Netlogin mac-based VLANs with Local Database and Wildcard?

  • 0
  • 1
  • Question
  • Updated 5 years ago
Create Date: Jun 11 2012 7:40AM

Hi,

i have a conferencing room with 8 ports there on a BlackDiamond 8806. I want only this 8 ports to add netlogin mac-based vlan because my collegs MAC address (13 notebooks) should get the intern vlan to access all servers and files. And all other MAC`s (Guests) should get access to my Guest VLAN. So is there a wildcard for the local database to add all unknown MAC addresses to my configured Guest VLAN named "GaesteNetwork".

Ive tried to use my GuestVLAN as Netlogin VLAN but this doesnt work and i dont found a wildcard for "all other MAC addresses"

Greetz Chris and thanks for help.

(from Chris_Huettner)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb

Posted 5 years ago

  • 0
  • 1
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Jun 11 2012 2:45PM

Guest VLAN feature only works with 802.1X enabled ports. Without a radius server, the only way this will work is with the service-unavailable feature. Here's my config:





#

# Module netLogin configuration.

#

configure netlogin vlan temp

enable netlogin mac

configure netlogin mac authentication database-order local radius

enable netlogin ports 2 mac

configure netlogin ports 2 mode port-based-vlans

configure netlogin ports 2 no-restart

configure netlogin ports 2 allow egress-traffic all_cast

configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48

enable netlogin authentication service-unavailable vlan ports 2

configure netlogin authentication service-unavailable vlan GUEST ports 2





(from john_padilla)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Jun 11 2012 2:52PM

Hi jp,

thanks for your answer, i will give it a try ..



edit:

hi jp,

now all notebooks get the failover VLAN GästeNetwork. My 13 notebooks who should get the internal VLAN , too?

* Extreme Networks BlackDiamond.1 # sh netlogin local
Netlogin Local User Name Extended-VLAN VSA Security Profile
------------------------ ----------------------------- ----------------------
001f29b763f4 U ClientData <not configured>
0022645714c4 U ClientData <not configured>
00248147e97a U ClientData <not configured>
0024816946b8 U ClientData <not configured>
0080c83c45fb U ClientData <not configured>
2c413815b772 U ClientData <not configured>
64315090e9e6 U ClientData <not configured>
705ab6ac1855 U ClientData <not configured>
* Extreme Networks BlackDiamond.2 #



but this should be correct? my local database?



(from Chris_HÃ1⁄4ttner)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Jun 11 2012 3:20PM

Yes, any device that should be moved to a different VLAN other than the GUEST will have a local database entry.

(from john_padilla)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Jun 12 2012 6:09AM

Hi jp,

i dont know why, but now my collegs notebooks geht the failover vlan "GästeNetwork" too. No switchting to the internal VLAN. My local database seems to be good.

i dont understand the command:

conf netlogin add mac-list ff:ff:ff:ff:ff:ff:ff 48

* Extreme Networks BlackDiamond.1 # configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48
WARNING: Existing entry in the table was replaced with the new password/port-list.

whats now the password for my mac-list "default" ? or should i do an extra command for:

configure add mac-list default mypassword?

and then add my collegs MAC`s with

create netlogin local-user 000000000000 vlan-vsa untagged ClientData ?



EDIT:

thanks jp, i reconfigured the local database a third time and now it works. ? dont know why ;-)

(from Chris_HÃ1⁄4ttner)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Jun 12 2012 1:49PM

The netlogin default mac-list (eg. ff:ff:ff:ff:ff:ff:ff 48) is used to send the mac address found on the netlogin enabled port to the local and/or radius database. This means all mac addresses found on the interface must be sent to authentication.

The default mac-list password is the mac address in all caps.

To move your local-user into the ClientData VLAN, then create a new netlogin local-user entry with the mac address and username and password.



(from john_padilla)

This conversation is no longer open for comments or replies.