pf::Switch::ThreeCom::Switch_4200G - Object oriented module to access SNMP enabled 3COM 4200G Switch
Voice over IP with 802.1X could work but was not attempted. Although current limitation regarding 802.1X re-authentication could imply lost calls on VLAN changes.
Voice over IP with MAC Auth works
Developed and tested on Switch 4200G firmware version 3.02.04s56
This switch's NAS-Port usage is not well documented or easy to guess so we reversed engineered the translation for the 4200G but it might not apply well to other switches. If it's your case, please let us know the NAS-Port you obtain in a RADIUS Request and the physical port you are on. The consequence of a bad translation are that VLAN re-assignment (ie after registration) won't work.
The 4200G exhibit a behavior where secureViolation traps are not sent if the MAC has already been authorized on another port on the same VLAN. This tend to happen a lot (when users move on the same switch) for this reason we recommend not to use this switch in port-security mode.
Firmware version 3.02.00s56 and 3.02.04s56 (latest) were tested and had the problematic behavior.
Since this is critical for PacketFence's operation, as a work-around, we decided to bounce the port which will force the client to re-authenticate and do DHCP. Because of the port bounce PCs behind IP phones aren't recommended. This behavior was experienced on a Windows 7 client on the 4200G with the latest firmware.
V3.03.02s168p15 has bug when radius returns the vlan corrected in V3.03.02s168p19 OS V3.03.02s168p21 works well, we did lot of tests on it.
Depending on your needs, you might want to use userlogin-secure-or-mac-ext instead of mac-else-userlogin-secure-ext. In the former mode a 802.1X failure will leave the port unauthenticated and access will be denied. In the latter mode, if 802.1X doesn't work then MAC Authentication is attempted. It's really a matter of choice.
Translate RADIUS NAS-Port into switch's ifIndex.
Because of issues with 802.1X re-auth on these switches, we bounce the port instead. See in "BUGS AND LIMITATIONS".
Inverse inc. <info@inverse.ca>
Copyright (C) 2005-2015 Inverse inc.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.