Reccomended switches for dynamic vlans

Fri Jul 13 11:54:25 CEST 2007

Jacob Jarick wrote:
> Thanks very much for that information, shall follow up on it :)
>
> On 7/13/07, *Stieven.Struyf at komatsu.eu 
> <mailto:Stieven.Struyf at komatsu.eu>* < Stieven.Struyf at komatsu.eu 
> <mailto:Stieven.Struyf at komatsu.eu>> wrote:
>
>
>     Jacob
>     I use procurve switches and i'm quite happy with them. Price is
>     almost half of cisco prices(and lifetime warranty).(although i
>     have already seen cisco match hp prices for large purchases if you
>     mention procurve)
>     Until previous firmware version they even suppported cisco p
>     protocols (and open standard). Now they moved to open standards.
>
>
Yep Second Vote for HP Procurves, any of the 26** support dynamic VLAN 
assignment, they also have a really neat feature for authenticating 
admin users on their ssh, web, consol interfaces using RADIUS with 
failover to local...
Full accounting support, Mac based authentication, supplicant port mode 
(where the port on one hp can authenticate to another)... Loads more 
stuff like filtering and ingress bandwidth limiting using VSAs.
These also have a nice feature called OpenVLAN, where the switch can 
drop people with broken supplicants into an arbitrary vlan, where you 
can provide resources to help fix their supplicant software.

Unfortunately these do not support POD (packet of disconnect) but 
apparently this can be achieved via SNMP.
All dynamic VLANS must have been setup on the switch before being 
assigned, or now with later firmware they can be learned (though this 
tends to break with larger installations).

Here’s the wiki page http://wiki.freeradius.org/HP

For wireless, depends... do you want a centrally managed wireless 
infrastructure, or each WAP to be a fully functioning WAP in it's own 
right. If it's the latter then HP530s are a safe bet. The firmware is 
currently pretty buggy, but the hardware is sound.

They support:
Multiple BSSIDS (with fully customisable settings for each).
Dynamic VLAN assignment
SNMP Trigger events for loads of things.
Ingress rate limiting via VSA
Learning of tagged VLANS from their uplink (which is really neat)
Accounting for security enabled BSSIDS (though not necessarily radius 
authenticated)
POE

they also have dual radios, so you can run b/g on one and a on the 
other, or buy external aerials and run both b/g. There’s also a USB 
expansion slot
marked for use in later firmwares.... could be an 11n upgrade module?

Don't support
Radius admin login authentication
No obvious method of disconnecting users

Current Major Bugs
Accounting doesn't send interim update packets properly for all BSSIDS, 
so you sometimes lose data transferred type info.
Vlans assigned statically to a BSSID cannot then be assigned dynamically 
(users traffic just gets black holed).
Disabling of the plaintext web server breaks DHCP (most random bug ever).
When user changes from one BSSID to another, accounting gets very 
confused (sometimes).

But we still brought 30 of them, as we have faith in HP that these 
issues will be fixed.

Also do a really neat thing where the base can slip onto the t bars of 
suspended ceilings,
then you run a LAN cable above the ceiling with POE... And it looks like 
it's a wireless wireless access point :)

And at £320 a unit, yes they do include a Kensington lock slot.