Hi Olivier, I'm not running 4500 but I'm having the same problem on the newer 4800G with the latest firmware. Also I don't like the MIB layout on the 3Com which requires OID_hwdot1qTpFdbSetPort to scan through the whole mac address table to lookup for a port. It takes more than 5 mins for OID_hwdot1qTpFdbSetPort to run in a /21 network with thousands of mac-address in the table.
Jason -- Jason Chan Intermediate Network Administrator Information & Instructional Technology Services University of Toronto Scarborough Phone: (416) 208-4768 Email: [email protected] -----Original Message----- From: Olivier Bilodeau [mailto:[email protected]] Sent: Tuesday, March 29, 2011 11:57 AM To: [email protected] Subject: [Packetfence-users] 3Com 4200G port-security problem Hi, I've found an issue with the 3Com 4200G with an old firmware and reproducible with the latest firmware. I was wondering if anyone here had experienced something similar and what have they done to work-around the problem.. Also I'm curious whether the SS4500 is affected by the same problem as well. Unfortunately we don't have one here :( I would happily provide configuration and guidance if someone would be willing to do some tests on it for me. The problem: secureViolation traps are not sent if the MAC has already been authorized on another port on the same VLAN. This tend to happen a lot once the system is deployed. For example: - port 1 has MAC aa in security table, user authenticated correctly so it's in normal VLAN - port 2 has MAC bb in security table, user authenticated correctly so it's in normal VLAN - User in port 2 leaves - User in port 1 plugs in in port 2. No trap will be sent because MAC aa is already authorized in port 1 on the same normal VLAN. This is definitely a bug but since this switch is end-of-life I'm pretty sure we won't see it fixed. What will most likely happen is that I'll disable the port-security support for the 4200G and hopefully get 802.1X / MAC Auth to work fine. For the SS4500 I'll wait and see what people report. Thanks, -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
