Hi Durand,
Ah right - so you're saying most of the configuration happens on the
switch-side then? (In terms of timeout, and then falling back).
Ubiquiti Unifi switches don't seem to make this too easy (they don't expose
it in the management GUI) - and Arista doesn't mention anything about it at
all in their docs about MAC bypass, or any kind of timeouts -
https://www.arista.com/assets/data/pdf/user-manual/um-eos/Chapters/802.1x%20Port%20Security.pdf.
Is it possible these switch simply don't support it?
That means though, on the Packetfence side - we should have RADIUS entries
for both the username/password users we want, as well as the MAC devices
(MAC address in both username/password field), right?
Regards,
Victor
On Fri, Aug 3, 2018 at 11:19 AM Durand fabrice via PacketFence-users <
[email protected]> wrote:
> Hello Victor,
>
> there is no need to do special configuration to support mac auth in
> PacketFence, it works as is.
>
> On the other side the switch must support 802.1x with mac-auth bypass, it
> mean that the switch will wait for 802.1x auth and if it time out then it
> will do mac-auth.
>
> Hope it will help.
>
> Regards
>
> Fabrice
>
>
>
> Le 2018-08-01 à 22:47, Victor Hooi via PacketFence-users a écrit :
>
> Hi,
>
> *This is a follow-up question
> to https://sourceforge.net/p/packetfence/mailman/message/36366809/
> <https://sourceforge.net/p/packetfence/mailman/message/36366809/>*
>
> I'm looking at setting up 802.1x for some wired switches (Unifi switches).
> However, not all the clients have RADIUS (username/password) support - so
> it seems I need some kind of MAC-address bypass to handle those clients.
>
> The FreeRadius wiki mentions this one:
>
> https://wiki.freeradius.org/guide/mac-auth#mac-auth-or-802-1x
>
> Is there an easy way to set this up from within PacketFence?
>
> I saw it mentioned in passing in the docs under 9.2.2 VLAN assignment (
> https://packetfence.org/doc/PacketFence_Installation_Guide.html#_technical_introduction_to_out_of_band_enforcement),
> but it's not clear how to actually enable this MAC authentication on
> PacketFence?
>
> Has anybody had experience setting this up with Unifi switches? What
> config do you need to do on the PacketFence side?
>
> Thanks,
> Victor
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> PacketFence-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
