PacketFence + HP Switches + code hacking

Alex Sharaz alex.sharaz at york.ac.uk
Fri Apr 18 12:35:43 CEST 2014


On 17 Apr 2014, at 15:28, Arran Cudbard-Bell wrote:

> 
> On 17 Apr 2014, at 09:12, Alex Sharaz <alex.sharaz at york.ac.uk> wrote:
> 
>> One word of caution if you are planning on supporting VOIP phones with ability to connect a client to the network port on a phone. I tried using RFC 4675 to specify a tagged vlan for the phone and  mac/dot1x auth for the "other" device on a 2620. It works ..... for about 2 weeks and then the switch locks up reboot .... and it then works for another 2 weeks. Better than a 2610 which then reboots! Manually configuring the switch to support lldp-med works though.
>> 
>> Apparently the 2600 series doesn't support RFC4675 .... took  while to find that out :-((
> 
> I'm pretty sure they do support tagged VLANs, you should log a bug report with HP, they are generally responsive.
> 

oops sorry, meant that you can't use the RADIUS attribute to tell the switch which vlan to put the ipphone into. You can define a vlan for voice, define it as a voice vlan and tag ports into it. 

vlan <number> name voice_vlan
  voice
  tagged 1-48
!

Then when you plug a phone into any of ports 1-48 there'll be a tagged link to the phone for the voice vlan.

Wot you can't do is

Thu Mar 27 15:45:57 2014 : Info: Sending Access-Accept packet to host 10.4.72.5 port 1812, id=41, length=0
Thu Mar 27 15:45:57 2014 : Info:        HP-Egress-VLANID = 822084526
Thu Mar 27 15:45:57 2014 : Info:        HP-Port-Client-Limit-MA = 4
Thu Mar 27 15:45:57 2014 : Info:        HP-Port-Client-Limit-Dot1x = 4
Thu Mar 27 15:45:57 2014 : Info:        Acct-Interim-Interval = 1800
Thu Mar 27 15:45:57 2014 : Info:        Termination-Action = RADIUS-Request
Thu Mar 27 15:45:57 2014 : Info:        Session-Timeout = 28800

everything appears to work ... for about 2 weeks then the switch locks up.  On the 2610  worse,plug the phone into a port and the switch reboots. Switch of radius accounting and you have the same functionality as a 2620... for 'bout the same length of time.

Spent about a month  with 2 fault calls logged  until Jason Luckett said that RFC 4... isn;t supported on 2600 series switches.
Rgds
A

> They should send you a debug build with the ASSERTS turned on, which should help track the problem down.
> 
> Ask for Tonny Mulder, or Marinus Rosenbrand when you get through to EMEA support. If they're uncooperative
> contact me off list and and i'll help you get it fixed.
> 
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
> 
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140418/2511082c/attachment.html>


More information about the Freeradius-Users mailing list