Hi, I've found an issue with the 3Com 4200G with an old firmware and reproducible with the latest firmware.
I was wondering if anyone here had experienced something similar and what have they done to work-around the problem.. Also I'm curious whether the SS4500 is affected by the same problem as well. Unfortunately we don't have one here :( I would happily provide configuration and guidance if someone would be willing to do some tests on it for me. The problem: secureViolation traps are not sent if the MAC has already been authorized on another port on the same VLAN. This tend to happen a lot once the system is deployed. For example: - port 1 has MAC aa in security table, user authenticated correctly so it's in normal VLAN - port 2 has MAC bb in security table, user authenticated correctly so it's in normal VLAN - User in port 2 leaves - User in port 1 plugs in in port 2. No trap will be sent because MAC aa is already authorized in port 1 on the same normal VLAN. This is definitely a bug but since this switch is end-of-life I'm pretty sure we won't see it fixed. What will most likely happen is that I'll disable the port-security support for the 4200G and hopefully get 802.1X / MAC Auth to work fine. For the SS4500 I'll wait and see what people report. Thanks, -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
