Implementing BYOD-redirect configuration examples
The following examples show how to implement BYOD-redirect for both wired and wireless solutions.
BYOD configuration on a distribution switch
To facilitate the BYOD-redirect function, complete the following tasks on the distribution switch:
- Configure DNS and make FQDN solution successful:
ip dns server-address priority 1 <
DNS-server-IP>.NOTE:The argument to the URL can be an FQDN or IP address. If you use the IP address as an argument, this step is not necessary.
Configure BYOD web-server URL: portal web-server "byod" url http://imc.com:8080/byod.
Enable BYOD-redirect on a VLAN: vlan 101 portal web-server "byod."
- Configure BYOD-redirect free-rules on the on-boarding VLAN 101 to permit client traffic transit through DNS and DHCP servers using the following commands.To permit DNS traffic to/from a DNS server to a client through on-boarding VLAN:
portal free-rule 1 vlan 101 source any udp 0 destination any udp 53
portal free-rule 2 vlan 101 source any udp 53 destination any udp 0
portal free-rule 3 vlan 101 source any udp 68 destination any udp 67
portal free-rule 4 vlan 101 source any udp 67 destination any udp 68
Register the device in IMC on the on-boarding VLAN. When registration is successful, client traffic is placed into different VLAN (guest/corporate) configurations.
Client authentication configuration on edge switch
Enable MAC authentication on edge switch port 1-2 using the following commands:
# enable mac authentication on ports 1-2
aaa port-access mac-based 1-2
# configure number of client limits on port 1 and port2
aaa port-access mac-based 1 addr-limit 32
aaa port-access mac-based 2 addr-limit 32
radius-server host <radius ip> dyn-authorization
radius-server host <radius ip> time-window 0
Access Type |
Edge Switch |
Distribution Switch |
Configuration ProcedureNote |
---|---|---|---|
Wired Access |
Edge switch (for example 2530) |
5400 switch |
|
Wireless Access |
|
Access Type |
Edge Switch |
Distribution Switch |
Configuration Procedure |
---|---|---|---|
Wired Access |
Edge switch (for example 2530) |
Switch 3810 |
|
Access Type |
Edge Switch |
Distribution Switch |
Configuration Procedure |
---|---|---|---|
Wired Access |
Edge switch (for example 3500) |
N/A |
|