Reccomended switches for dynamic vlans

Stieven.Struyf at komatsu.eu Stieven.Struyf at komatsu.eu
Fri Jul 13 12:31:47 CEST 2007


additional comment on procurve switches:
If you want to authenticate more than one client on a port you need 
multidomain authentication support. This is available on hp3500yl and 
up(comparable with cisco 3500 series i think)
the 26xx is indeed a good cheap poe switch(only 10/100 but that should be 
enough for poe application)
Almost all managed procurve switches support the same security 
features(certainly from 26xx and up), so that makes it easier to combine 
different models in your network without sacrificing security.
most of the difference is in port speed and routing functions and whether 
it is chassis based or not.
I can also recommend the 5400 chassis based switch. largest model can 
handle 12 modules(also available in 6 modules) which you can fill. cat5 
modules for this switch are always 10/100/1000 with poe or modules for 
mini-gbics(chassis itself is quite cheap, and modules are also ok but only 
interesting if you have centralized cabling).

one disadvantage of the procurves is that they don't support "hardware" 
stacking(for procurve stacking is only a management feature) to built a 
virtual chassis with a high speed backbone link between 2 or more 
switches(i think cisco has models that can do this, but also not all).

regards,
Stieven Struyf
M.I.S. Division - System Operations 
Komatsu Europe International NV
Mechelsesteenweg 586
B-1800 Vilvoorde
Stieven.Struyf at komatsu.eu
Tel. +32 (0)2 2552551

"The question of whether a computer can think is no more interesting than 
the question of whether a submarine can swim." -- E. W. Dijkstra
freeradius-users-bounces+stieven.struyf=komatsu.eu at lists.freeradius.org 
wrote on 13-07-2007 11:54:25:

> Jacob Jarick wrote:
> > Thanks very much for that information, shall follow up on it :)
> >
> > On 7/13/07, *Stieven.Struyf at komatsu.eu 
> > <mailto:Stieven.Struyf at komatsu.eu>* < Stieven.Struyf at komatsu.eu 
> > <mailto:Stieven.Struyf at komatsu.eu>> wrote:
> >
> >
> >     Jacob
> >     I use procurve switches and i'm quite happy with them. Price is
> >     almost half of cisco prices(and lifetime warranty).(although i
> >     have already seen cisco match hp prices for large purchases if you
> >     mention procurve)
> >     Until previous firmware version they even suppported cisco p
> >     protocols (and open standard). Now they moved to open standards.
> >
> >
> Yep Second Vote for HP Procurves, any of the 26** support dynamic VLAN 
> assignment, they also have a really neat feature for authenticating 
> admin users on their ssh, web, consol interfaces using RADIUS with 
> failover to local...
> Full accounting support, Mac based authentication, supplicant port mode 
> (where the port on one hp can authenticate to another)... Loads more 
> stuff like filtering and ingress bandwidth limiting using VSAs.
> These also have a nice feature called OpenVLAN, where the switch can 
> drop people with broken supplicants into an arbitrary vlan, where you 
> can provide resources to help fix their supplicant software.

"This e-mail is property of the company and is supposed to contain only professional content. The company can at all times consult the content of this e-mail and the reply to this e-mail. By replying to this e-mail, you confirm your explicit agreement with the preceding."

"Deze e-mail is het eigendom van de Vennootschap en wordt verondersteld enkel beroepsmatige informatie te bevatten. De Vennootschap kan ten allen tijden de inhoud van deze e-mail en van het antwoord daarop raadplegen. Door het beantwoorden van deze e-mail bevestigt U uitdrukkelijk uw akkoord met het voorafgaande."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070713/b481cfd3/attachment.html>


More information about the Freeradius-Users mailing list