Re: [Netdisco] 802.1x/Phones/etc

[Ian H. <ia...@ia...>]

On Thu, 19 Aug 2010, Alan Buxey wrote:

> if you are using eg FreeRADIUS or RADIATOR then it should be possible 
> (fairly easy, not trivial) to put the username details into a new table 
> in netdisco - the RADIUS server will know the switch address and port 
> (its in the AAA requests) - so just do an SQL call in the post-auth 
> section (FreeRADIUS) or after auth in RADIATOR.

Yep, we're a Radiator shop, so this isn't a problem.

> however, we have an issue with RADIUS assigned VLANs in NetDISCO in that 
> we dont have an 'access vlan' defined for the PC - its derived from the 
> server after authentication so netdisco shows the port belongs to all 
> VLANs :-(

I've noticed this in our auth-fail VLAN.

> ? it should show it when they are logged in - but its sort of based on 
> the historically windows way - WINS servers - which are all but 
> dying/dead with win vista/7

Suspected it'd be something WINS related - we're not assigning WINS 
servers from DHCP.

I'll give WINS a go, but otherwise will replace it with WMI. I've already 
used the commandline WMI lookup tool to determine PC -> user for a web 
logging project.

> you can put that info into the phones LLDP. turn LLDP on on the handset 
> and the switch (its the IEEE version of CDP) - then you can pick up the 
> extension as part of LLDP info - but not sure if netdisco handles LLDP 
> on cisco - yet!

Sweet, that certainly sounds easiest.

> do you have voice vlan and access vlan? or all just on a trunk? or all 
> just on a vlan?  PCs get added to the system via MAC address table 
> entries and then ARP info to get IPs, the PC isnt SNMP'd

Access and voice VLANs. It really isn't a problem, just means the weekly 
root discovery takes ages particularly for our long distance WAN sites.

> ;-)  we have a similar issue since migration from autonomous several 
> years ago. the WISM devices can be SNMP walked etc...the APs themselves 
> are pretty dumb (though you can turn on remote telnet/ssh if you really 
> wanted (warning, only do it for bug tracking/debugging!). it'd be nice 
> to get some functionality back...but not too essential (for us - as we 
> have WCS feeding us info - as we wrote some home-grown scripts to do 
> tracking of MAC/IP across such devices)

I'm assuming the WLC has the smarts to display the same information via 
SNMP, so it may just be a matter of telling Netdisco that the WLC is an 
access point. I haven't looked that far into how Netdisco works to know if 
this is a good idea or not. :)

While on the topic of bad ideas, I've got a handful of modern switches 
showing up as ciscoProducs.xxxx. These are 3560V2s, and CBS3100s. Is it 
just a matter of updating the Cisco entity MIBs to include a model number?

Thanks,




- I.