Hi all, Maybe the problem is here:
AprĀ 2 16:33:39 idssrv suricata[31336] [1:2522354:3636] ET TOR Known Tor
Relay/Router (Not Exit) Node Traffic group 178 [Classification: Misc
Attack] [Priority: 2] {TCP} *163.172.53.84:21 -> 10.25.1.1:52571**
*
packetfence receive this information from surica
So unfortunately there is not MAC address authentication fallback with
these switches..
Looking into this more, I was able to create a Connection Profile
for Ethernet-NoEAP connection types (this is how the MAC address is sent).
Not sure if there's anything that can be done there??
Here's the lo