<<

NAME

pf::Switch::Brocade - Object oriented module to access SNMP enabled Brocade Switches

SYNOPSIS

The pf::Switch::Brocade module implements an object oriented interface to access SNMP enabled Brocade switches.

STATUS

Supports
802.1X and MAC-Authentication with and without VoIP

Stacked switch support has not been tested.

Tested on a Brocade ICX 6450 Version 07.4.00T311.

BUGS AND LIMITATIONS

Limitations with 802.1X to MAC-Auth fallback

There is no automatic fallback from 802.1X to MAC-Authentication supported by the vendor at this time. However there is a means for RADIUS to explicitly say to the switch not to require 802.1X. This has the implication that PacketFence must be aware of all non-802.1X capable devices connecting to the switch (if 802.1X enforcement is required) and that it tells the switch to not require 802.1X for these devices.

The workaround implemented in the Brocade code is such that VoIP devices will fallback to MAC-Auth if they have been pre-registered in PacketFence (see voip attribute under node). All other device categories (Game consoles, appliances, etc.) that don't support 802.1X will have problem in a Brocade setup. Customer specific workarounds in pf::radius::custom could be made for that.

Vendor is aware of the problem and is working to support 802.1X to MAC-Auth fallback.

CONFIGURATION AND ENVIRONMENT

conf/switches.conf

SUBROUTINES

getVersion
_dot1xPortReauthenticate

Actual implementation.

Allows callers to refer to this implementation even though someone along the way override the above call.

parseTrap

All traps ignored

getVoipVSA

Get Voice over IP RADIUS Vendor Specific Attribute (VSA).

isVoIPEnabled

Supports VoIP if enabled.

returnRadiusAccessAccept

Overloading pf::Switch's implementation to send vsa in the radius reponse.

It's optional, but we can force the 802.1x authentication by sending Foundry-MAC-Authent-needs-802.1x at 1. Disabled by default.

AUTHOR

Inverse inc. <info@inverse.ca>

COPYRIGHT

Copyright (C) 2005-2015 Inverse inc.

LICENSE

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

<<