Include 3Com SS4400 (SuperStack) switch in the compatibility list

inverse-inc / packetfence

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.

https://packetfence.org

GNU General Public License v2.0

1.33k stars 281 forks source link

Include 3Com SS4400 (SuperStack) switch in the compatibility list #6325

Closed fcpimenta closed 3 years ago

fcpimenta commented 3 years ago

Is your feature request related to a problem? Please describe. I am trying to configure many switches we have in our company to activate Captive Portal using Aruba Instant as a wi-fi AP. But we noted that the switch 3Com SS4400 is not in the list of models. When I try to configure, packetfence informs me that this switch is not supported. Is it possible to include this model?

Describe the solution you'd like I want to configure the correct switch for my environment and make it work correctly.

Describe alternatives you've considered I've selected generic switch and other models, but it does not work as expected.

Additional context N/A

nqb commented 3 years ago

Hello,

Which RADIUS attributes need to be returned to your 3COM SS4400 ?
Did you try to use switch templates to achieve your goal ?

fcpimenta commented 3 years ago

Hi @nqb,

For the first question, I've researched the switch documentation, and here is what it shows:

3Com Vendor Specific Attribute

The default user levels on the Switch (monitor, manager, admin) are supported by a 3Com Vendor Specific Attribute (VSA). The Vendor-ID for 3Com is 43. You must configure the RADIUS server to send this attribute in the Access-Accept message in order to specify the access level required for each user account. The configurable attribute values are:

Monitor (1) — the user can view all manageable parameters, except special/security features, but cannot change any manageable parameters.
Manager (2) — the user can access and change the operational parameters but not special/security features.
Administrator (3) — the user can access and change all manageable parameters.

For the second question, I tried to create a template, but I'm not sure if I am sending the correct response for the switch.

Can you help me?

nqb commented 3 years ago

Hello @fcpimenta,

If you are trying "to activate Captive Portal using Aruba Instant as a wi-fi AP", I don't think you read the correct manual section. Switch template should cover most of your needs and allow you to return almost all RADIUS attributes.

If you want to do WebAuth, you will have to write your own switch module in Perl.

So it's important to be sure what you want to achieve.

fcpimenta commented 3 years ago

Hi @nqb,

I've managed to configure a switch template and authenticate with write access to the 3Com switch.

I think I was in the wrong way.

Thanks!!