Hello Marcelo,
On 2018-10-02 01:02 PM, Marcelo Pepe wrote:
I have create a Radius "Blackhole" Source (I didn't know which type
of Source should I configure) and associated that source to the
default Connection Profile as you told me, but it didn't work, PF is
permitting every MAC, without any filter (as before), I obviously
doing something wrong. How can I resolve this situation?
To understand what PF do, run following command before you plug a device
on your switch:
```
tailf /usr/local/pf/logs/packetfence.log | grep MAC_OF_YOUR_DEVICE
```
With this, you will see all messages related to your device.
And when this is configured, how could I do to permit some MACs (from
a MAC white list)?
You have to understand one thing: the goal of PF is to register nodes.
Nodes can have two states: unregistered/registered, you can check node
states in Nodes tab.
In a default configuration:
If you plug a device, already registered by PF, on a port that do MAC
Auth, PF will allow network access to that device.
If this device haven't been registered before, PF will try to put it in
a registration VLAN depending of the configuration of network device
from where the RADIUS request came.
Hope that helps.
--
Nicolas Quiniou-Briand
[email protected] :: +1.514.447.4918 *140 :: https://inverse.ca
Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank (http://fingerbank.org)
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
