a while ago i checked about MAC spoofing protection, recently i had some time to test it out but it doesnt function as hoped.
im testing with fixed device which is profiled (IP helper set to clearpass) correctly, then i take my laptop with the linux backtrack distribution spoof the MAC and try to authenticate, both use DHCP.
two things are unclear / broken for me.
1) how do i act on device conflict? i can't turn on the profiling tab, set it to CoA disconnect when status is conflict. but nowhere i can find when this conflict condition occurs. i had expected to see something in the endpoint database but there i find nothing. it also doesn't seem to work, but the reason is unclear, doesn't a conflict occur or is it something else?
2) when i start with the linux laptop and afterwards plugin the other device the entry in the endpoint database is updated correctly (all fields i mean, hostname, category and such, no mention of conflict, the entry is just "overwritten"). but when i start with the other device and then the linux laptop only the hostname changes, the rest like the OS and type remain the original one. to me this is not expect behavior right? anyone ran into a bug here?