Jacob Jarick wrote: > Thanks very much for that information, shall follow up on it :) > > On 7/13/07, [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>* < [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > > Jacob > I use procurve switches and i'm quite happy with them. Price is > almost half of cisco prices(and lifetime warranty).(although i > have already seen cisco match hp prices for large purchases if you > mention procurve) > Until previous firmware version they even suppported cisco p > protocols (and open standard). Now they moved to open standards. > > Yep Second Vote for HP Procurves, any of the 26** support dynamic VLAN assignment, they also have a really neat feature for authenticating admin users on their ssh, web, consol interfaces using RADIUS with failover to local... Full accounting support, Mac based authentication, supplicant port mode (where the port on one hp can authenticate to another)... Loads more stuff like filtering and ingress bandwidth limiting using VSAs. These also have a nice feature called OpenVLAN, where the switch can drop people with broken supplicants into an arbitrary vlan, where you can provide resources to help fix their supplicant software.
Unfortunately these do not support POD (packet of disconnect) but apparently this can be achieved via SNMP. All dynamic VLANS must have been setup on the switch before being assigned, or now with later firmware they can be learned (though this tends to break with larger installations). Here’s the wiki page http://wiki.freeradius.org/HP For wireless, depends... do you want a centrally managed wireless infrastructure, or each WAP to be a fully functioning WAP in it's own right. If it's the latter then HP530s are a safe bet. The firmware is currently pretty buggy, but the hardware is sound. They support: Multiple BSSIDS (with fully customisable settings for each). Dynamic VLAN assignment SNMP Trigger events for loads of things. Ingress rate limiting via VSA Learning of tagged VLANS from their uplink (which is really neat) Accounting for security enabled BSSIDS (though not necessarily radius authenticated) POE they also have dual radios, so you can run b/g on one and a on the other, or buy external aerials and run both b/g. There’s also a USB expansion slot marked for use in later firmwares.... could be an 11n upgrade module? Don't support Radius admin login authentication No obvious method of disconnecting users Current Major Bugs Accounting doesn't send interim update packets properly for all BSSIDS, so you sometimes lose data transferred type info. Vlans assigned statically to a BSSID cannot then be assigned dynamically (users traffic just gets black holed). Disabling of the plaintext web server breaks DHCP (most random bug ever). When user changes from one BSSID to another, accounting gets very confused (sometimes). But we still brought 30 of them, as we have faith in HP that these issues will be fixed. Also do a really neat thing where the base can slip onto the t bars of suspended ceilings, then you run a LAN cable above the ceiling with POE... And it looks like it's a wireless wireless access point :) And at £320 a unit, yes they do include a Kensington lock slot. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html