PacketFence + HP Switches + code hacking

Alex Sharaz alex.sharaz at york.ac.uk
Thu Apr 17 15:12:57 CEST 2014 

One word of caution if you are planning on supporting VOIP phones with ability to connect a client to the network port on a phone. I tried using RFC 4675 to specify a tagged vlan for the phone and  mac/dot1x auth for the "other" device on a 2620. It works ..... for about 2 weeks and then the switch locks up reboot .... and it then works for another 2 weeks. Better than a 2610 which then reboots! Manually configuring the switch to support lldp-med works though.

Apparently the 2600 series doesn't support RFC4675 .... took  while to find that out :-((
Rgds

A
On 17 Apr 2014, at 14:04, Arran Cudbard-Bell wrote:

> 
>> Looking to get some thoughts on HP switches, looking at evaluating them with PacketFence. Since it doesn't look like they sell the ProCurve switches anymore I'll probably end up getting one (or multiple) of the following depending on how the lab evaluation goes:
>> - HP 2530
>> - HP 2920
>> - HP 5120
>> 
> 
> The ProCurve switches got rebranded to HP networking, they still sell the switches, as well as those from 3Com.
> 
> The 2530 and 2920 will be the next generation of ProCurve switches, whereas I think that 5120 will probably be a 3Com.
> 
> The ProCurve and 3Com interfaces and feature sets are still very much separate, I don't recommend mixing them.
> Either go all 3Com or all ProCurve. It's quite easy to tell which is which just by the chassis.
> 
>> So even though these are not explicitly listed on the supported list, is there a general consensus how much hacking is required to get support added, or is that is even possible? I'll probably end up sending a diff out so others can take advantage of my work.
>> 
>> I'm planning on using 802.1X PEAP (wired), MAC based auth (either .1x or snmp traps),  and SNMP so I can throw idiots on my network back into an isolation VLAN. I'm willing to looking into other vendors if someone how someone has suggestions; only reason I'm looking at HP is the price point is nice for the features provided.
> 
> The 2920 should support CoA so you don't need SNMP (unless packetfence is the limitation there), it may even 
> support Mac Based VLANs, which allows you to run multiple untagged VLANs on the same port.
> 
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
> 
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list