Hi Olivier, we had originally kept pre 6.x/6.x as different modules too until all of our switches here were of the same code (6.x). I only made the changes to the 55xx module and not the Nortel code because the Nortel 470's, BPS2000's, and pre-6.x 5500's still use the old slot/port & ifIndex calculations, but I'm assuming you accounted for that and coded accordingly.
I'll let you know how we make out the new code after we get a chance to test it. It might not be anytime soon as we are quite busy with other things at the moment. Thanks, Kevin -----Original Message----- From: Olivier Bilodeau [mailto:[email protected]] Sent: February-16-11 1:30 PM To: [email protected] Cc: [email protected] Subject: Re: [Packetfence-users] mulitiple macs authorized on same port of Nortel switches Hi Kevin, Based on your module and recommendations, I made updates to the Nortel modules. However most changes went directly into the Nortel code and not only the 55xx module. Regarding pre 6.x / 6.x handling I kept different modules. BoardIndex starting with 0 or 1 handling should be working well on all models. We don't have 55xx switches here so I would be glad if anyone was willing to give the updated modules a test drive. I wouldn't recommend doing this in production but if you have testing/staging server and test switch then go for it. I promise that I will provide timely assistance if you are going to try the modules. Also, be aware that some of the module names changed so be careful with that if you try it. Thanks for the info Kevin! On 08/02/11 9:25 AM, Kevin Manuel wrote: > Hi, > > Yes, we only use a single module for both stacked and single (non-stacked) > switches now. Also, we have added a fair amount to the module since my > original post from 14/09/09 that you are responding to below. Most of our > modifications were necessary because Nortel has changed the way the > ifIndex<->boardIndx/Port calculations are performed in their new switch > software code versions (>6.0): the boardIndx's are now incremented by 128 > instead of 64 as in previous code versions (<=5.x). I'm assuming Nortel made > this change to accommodate their new 96-port switches but also keep uniform > ifIndexes across switch models. Some of our other module modifications were > needed because we found that a few 5500's have brdIndx=0 while most have > brdIndx=1, so this needs to be checked for ifIndex calculations. > > I have attached a copy of the perl module (BayStack5500_6_x.pm) that we have > been using this in production for approx the past year with no issues. It > contains all of our changes to the following subroutines: > > sub getBoardPortFromIfIndex > sub getIfIndexFromBoardPort > sub parseTrap > sub getSecureMacAddresses > sub _authorizeMAC > > Kevin Manuel > Technical Analyst - Networking > ITS Communications& Network Services > University of New Brunswick > Phone: 506-447-3009 > Email: [email protected] > > > -----Original Message----- > From: Olivier Bilodeau [mailto:[email protected]] > Sent: February-03-11 5:57 PM > To: [email protected]; [email protected] > Subject: Re: [Packetfence-users] mulitiple macs authorized on same port > > Hi Kevin, > > I'll look into integrating the fix you mentioned. Do you still use the > Stacked module over the normal one? If so we might merge them. > > Thanks! > > On 14/09/09 1:36 PM, Kevin Manuel wrote: >> Hi, >> >> We figured this one out. In the "_authorizeMAC" subroutine of >> /usr/local/pf/lib/pf/SNMP/Nortel/BayStack5520Stacked.pm, the port and >> board index are only being calculated in the "authorize" section of the > code >> >> if ($authorize) { >> >> #WARNING >> >> #HERE'S THE UGLY HACK >> >> my $portmask = hex('x3f'); >> >> my $slotmask = hex('x3c0'); >> >> $portIndx = ( $ifIndex& $portmask ) + 1; >> >> $boardIndx = ( $ifIndex& $slotmask )>> 6; >> >> $portIndx--; >> >> $boardIndx++; >> >> and not in the "de-authorize" section of code (i.e. } else { ). >> Therefore no mac addresses were successfully being deleted from the mac >> security table. We added the above "UGLY HACK" to the "else" section of >> the subroutine and everything works fine. >> >> Also, we only use BayStack5520Stacked.pm for both stacked and single >> switch 55X0's and it works fine (we don't use BayStack5520.pm). >> >> Kevin > -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
