Hi, i think what you want to do is easily done by using vlan filters:
[unknown] filter = node_info.status operator = is value = unreg [10:unknown] scope = RegistrationRole role = REJECT not sure if this is 100% correct, just look up the vlan_filters.conf file for the syntax regards ________________________________ Von: Stuart Gendron via PacketFence-users <[email protected]> Gesendet: Dienstag, 9. April 2019 17:20 An: [email protected] Cc: Stuart Gendron Betreff: [PacketFence-users] Reject all unregistered MAC authentication requests Hey all, Was wondering if there's a way to deny all unregistered MAC address requests? Looking at the following log: Apr 9 15:16:07 PacketFence-ZEN packetfence_httpd.aaa: httpd.aaa(23995) INFO: [mac:ac:87:a3:03:07:e7] handling radius autz request: from switch_ip => (10.100.X.X), connection_type => Ethernet-NoEAP,switch_mac => (88:f0:77:d9:b2:48), mac => [ac:87:a3:03:07:e7], port => 49, username => "ac87a30307e7" (pf::radius::authorize) i would want the (pf::radius::authorize) to be (pf::radius:unauthorize), or whatever is the opposite, for any MAC address it finds that's in an unregistered state. My hope here is that the switch won't have an authenticate RADIUS state. Thanks! -- Stuart Gendron IT Support Specialist You.i Labs 307 Legget Drive, Kanata, ON, K2K 3C8<https://maps.google.com/?q=307+Legget+Drive,+Kanata,+ON,%C2%A0K2K+3C8&entry=gmail&source=g> t (613) 228-9107 x258 | c (613) 697-6853
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
