Tim,
> Am I crazy here?
Ahah! We are not the kind of guys to decide that ;)
> I swear mac-vendor violations used to trigger on the radius provided mac
> address. Now, it seems they only trigger when it hits pfdhcplistener.
>
> Does this have something to do with the migration from using a decimal
> encoded mac prefix in the violation to using the mac vendor ID?
>
> Violations that match a specific mac address still work off the RADIUS
> provided mac.
I guess you are referring to a pre 5.X version ? Changes to the way PacketFence
triggers violations based on device type were made with the introduction of
Fingerbank, which was part of 5.X.
I’m pretty sure there was no hook in the RADIUS flow to trigger such violation
but I can have a look.
The thing is, we are now triggering violation mainly based on device types,
which is the result of a Fingerbank lookup. That lookup happens both in
pfdhcplistener and on the portal. The reason why it is not in the RADIUS flow
is basically because the Fingerbank lookup works with device parameters (dhcp
fingerprint, dhcp vendor, mac oui, useragent) and since the RADIUS flow only
contains the MAC oui, and we are not considering this value as a “good flawless
value” we are then not doing Fingerbank lookup.
One thing tho is that we could effectively create a hook in the RADIUS flow
that would trigger violations not only based on device type but on the MAC OUI.
We did a major rework of violations which should be part of future PacketFence
version, we will make sure that we cover that.
Cheers!
dw.
—
Derek Wuelfrath
dwuelfr...@inverse.ca :: +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
> On Oct 8, 2015, at 9:47 AM, Tim DeNike wrote:
>
> I swear mac-vendor violations used to trigger on the radius provided mac
> address. Now, it seems they only trigger when it hits pfdhcplistener.
>
> Does this have something to do with the migration from using a decimal
> encoded mac prefix in the violation to using the mac vendor ID?
>
> Violations that match a specific mac address still work off the RADIUS
> provided mac.
>
> Am I crazy here?
>
>
> --
> ___
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
___
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users