Olivier, Many thanks for such a useful response.
I had figured I'd test the 4800G and 5500G using the 4200G module-the 5500G in particular is quite similar to the 4200G All those switches support port security so I'm going to test with that first as its the preferred way according to the docs. Once I have got the 4200G running I'll test the other two - luckily the 3Com documentation for these switches is quite detailed so I should be able to work out any required changes. I will post back on those once I've tested. Regarding the access points, I'm pretty sure about the lack of vlan assignment using RADIUS attributes but I'll ask HP to confirm (as you no doubt know they bought 3Com) Sadly the documentation for the 3Com wireless access points I'm using is very limited (I can only find a basic config and admin guide, but will check with HP to see if there are some more useful docs around that tell us what RADIUS attributes they will support etc). We may well be interested in sponsoring to have RADUIS on the 3Com kit looked at - I'll come back to you on that at a later date. Thanks again. Regards, Mark On 15 Feb 2011, at 18:03, "Olivier Bilodeau" <[email protected]> wrote: > Hi Mark, > >> >> We use 3Com 4200G,4800G and 5500G switches. I see the 4200G is >> supported and I think the 4800 and 5500 use pretty similar software >> to that so I'm hopeful they will work. > > You can try the 4800G, 5500G using the 4200G module and see for yourself > if they work. If they are similar there's a lot of chance that they will > work out of the box or require very little change. > > Just set mode=ThreeCom::Switch_4200G in switches.conf (or pick the 4200G > in the web admin interface). > >> Anyone know if they do/what features exactly a switch needs to >> support to work with PacketFence? > > We have a lot of different level of support for switches. > SNMP based > - link SNMP Traps > - MAC Notification SNMP Traps > - Port-Security SNMP Traps > RADIUS based > - MAC Authentication (called differently based on vendor. Don't know > what 3Com's flavor name is) > - 802.1X > > For a scalable implementation (hundreds of switches) you definitely want > Port-Security or a RADIUS-based technique. > > We have not tried the RADIUS-based techniques on 3Com hardware but we > have a 4200G here and we can look into it if sponsored to do so. > >> >> We also have 3Com 7760 wireless access points. They support 802.1x >> authentication and 4 SSIDs on separate VLANs but I don't think they >> support dynamic VLAN assignment via RADIUS . >> > > I'm surprised that they support 802.1X and VLANs but not dynamic VLAN > assignment. Sometimes this feature is implicit. Are you sure that it > can't work on 3Com? > >> Does that completely rule out getting them to work with PacketFence? > > No but you are more limited. If you can't assign VLANs per user then you > can't use the captive portal and you can't isolate anyone. However you > are able to perform access control of the authorized / unauthorized > form. So a 802.1X-enabled SSID could only provide access to > authenticated users through PacketFence (or your own RADIUS). > > It is important to note that if we can get our hands on detailed > documentation or on the device itself we might be able to do more with > it. For example, if it accepts ACLs through RADIUS we might be able to > perform Layer3 isolation and other tricks. > > I'm a bit surprised that no one else commented on the 3Com wireless > hardware though. > > Thanks for your interest in PacketFence. > Cheers! > -- > Olivier Bilodeau > [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > ------------------------------------------------------------------------------ > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > Pinpoint memory and threading errors before they happen. > Find and fix more than 250 security defects in the development cycle. > Locate bottlenecks in serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
