I'm trying to set a radius filter to block mac auth for any devices assigned to roles that should only auth via PEAP or EAP-TLS...
For example, if a port has a phone and computer plugged in, the phone will do mac auth but the computer should never get a radius accept for mac auth... whats happening by default is if a computer fails dot1x auth it then falls back to mac auth and PF accepts it because the node was registered... this is what I'm trying to prevent... I set up a radius filter as such: connection_type == "Ethernet-NoEAP" && (node_info.category == "CORP-LAN" || node_info.category == "ADMIN-LAN") It never matches... But if I change the logic to be NOT Ethernet-EAP, everything matches, EAP and not EAP... it seems as if the connection_type isn't actually being read by the filter parsing... Am I missing something? Robert McNutt
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users