This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

UPM or mac address based vlan switching?

UPM or mac address based vlan switching?

Tom
New Contributor II

ā€Ž04-05-2017 05:29 PM

I'm looking for suggestions on our design.

We currently have a mixture of extreme products (8806, X670, X450, X440) with multiple VLANS.

Right now I've been assigning ports to vlans manually which is turning into a bit of a pain. I was wondering what the best approach would be to implement a policy whereby machines/ports get their VLAN assignment based on the devices mac address plugging into said port.

EG:
All mac's that begin with XX:XX go into VLAN 1
All mac's that begin with XY:XY go into VLAN 2

Would UPM or Mac Based Netlogin be the better option ?
9 REPLIES 9

Tom
New Contributor II
In response to Matthew_Helm1

ā€Ž04-05-2017 10:19 PM

This is great, thank you Matthew! Going to give it a go this weekend.
0 Kudos

Matthew_Helm1
Extreme Employee
In response to Matthew_Helm1

ā€Ž04-05-2017 10:19 PM

Also here is the latest version of a quick doc I put together on this sort of thing including using freeradius
0 Kudos

Matthew_Helm1
Extreme Employee
In response to Matthew_Helm1

ā€Ž04-05-2017 10:19 PM

Sorry for the tardiness. So here is an example configuration:

# delete the default vlan off of ports 1-3
config vlan default delete port 1-3
# create the netlogin VLAN
create vlan "nl"
# create the VLAN used by a specific device type in this example
create vlan "ouiVLAN"

# config the netlogin vlan
configure netlogin vlan nl
# enable netlogin mac generally
enable netlogin mac
# enable netlogin for mac authentication on ports 1-3
enable netlogin ports 1-3 mac

# create a mac-list filter that will pass the first 24bits + 24 0 bits and "ouipass"
# as the credentials for devices that have the matching OUI
# (a VOIP phone, for instance).
configure netlogin add mac-list 08:00:27:00:00:00 24 ouipass

# create a mac-list filter set which will match all other devices and use 48 bits of
# 0s and "otherpass" as the credentials for devices not having
# the desired OUI.
configure netlogin add mac-list 00:00:00:00:00:00 1 otherpass

#create the accounts with passwords with the appropriate VLAN-VSA assignment
create netlogin local-user "000000000000" otherpass vlan-vsa untagged Default
create netlogin local-user "080027000000" ouipass vlan-vsa ouiVLAN

The above configuration will have any device of the specific manufacture that you want put into the "ouiVLAN".

All others end up in the "Default" VLAN.

Let me know if this helps.
0 Kudos

Tom
New Contributor II
In response to Matthew_Helm1

ā€Ž04-05-2017 10:19 PM

bump ļ™‚
0 Kudos

Tom
New Contributor II
In response to Matthew_Helm1

ā€Ž04-05-2017 10:19 PM

Sounds good to me, keen to see an example if you have time. Appreciate it.
0 Kudos
GTM-P2G8KFN