Hi, Yes, we only use a single module for both stacked and single (non-stacked) switches now. Also, we have added a fair amount to the module since my original post from 14/09/09 that you are responding to below. Most of our modifications were necessary because Nortel has changed the way the ifIndex<->boardIndx/Port calculations are performed in their new switch software code versions (>6.0): the boardIndx's are now incremented by 128 instead of 64 as in previous code versions (<=5.x). I'm assuming Nortel made this change to accommodate their new 96-port switches but also keep uniform ifIndexes across switch models. Some of our other module modifications were needed because we found that a few 5500's have brdIndx=0 while most have brdIndx=1, so this needs to be checked for ifIndex calculations.
I have attached a copy of the perl module (BayStack5500_6_x.pm) that we have been using this in production for approx the past year with no issues. It contains all of our changes to the following subroutines: sub getBoardPortFromIfIndex sub getIfIndexFromBoardPort sub parseTrap sub getSecureMacAddresses sub _authorizeMAC Kevin Manuel Technical Analyst - Networking ITS Communications & Network Services University of New Brunswick Phone: 506-447-3009 Email: [email protected] -----Original Message----- From: Olivier Bilodeau [mailto:[email protected]] Sent: February-03-11 5:57 PM To: [email protected]; [email protected] Subject: Re: [Packetfence-users] mulitiple macs authorized on same port Hi Kevin, I'll look into integrating the fix you mentioned. Do you still use the Stacked module over the normal one? If so we might merge them. Thanks! On 14/09/09 1:36 PM, Kevin Manuel wrote: > Hi, > > We figured this one out. In the "_authorizeMAC" subroutine of > /usr/local/pf/lib/pf/SNMP/Nortel/BayStack5520Stacked.pm, the port and > board index are only being calculated in the "authorize" section of the code > > if ($authorize) { > > #WARNING > > #HERE'S THE UGLY HACK > > my $portmask = hex('x3f'); > > my $slotmask = hex('x3c0'); > > $portIndx = ( $ifIndex & $portmask ) + 1; > > $boardIndx = ( $ifIndex & $slotmask ) >> 6; > > $portIndx--; > > $boardIndx++; > > and not in the "de-authorize" section of code (i.e. } else { ). > Therefore no mac addresses were successfully being deleted from the mac > security table. We added the above "UGLY HACK" to the "else" section of > the subroutine and everything works fine. > > Also, we only use BayStack5520Stacked.pm for both stacked and single > switch 55X0's and it works fine (we don't use BayStack5520.pm). > > Kevin -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)
BayStack5500_6_x.pm
Description: Binary data
------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
