[EXTERNAL] How mitigate mac spoofing in mab
a.cudbardb at freeradius.org
Tue Feb 26 04:12:36 CET 2019
> On Feb 9, 2019, at 1:58 AM, Carlos Bordon <cgermanb at live.com.ar> wrote:
> The second thing you can do is on the FreeRADIUS side, which is to use a Simultaneous Use
> database to prevent MAB requests from different ports at near the same time
> from being accepted. However, this can be problematic. If you are updating the
> Simultaneous Use database based on edge switch Accounting packets, then the
> edge switch may leave stale sessions open and continue to send updates after a host
> is unplugged and moved by the user to another port... especially if a minihub has
> been attached to the network and the link stays up. Then when the user gets to the
> place they have moved, they cannot get on the network because Simultaneous Use
> thinks they are an imposter.
> this is great!
> how can I do this?
So you read all the caveats and ways it can break and you're still enthusiastic? I feel for your users.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: Message signed with OpenPGP
More information about the Freeradius-Users