|
Description |
We have a client with a big network and more than 2k VoIP phones plugged on Nortel switches.
With Nortel switches, we have to manage VoIP phones because PF needs to authorize each phone on a port.
We enabled the Autoreg violation and configured it so that all devices with a a Nortel Phone DHCP fingerprint are automatically registered.
The issue is that everytime a phone renew its IP, PF tries to trigger a violation, which is always closed eventhough the phone is registered.
By looking at the logs and the load on the machine, I realized that this situation/setup results in a non-negligeable useless work overload on the server.
So I'm wondering if, for that particular Autoreg violation, we should not think of a different way to manage things. What is the point of creating a autoreg violation for a device that is already registered ?!?. Should we really use a violation for this ?
I'm still not sure this is an issue though... just throwing ideas in that ticket.
|
Relationships 
