Hello! Currently we have switch auth order 802.1X and MAB. It means that when a 802.1x auth fails , MAB will be used. Everything is okay at this point.
I have the following case: A User Alice gets a valid 802.1X and the calculated role admin is written into the Node Category. Then User Bob will take the client and perform an invalid 802.1X auth. Normally I would expect, that the role admin will be deleted from the node. Switch Triggers MAB. Ih that case the role admin from Alice authentication will be taken into account, although the node category or at least role (I don’t get the difference correctly) should be cleared. I already have a vlan filter configured that sets REJECT category on each node in registration process. In MAB via VLAN Filter the reject will be overwritten by the specific role. When the next authentication fails, the role will be unset and in whole the node will be set to its category (reject). Everything is fine. But as soon an authentication is successful done by a source, this category will be overwritten and that finally breaks my mechanism. Thanks in advance, Dennis
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users