Reccomended switches for dynamic vlans
Phil Mayers
p.mayers at imperial.ac.uk
Fri Jul 13 13:35:50 CEST 2007
> > Nortel (untested)
> >
> Are Notel still in buisiness ? I heard they invested heavily in mobile
> interweb and went bust.
No, they're still in business. The products we looked at recently are
fairly new.
> >
> > You really want to be looking for a few key differentiators such as:
> >
> > * can the device support 802.1x & mac-based fallback at the same time?
> >
> Yes !!!
> The issue that I have with most of the current switches, is that they
> can't fallback to mac based auth...
Really? I didn't do the testing personally, but I'm fairly sure most of
the ones we tested did support it.
Certainly 3Com, Cisco and Extreme do.
> > * can the device authenticate >1 client on a port?
> > * if so, can it support 802.1x for one and mac-based for another (think
> > IP phones)
> >
> This would come under fallback.
Not necessarily - some devices can fallback, but only in a mode with
permits 1 mac per port.
> > * if so, can it assign separate untagged vlans to each client?
> > * can the device assign IP ACLs from Radius replies?
> > * can the device assign 1 untagged and >1 tagged vlans (think wlan aps)
> >
> I don't think many will allow you to assign multiple tagged VLANS, most
> centre around assigning one untagged VLAN... though that would be a very
> neat feature.
Extreme can.
More information about the Freeradius-Users
mailing list