UPM or mac address based vlan switching?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-05-2017 05:29 PM
I'm looking for suggestions on our design.
We currently have a mixture of extreme products (8806, X670, X450, X440) with multiple VLANS.
Right now I've been assigning ports to vlans manually which is turning into a bit of a pain. I was wondering what the best approach would be to implement a policy whereby machines/ports get their VLAN assignment based on the devices mac address plugging into said port.
EG:
All mac's that begin with XX:XX go into VLAN 1
All mac's that begin with XY:XY go into VLAN 2
Would UPM or Mac Based Netlogin be the better option ?
We currently have a mixture of extreme products (8806, X670, X450, X440) with multiple VLANS.
Right now I've been assigning ports to vlans manually which is turning into a bit of a pain. I was wondering what the best approach would be to implement a policy whereby machines/ports get their VLAN assignment based on the devices mac address plugging into said port.
EG:
All mac's that begin with XX:XX go into VLAN 1
All mac's that begin with XY:XY go into VLAN 2
Would UPM or Mac Based Netlogin be the better option ?
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-05-2017 10:19 PM
This is great, thank you Matthew! Going to give it a go this weekend.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-05-2017 10:19 PM
Also here is the latest version of a quick doc I put together on this sort of thing including using freeradius
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-05-2017 10:19 PM
Sorry for the tardiness. So here is an example configuration:
# delete the default vlan off of ports 1-3
config vlan default delete port 1-3
# create the netlogin VLAN
create vlan "nl"
# create the VLAN used by a specific device type in this example
create vlan "ouiVLAN"
# config the netlogin vlan
configure netlogin vlan nl
# enable netlogin mac generally
enable netlogin mac
# enable netlogin for mac authentication on ports 1-3
enable netlogin ports 1-3 mac
# create a mac-list filter that will pass the first 24bits + 24 0 bits and "ouipass"
# as the credentials for devices that have the matching OUI
# (a VOIP phone, for instance).
configure netlogin add mac-list 08:00:27:00:00:00 24 ouipass
# create a mac-list filter set which will match all other devices and use 48 bits of
# 0s and "otherpass" as the credentials for devices not having
# the desired OUI.
configure netlogin add mac-list 00:00:00:00:00:00 1 otherpass
#create the accounts with passwords with the appropriate VLAN-VSA assignment
create netlogin local-user "000000000000" otherpass vlan-vsa untagged Default
create netlogin local-user "080027000000" ouipass vlan-vsa ouiVLAN
The above configuration will have any device of the specific manufacture that you want put into the "ouiVLAN".
All others end up in the "Default" VLAN.
Let me know if this helps.
# delete the default vlan off of ports 1-3
config vlan default delete port 1-3
# create the netlogin VLAN
create vlan "nl"
# create the VLAN used by a specific device type in this example
create vlan "ouiVLAN"
# config the netlogin vlan
configure netlogin vlan nl
# enable netlogin mac generally
enable netlogin mac
# enable netlogin for mac authentication on ports 1-3
enable netlogin ports 1-3 mac
# create a mac-list filter that will pass the first 24bits + 24 0 bits and "ouipass"
# as the credentials for devices that have the matching OUI
# (a VOIP phone, for instance).
configure netlogin add mac-list 08:00:27:00:00:00 24 ouipass
# create a mac-list filter set which will match all other devices and use 48 bits of
# 0s and "otherpass" as the credentials for devices not having
# the desired OUI.
configure netlogin add mac-list 00:00:00:00:00:00 1 otherpass
#create the accounts with passwords with the appropriate VLAN-VSA assignment
create netlogin local-user "000000000000" otherpass vlan-vsa untagged Default
create netlogin local-user "080027000000" ouipass vlan-vsa ouiVLAN
The above configuration will have any device of the specific manufacture that you want put into the "ouiVLAN".
All others end up in the "Default" VLAN.
Let me know if this helps.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-05-2017 10:19 PM
bump 
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-05-2017 10:19 PM
Sounds good to me, keen to see an example if you have time. Appreciate it.
