Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dell N-Series Compatible Documentation Update #675

Closed
nicholaspier opened this issue Jun 10, 2015 · 3 comments · Fixed by #2115
Closed

Dell N-Series Compatible Documentation Update #675

nicholaspier opened this issue Jun 10, 2015 · 3 comments · Fixed by #2115
Assignees
@lzammit
Labels
Type: Feature / Enhancement

Comments

@nicholaspier
Copy link

This is a request to update documentation and the Packetfence website to indicate that the Dell N-Series campus switches are compatible with the software.

I've tested version: 6.2.1.6
Model: N2024P

The N-Series uses a single firmware image. So, this "should" be the same for all N20XX and N30XX switches. I used the Dell::Force10 Type for configuration with Radius set as the deauthentication method.

Configuration used both SNMP and Mac Address Bypass configuration and is as follows. Mac Address Bypass was used for switch to packetfence queries while SNMP was used to update ports after a user had registered and required a new VLAN. This was tested in out of band mode.

aaa authentication login "defaultList" local
authentication enable
dot1x system-auth-control
aaa authentication dot1x default radius
aaa authorization network default radius
dot1x dynamic-vlan enable
radius-server key "UseAStrongerKey"
radius-server host auth PF_SERVER_IP
name "PacketFence"

End-Device ports can be configured as follows where vlan 101-103 are used for roles and vlan 200 is used for VoIP. Unauthorized devices are immediately placed in vlan 102 (registration). The port-control mac-based allows for multiple devices to be on the same port and use different vlans. This supports "dumb" switches and in my case, older Cisco 7960 phones which did not support LLDP (a role was created for these).

interface Gi1/0/1
switchport mode general
switchport general allowed vlan add 101-103,200
dot1x port-control mac-based
dot1x unauth-vlan 102
dot1x mac-auth-bypass
authentication order mab dot1x
voice vlan 200
exit

Lastly, I'd like to thank all of the contributors to this project. This software is wonderful!
@nicholaspier
Copy link
Author

Additionally, I'd like to note that I forced authorization on uplinks:

switchport mode trunk
dot1x port-control force-authorized

I didn't include the SNMP configuration above but it's fairly standard and would be locked down further in a production environment:
snmp-server community "private" rw
snmp-server community "public" ro

@louismunro
Copy link
Contributor

Issue assigned to lzammit. We'll work on it.

@julsemaan
Copy link
Collaborator

@lzammit whats up with that ?

@lzammit lzammit mentioned this issue Mar 23, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lzammit lzammit

Labels
Type: Feature / Enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Dell N2000 series dot1x doc lzammit/packetfence
4 participants
@louismunro @julsemaan @lzammit @nicholaspier