Hi Mark, > > We use 3Com 4200G,4800G and 5500G switches. I see the 4200G is > supported and I think the 4800 and 5500 use pretty similar software > to that so I'm hopeful they will work.
You can try the 4800G, 5500G using the 4200G module and see for yourself if they work. If they are similar there's a lot of chance that they will work out of the box or require very little change. Just set mode=ThreeCom::Switch_4200G in switches.conf (or pick the 4200G in the web admin interface). > Anyone know if they do/what features exactly a switch needs to > support to work with PacketFence? We have a lot of different level of support for switches. SNMP based - link SNMP Traps - MAC Notification SNMP Traps - Port-Security SNMP Traps RADIUS based - MAC Authentication (called differently based on vendor. Don't know what 3Com's flavor name is) - 802.1X For a scalable implementation (hundreds of switches) you definitely want Port-Security or a RADIUS-based technique. We have not tried the RADIUS-based techniques on 3Com hardware but we have a 4200G here and we can look into it if sponsored to do so. > > We also have 3Com 7760 wireless access points. They support 802.1x > authentication and 4 SSIDs on separate VLANs but I don't think they > support dynamic VLAN assignment via RADIUS . > I'm surprised that they support 802.1X and VLANs but not dynamic VLAN assignment. Sometimes this feature is implicit. Are you sure that it can't work on 3Com? > Does that completely rule out getting them to work with PacketFence? No but you are more limited. If you can't assign VLANs per user then you can't use the captive portal and you can't isolate anyone. However you are able to perform access control of the authorized / unauthorized form. So a 802.1X-enabled SSID could only provide access to authenticated users through PacketFence (or your own RADIUS). It is important to note that if we can get our hands on detailed documentation or on the device itself we might be able to do more with it. For example, if it accepts ACLs through RADIUS we might be able to perform Layer3 isolation and other tricks. I'm a bit surprised that no one else commented on the 3Com wireless hardware though. Thanks for your interest in PacketFence. Cheers! -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
