Hello Adrian,
MAB is mac-auth so as you say if you don't want mac auth then disable
MAB on the switch port.
Regards
Fabrice
Le 19-06-11 à 12 h 01, Adrian Dessaigne via PacketFence-users a écrit :
I want to keep the MAC Auth.
I have some case were unregistred device get access the network
(without have the permission). It's quite complicated to explain how
it get throught.
I've already got the answer , thanks anyway :).
Regards,
Adrian.
------------------------------------------------------------------------
*De: *"packetfence-users" <packetfence-users@lists.sourceforge.net>
*À: *"packetfence-users" <packetfence-users@lists.sourceforge.net>
*Cc: *"Tobias Friede" <t.fri...@gmail.com>
*Envoyé: *Mardi 11 Juin 2019 17:01:33
*Objet: *Re: [PacketFence-users] Reject node with MAC Authentication
Hi,
I think you misunderstood the question.
I think he want to disable Mac auth also for registered devices
because MAB could be a security issue and if you have only 802.1x
capable devices there is no need to accept MAB.
If you set the registration vlan to -1 only unregistered devices will
be rejected.
I am not sure which is is best way to prevent clients from getting
access if the switch sends a Mac auth, but I would try to filter all
Mac Auth requests in my source or on the portal and then send a reject.
Or just disable MAB on the switch ;)
Tobias
Fabrice Durand via PacketFence-users
<packetfence-users@lists.sourceforge.net
<mailto:packetfence-users@lists.sourceforge.net>> schrieb am Di., 11.
Juni 2019, 16:25:
Le 19-06-11 à 10 h 03, Adrian Dessaigne via PacketFence-users a
écrit :
Is it in the "Role" tab in the switch configuration ? I only
see the REJECT Role.
And in my role list, I don't see the "unreg" one. Do I have to
create it or it is somewhere else ?
Regards,
Adrian
------------------------------------------------------------------------
*De: *"packetfence-users"
<packetfence-users@lists.sourceforge.net>
<mailto:packetfence-users@lists.sourceforge.net>
*À: *"packetfence-users"
<packetfence-users@lists.sourceforge.net>
<mailto:packetfence-users@lists.sourceforge.net>
*Cc: *"Fabrice Durand" <fdur...@inverse.ca>
<mailto:fdur...@inverse.ca>
*Envoyé: *Mardi 11 Juin 2019 15:19:28
*Objet: *Re: [PacketFence-users] Reject node with MAC
Authentication
Hello Adrian,
just set the vlan id for the unreg role to -1.
Regards
Fabrice
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca <mailto:fdur...@inverse.ca> :: +1.514.447.4918 (x135)
::www.inverse.ca <http://www.inverse.ca>
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
<mailto:PacketFence-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users