Hi, can anyone help me with this? Thanks, regards, Marcelo
> On Sep 20, 2018, at 15:33, Marcelo Pepe <[email protected]> wrote: > > Hi everyone, > > I'm having problems configuring PF to authenticate users using 802.1X and MAC > Authentication. > > I have a PacketFence installed and working properly against an AD and I have > configure a Cisco switch using 802.1X and MAC Authentication to authenticate > users, I configured the Switch with the proper parameters (also in PF) and I > have configured a Connection Profile that uses the AD Authentication Source > (using filter: Connection Type: Ethernet-EAP) to match users from 802.1X > authentication. > > The connection between the Switch and PF is working perfect and 802.1X > authentication is working fine against the AD but the problem that I'm having > right now is that when 802.1X fails, the PC/Device tries MAC Authentication > (which is ok) and always got access to the network, PF is always permitting > this access without any filter. > > When a PC or Device connects to the Cisco switch I want to first try to > authenticate using 802.1X and, if it's doesn't have a 802.1x supplicant, I > want to use MAC Authentication to access the network. But, when doing MAC > Authentication I want PF to check against an 'Authorized MAC list' (that is, > a list of MAC that are permitted to access the network) or something similar, > and, as I described before, it's not what it's happening. > > How can I configure PF to stop letting access to every device using MAC > Authentication and check if the MAC it's permitted in a list or something > similar to let the device access? > > I've been searching in the Documentation and in the > packetfence-users-discussion-list to find an answer but I didn't found the > right one, so I decided to write here. > > Can someone help me with this? Is it possible to configure what I want? > > To add more information, I'm thinking of configuring a new Connection Profile > with a filter: Connection type: WIRED_MAC_AUTH but I really don't know which > Source to configure in that Profile. I think that maybe I can use a Radius > authentication Source and then configure the Freeradius (the one that it;s > installed with PF) to use a white list of MACs but I really don't know if it > will work in this case. Could it be possible? > > Thanks in advance for your help, > regards, > Marcelo > > > _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
