UPM or mac address based vlan switching?

  • 0
  • 2
  • Question
  • Updated 1 year ago
  • Answered
I'm looking for suggestions on our design. 

We currently have a mixture of extreme products (8806, X670, X450, X440) with multiple VLANS. 

Right now I've been assigning ports to vlans manually which is turning into a bit of a pain. I was wondering what the best approach would be to implement a policy whereby machines/ports get their VLAN assignment based on the devices mac address plugging into said port. 

EG:
All mac's that begin with XX:XX go into VLAN 1
All mac's that begin with XY:XY go into VLAN 2

Would UPM or Mac Based Netlogin be the better option ?
Photo of Tom

Tom

  • 154 Points 100 badge 2x thumb

Posted 2 years ago

  • 0
  • 2
Photo of Matthew Helm

Matthew Helm, Employee

  • 1,852 Points 1k badge 2x thumb
You wouldn't need to use UPM for VLAN assignment, but it could be used for other things. The easiest approach would be to use local MAC authentication with a mask filtering certain OUIs and creating local users in the local user database with VLAN VSAs (and UPM scripting if needed) locally on the switch.

I'll follow with an example shortly.
Photo of Matthew Helm

Matthew Helm, Employee

  • 1,852 Points 1k badge 2x thumb
Also here is the latest version of a quick doc I put together on this sort of thing including using freeradius
Photo of Tom

Tom

  • 154 Points 100 badge 2x thumb
This is great, thank you Matthew! Going to give it a go this weekend. 
Photo of gbs

gbs

  • 490 Points 250 badge 2x thumb
I've tested this configuration and seems to be what i need.

Is it possible to pass "2 untagged vlan" in the same port using this? (like dataVlan and voiceVlan)?

Or at least "1 untagged + 1 tagged" ?
Photo of Matthew Helm

Matthew Helm, Employee

  • 1,852 Points 1k badge 2x thumb
Are two devices connecting to the same port (e.g. a PC connecting to a VOIP phone which is connected to the switch)?
Photo of gbs

gbs

  • 490 Points 250 badge 2x thumb
Yes, they are.

I have those scenarios:
Extreme Switch -> Computer
Extreme Switch -> Avaya Phone
Extreme Switch -> Not managed Switch -> Computer/Avaya (or another brand...) Phone
Extreme Switch -> Avaya Phone -> Computer
Extreme Switch -> Avaya Phone -> Another brand (that cant do vlan) Phone