via PacketFence-users
<[email protected]>
Sent: Thursday, June 28, 2018 9:41 AM
To: [email protected]
Cc: Steve Pfister
Subject: Re: [PacketFence-users] Autoregistering thousand of Chromebooks
I have it where it will connect and is assigned to the right vlan now.
The problem is, it's not doing any MAC filtering at all. It will let
anyone at all in. Does MAC filtering really not do anything?
On 6/25/2018 5:55 PM, Sallee, Jake via PacketFence-users wrote:
Do you have a test area you can use?
PF has a mode you can use on your switch / AP that will auto-register any
device you plugin / associate to that device.
If you set up a switch or AP in PF and set its mode to registration it will do
what you want.
Where you set the role for the auto-registered endpoints i'm not sure, but I am
pretty sure it can be done.
Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
http://WWW.UMHB.EDU
900 College St.
Belton, Texas
76513
Fone: 254-295-4658
Phax: 254-295-4221
________________________________________
From: Steve Pfister via PacketFence-users
<[email protected]>
Sent: Monday, June 25, 2018 4:11 PM
To: [email protected]
Cc: Steve Pfister
Subject: [PacketFence-users] Autoregistering thousand of Chromebooks
We have thousands of Chromebooks that currently use pre-shared keys to
authenticate. We'd like to use Packetfence and MAC authentication
instead. I have a test SSID setup, and I'm able to connect to it, but I
can't seem to get registered without it trying to go through the captive
portal. Is it not possible to just use MAC authentication?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
https://urldefense.proofpoint.com/v2/url?u=http-3A__sdm.link_slashdot&d=DwICAg&c=61yQaCoNVjQr1ah003i6yA&r=hv6FWbB_1Tauwq1un9h_XR4pflYMFHr0Ag1rvcLKIQA&m=MFRKEq2S18FB9NrA04Gmd1fQelD2ZsNuGtcJ-dgXeb4&s=MrXPlulrfhicg_3ycrS0ejrGFVsW550lmspagtFfNYY&e=
_______________________________________________
PacketFence-users mailing list
[email protected]
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.sourceforge.net_lists_listinfo_packetfence-2Dusers&d=DwICAg&c=61yQaCoNVjQr1ah003i6yA&r=hv6FWbB_1Tauwq1un9h_XR4pflYMFHr0Ag1rvcLKIQA&m=MFRKEq2S18FB9NrA04Gmd1fQelD2ZsNuGtcJ-dgXeb4&s=p2-TrZZbEponMonn1FPrf-ABalOHYlm1fBg4x-qZ_aY&e=
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
https://urldefense.proofpoint.com/v2/url?u=http-3A__sdm.link_slashdot&d=DwICAg&c=61yQaCoNVjQr1ah003i6yA&r=hv6FWbB_1Tauwq1un9h_XR4pflYMFHr0Ag1rvcLKIQA&m=H1reS47zEW0IGY5pXpFgqEodPcZOJDGxQqCKiGzNU5Q&s=EmO9qnNC6R2Rwc50-II-eBfrAfSjgfWA5rABicH3uX8&e=
_______________________________________________
PacketFence-users mailing list
[email protected]
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.sourceforge.net_lists_listinfo_packetfence-2Dusers&d=DwICAg&c=61yQaCoNVjQr1ah003i6yA&r=hv6FWbB_1Tauwq1un9h_XR4pflYMFHr0Ag1rvcLKIQA&m=H1reS47zEW0IGY5pXpFgqEodPcZOJDGxQqCKiGzNU5Q&s=ohJIOgEp7rhsbeMatCEiGlPrZ5_Y0HW4heInPqcdm_8&e=
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!
https://urldefense.proofpoint.com/v2/url?u=http-3A__sdm.link_slashdot&d=DwICAg&c=61yQaCoNVjQr1ah003i6yA&r=hv6FWbB_1Tauwq1un9h_XR4pflYMFHr0Ag1rvcLKIQA&m=H1reS47zEW0IGY5pXpFgqEodPcZOJDGxQqCKiGzNU5Q&s=EmO9qnNC6R2Rwc50-II-eBfrAfSjgfWA5rABicH3uX8&e=
_______________________________________________
PacketFence-users mailing list
[email protected]
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.sourceforge.net_lists_listinfo_packetfence-2Dusers&d=DwICAg&c=61yQaCoNVjQr1ah003i6yA&r=hv6FWbB_1Tauwq1un9h_XR4pflYMFHr0Ag1rvcLKIQA&m=H1reS47zEW0IGY5pXpFgqEodPcZOJDGxQqCKiGzNU5Q&s=ohJIOgEp7rhsbeMatCEiGlPrZ5_Y0HW4heInPqcdm_8&e=
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
