The end goal: Establish a fleet of inexpensive "roaming network devices" that can plug into any port on our mostly-Cisco-3560 network, get a trunk port, and have their own interfaces managed by PacketFence as well.
Progress thus far: The NETGEAR GS108/110T/110TP series looks like a good bet for a sub-$300 switch with all the physical media options we need (power over ethernet and SFP uplinks on some models), and just enough smarts to support PacketFence via link up/down traps. I've engaged Inverse to make a GS110.pm. Where I'm stuck: As feared, the "floating network devices" feature, which is documented for the SNMP use cases, is not working for me with 802.1X MAB. Should it? Do I need to go "back" to a port-security configuration instead? # floating_network_device.conf [2c:b0:5d:90:a0:0a] ip=10.22.64.80 trunkPort=yes pvid=10 taggedVlan=20,100,3665,3666,3667,3668 Jun 01 15:44:25 pf::WebAPI(17717) INFO: handling radius autz request: from switch_ip => *, connection_type => Ethernet-NoEAP mac => 2c:b0:5d:90:a0:0a, port => 50004, username => 2cb05d90a00a (pf::radius::authorize) Jun 01 15:44:25 pf::WebAPI(17717) INFO: MAC: 2c:b0:5d:90:a0:0a is of status unreg; belongs into registration VLAN (pf::vlan::getRegistrationVlan) -- Rich Graves http://claimid.com/rcgraves Carleton.edu Sr UNIX and Security Admin ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
