Configuration example 1
Procedure
In this example, PCs are connected to a meeting room 2615 switch series, which is connected to a 38xx switch series where local MAC authentication occurs. In addition:
For further authentication of any OUIs, predefined in SwitchOS, group default is not allowed.
-
Create 5 LMA profiles
-
There is no need to create profiles for Guest PCs as you don’t know the MACs. Configure unauth-vid (explained in step 3 below) so that such a client fails the authentication and is put into guest VLAN.
-
(for 2615 switches)aaa port-access local-mac profile “corp-switch-prof” vlan tagged 15 -
(for corporate PCs)aaa port-access local-mac profile “corp-pc-prof” vlan untagged 2 -
(for the rest of corporate PCs)aaa port-access local-mac profile “rest-pc-prof” vlan untagged 3 -
(for corporate ip phones)aaa port-access local-mac profile “corp-phone-prof” vlan tagged 5 -
(for WLAN APs)aaa port-access local-mac profile “wlan-ap-prof” vlan untagged 10 tagged 12-14 -
Associate MACs to these profiles
aaa port-ac local-mac apply profile corp-switch-prof mac-oui 001080aaa port-ac local-mac apply profile corp-pc-prof mac-addr 002622bba7acaaa port-ac local-mac apply profile rest-pc-prof mac-mask 002622bb/32 mac-mask 002622bc/32aaa port-ac local-mac apply profile corp-phone-prof mac-oui 008011aaa port-ac local-mac apply profile “wlan-ap-prof” mac-oui 008012 -
Configure guest VLAN
aaa port-ac local-mac <ports> unauth-vid 99 -
Enable LMA on ports
aaa port-ac local-mac <ports>