Re: [Packetfence-users] Enterasys Switches

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Ludovic Marcotte wrote:
> Hi,
>> we have >30 different enterasys switches and all of them support  
>> 802.1x. Is there a technical reason packetfence supports only the C2  
>> serie and event in this case 802.1x or is the reason simply that no  
>> one did implement the support for other switchs of this brand ?
>>   
> We only supported the C2 initially because that's the only model we had 
> access to. Nevertheless, we're completing a deployment right now which 
> uses N3 and D2 so we had a chance to also add support for those too. 
> It'll land in the Monotone tree shortly.
> 
Everyone,

Support for the Matrix N3 just landed in our monotone at rev: 
http://mtn.inverse.ca/revision/info/8097e663108a27eaa1946d4066f0234a9c87378f

Works in port-security called maclock on Enterasys' hardware 
(recommended mode) and in linkUp/linkDown mode.

Admin guide was also updated with information on how to configure the 
switch.

Andreas,

If you look at how we implement support of a switch, you will notice 
that you have a lot of chances that our code for the C2 will work for a 
C3 or a D2 out of the box. However, we don't say so because we have not 
tested it.

If you look at lib/pf/SNMP/Enterasys/SecureStack_C2.pm you will notice 
that there is no code at all in there, this means that everything is 
done by either lib/pf/SNMP/Enterasys.pm or lib/pf/SNMP.pm itself. In the 
Matrix, I only needed to override two subs (one from SNMP and one from 
Enterasys) because the switch required a different behavior.

This means that you can try setting Enterasys in switches.conf 
(type=Enterasys) or Matrix_N3 (type=Enterasys::Matrix_N3) and if you are 
lucky the switch will work out of the box. If it does, please let us 
know the make and model and how you configured it so we can add it to 
our supported list.

As far as 802.1x, its your radius server that becomes the authority on 
auth/autz, you just need to have it call PacketFence to ask for a VLAN. 
See the addons/802.1X/ folder.

Happy experiments!
-- 
Olivier Bilodeau
obi...@in...  ::  +1.514.447.4918 x115  ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.scalableogo.org) and 
PacketFence (www.packetfence.org)