pf::Switch::ThreeCom::E5500G
-head1 DESCRIPTION
Object oriented module to access and manage 3COM E5500G Switch
Voice over IP with MAC Auth / 802.1X could work but was not attempted. Although current limitation regarding 802.1X re-authentication could imply lost calls on VLAN changes.
802.1X and MAC-Authentication confirmed to work with firmware V3.03.02s168p07.
Tested by the community.
We never tested these switches in a stacked configuration. It might work out of the box or the module might need adjustments.
This switch's NAS-Port usage is not well documented or easy to guess so we reversed engineered the translation for the 4200G but it might not apply well to other switches. If it's your case, please let us know the NAS-Port you obtain in a RADIUS Request and the physical port you are on. The consequence of a bad translation are that VLAN re-assignment (ie after registration) won't work.
The 4200G exhibit a behavior where secureViolation traps are not sent if the MAC has already been authorized on another port on the same VLAN. This tend to happen a lot (when users move on the same switch) for this reason we recommend not to use this switch in port-security mode.
This behavior has not been confirmed or denied for this model.
Since this is critical for PacketFence's operation, as a work-around, we decided to bounce the port which will force the client to re-authenticate and do DHCP. Because of the port bounce PCs behind IP phones aren't recommended. This behavior was experienced on a Windows 7 client on the 4200G with the latest firmware.
This behavior has not been confirmed or denied for this model.
Depending on your needs, you might want to use userlogin-secure-or-mac-ext instead of mac-else-userlogin-secure-ext. In the former mode a 802.1X failure will leave the port unauthenticated and access will be denied. In the latter mode, if 802.1X doesn't work then MAC Authentication is attempted. It's really a matter of choice.
Inverse inc. <info@inverse.ca>
Copyright (C) 2005-2015 Inverse inc.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.