On 05/08/2012 07:42 PM, Steve Wittstruck wrote: ... > Lastly, not sure this is proper etiquette, i.e. going off subject, it > is related though. I'm curious about 802.1x for doing VLAN > manipulation. In the podcast you did last year, did I detect your > preference for 802.1x? In my case, particularly for VLAN > manipulation? At one time I would have thought port-security had > better switch vendor support for allowing PF VLAN manipulation, vs. > vendor support of 802.1x supplicant clients, especially in a widely > diverse and open network philosophy as ours. I'm not sure that's > true anymore. I have plans to do 802.1x testing but for the > immediate future I'm leaning on port-security. >
802.1X is orders of magnitude more standardized than port-security. 802.1X It's based on RADIUS, all the EAP flavors are standardized and supported by FreeRADIUS, proprietary extensions exists but are scarce and their definition is included in FreeRADIUS and their assignment handled by IANA. Port-Security It's pretty much whatever the vendor wanted to call "port-security". We rely on a generic NMS protocol to get the information and react (SNMP). There is as much fragmentation in what port-security does as there are network vendor OSes. I found the same type of bug several times in several different implementations. As a developer I have to say that 802.1X is a lot more elegant and modern than port-security but that might be a little biased since the burden is more on FreeRADIUS than on us. Regards, -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
