I want to keep the MAC Auth. I have some case were unregistred device get access the network (without have the permission). It's quite complicated to explain how it get throught.
I've already got the answer , thanks anyway :). Regards, Adrian. De: "packetfence-users" <[email protected]> À: "packetfence-users" <[email protected]> Cc: "Tobias Friede" <[email protected]> Envoyé: Mardi 11 Juin 2019 17:01:33 Objet: Re: [PacketFence-users] Reject node with MAC Authentication Hi, I think you misunderstood the question. I think he want to disable Mac auth also for registered devices because MAB could be a security issue and if you have only 802.1x capable devices there is no need to accept MAB. If you set the registration vlan to -1 only unregistered devices will be rejected. I am not sure which is is best way to prevent clients from getting access if the switch sends a Mac auth, but I would try to filter all Mac Auth requests in my source or on the portal and then send a reject. Or just disable MAB on the switch ;) Tobias Fabrice Durand via PacketFence-users < [ mailto:[email protected] | [email protected] ] > schrieb am Di., 11. Juni 2019, 16:25: Le 19-06-11 à 10 h 03, Adrian Dessaigne via PacketFence-users a écrit : BQ_BEGIN Is it in the "Role" tab in the switch configuration ? I only see the REJECT Role. And in my role list, I don't see the "unreg" one. Do I have to create it or it is somewhere else ? Regards, Adrian De: "packetfence-users" [ mailto:[email protected] | <[email protected]> ] À: "packetfence-users" [ mailto:[email protected] | <[email protected]> ] Cc: "Fabrice Durand" [ mailto:[email protected] | <[email protected]> ] Envoyé: Mardi 11 Juin 2019 15:19:28 Objet: Re: [PacketFence-users] Reject node with MAC Authentication Hello Adrian, just set the vlan id for the unreg role to -1. Regards Fabrice _______________________________________________ PacketFence-users mailing list [ mailto:[email protected] | [email protected] ] [ https://lists.sourceforge.net/lists/listinfo/packetfence-users | https://lists.sourceforge.net/lists/listinfo/packetfence-users ] -- Fabrice Durand [ mailto:[email protected] | [email protected] ] :: +1.514.447.4918 (x135) :: [ http://www.inverse.ca/ | www.inverse.ca ] Inverse inc. :: Leaders behind SOGo ( [ http://www.sogo.nu/ | http://www.sogo.nu ] ) and PacketFence ( [ http://packetfence.org/ | http://packetfence.org ] ) _______________________________________________ PacketFence-users mailing list [ mailto:[email protected] | [email protected] ] [ https://lists.sourceforge.net/lists/listinfo/packetfence-users | https://lists.sourceforge.net/lists/listinfo/packetfence-users ] BQ_END _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
