Hi Olivier, for us it is important to use 802.1x. I have imported LG module from 3.1.0 version (in this moment we use 2.2.1) and with a lots of tests with unregistered device I have this results: Device is put correctly in registration vlan but there are not dhcp request on interface of this vlan so device has not ip. Moreover in packetfence log I see
pf::WebAPI(12072) WARN: This switch model doesn't seem to implement 802.1X or a degraded variant like MAC Authentication. Please let us know what hardware you are using (pf::SNMP::NasPortToIfIndex) I have configurated HP procurve switch as HP E4800G switch. In this case with unregistered device, registration vlan is correctly selected and dhcp request are made on correct interface. In packetfence log I see with this workaround: pf::WebAPI(10190) WARN: Unknown NAS-Port format. ifIndex translation could have failed. VLAN re-assignment and switch/port accounting will be affected. (pf::SNMP::ThreeCom::Switch_4200G::NasPortToIfIndex) I think I make other tests using E4800G module... Thanks Raffaele -----Messaggio originale----- Da: Olivier Bilodeau [mailto:[email protected]] Inviato: lunedì 3 ottobre 2011 20:29 A: [email protected] Oggetto: Re: [Packetfence-users] HP Procurve 2600 switch and 802.1x > > in our corporation laboratory we use HP Procurve 2610 switches. > > Im using packetfence 2.2.1 on CentOS 5.6. > > I have configured switch and packetfence for 802.1x, but users can not > authenticate. > > I have seen in supported switches list that 802.1x is not possible for > Procurve 2610. > > Is never possible for thiis switch? > No, it's possible it's just that we have not implemented support for it yet. According to the documentation Francois gathered: * You CANNOT mix the authentication mode, you can only have either 802.1x or MAC Authentication at once on a port * Some firmwares supports multiple client on a single port (for both MAC Auth and 802.1X) but they will reside on the same VLAN. Bad for VoIP. * There is a maximum of 1 client per port on 802.1x on firmware H10.50, H10.83 Is any of the above a problem for you? If so you should look into a port-security implementation instead. If you still want to stick to 802.1X, try using the LG module (type=LG) for your switch as it should do the right thing (NAS-Port translation and forced re-auth should work) give that a go and let us know. If you want to be 100% sure the switch is officially supported, contact [email protected] and ask for a quote to support it. It shouldn't be more than a couple of days of work and the limitations will be documented. Cheers! -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
