Wired Intelligent Edge

last person joined: 18 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Voice VLAN based on MAC range or Mac-OUI in 6200F or 6100

This thread has been viewed 81 times
  • 1.  Voice VLAN based on MAC range or Mac-OUI in 6200F or 6100

    Posted Oct 13, 2021 04:24 AM
    Hello

    In Cisco switches, it is possible to configure voice vlan based on MAC address only.

    Even if the phone doesn't support LLDP, CDP or can't tag traffic, we can still place it in the voice vlan based on the MAC range without touching the phone.

    is there any way to configure the same in Aruba AOS-CX 10.08 switches like 6200f or 6100 to move a phone in a vlan based only on its mac-OU?

    which command ?

    Thanks

    ------------------------------
    David
    ------------------------------


  • 2.  RE: Voice VLAN based on MAC range or Mac-OUI in 6200F or 6100

    Posted Oct 13, 2021 04:49 AM
    Hello David,

    It seems the 'Device Profiles' feature is what you are looking for. Check the Fundamentals Guide for 6200 - https://www.arubanetworks.com/techdocs/AOS-CX/10.08/HTML/fundamentals_6200/Content/Chp_Dev_disc/dev-pro-fl-m-10.htm 'Configuring a device profile for local MAC match' section.


    ------------------------------
    Ivan Bondar
    ------------------------------



  • 3.  RE: Voice VLAN based on MAC range or Mac-OUI in 6200F or 6100

    Posted Oct 13, 2021 05:14 AM
    Hello
    that's exactly what I did and it doesn't work. I really don't know anymore.

    #mac-group test
      mac-oui 00:09:40

    #port-access role test_role
    vlan access 100

    #port-access device-profile profile01
    enable
    associate mac-group test
    associate role test_role

    Phone still stays in vlan 1.


    I really don't know anymore.

    regards


    ​​​

    ------------------------------
    David
    ------------------------------



  • 4.  RE: Voice VLAN based on MAC range or Mac-OUI in 6200F or 6100

    Posted Oct 13, 2021 05:37 AM
    I have a stacking with 5 Aruba 6200f switches.
    I need this features to move all telephones in a Vlan. This function is very very important to us.
    How can I do that?

    ------------------------------
    David
    ------------------------------



  • 5.  RE: Voice VLAN based on MAC range or Mac-OUI in 6200F or 6100

    Posted Oct 13, 2021 05:45 AM
    Could you connect the phone to the switch, wait for it to get IP from VLAN 1 and send me the output of the following commands:

    show interface <phone_port>
    show mac-address-table port <phone_port>
    show vlan 100
    show port-access device-profile
    show port-access device-profile interface all​



    ------------------------------
    Ivan Bondar
    ------------------------------



  • 6.  RE: Voice VLAN based on MAC range or Mac-OUI in 6200F or 6100

    Posted Oct 13, 2021 07:12 AM
    Hello


    sw-arb01(config)# sh interface 1/1/10

    Interface 1/1/10 is up
    Admin state is up
    Link state: up for 1 minute (since Wed Oct 13 12:40:00 CEST 2021)
    Link transitions: 75
    Description:
    Hardware: Ethernet, MAC Address: 38:10:xx:xx:xx:xx
    MTU 1500
    Type 1GbT
    Full-duplex
    qos trust cos
    Speed 100 Mb/s
    Auto-negotiation is on
    Energy-Efficient Ethernet is disabled
    Flow-control: off
    Error-control: off
    MDI mode: MDI
    VLAN Mode: access
    Access VLAN: 1
    Rate collection interval: 300 seconds

    Rate RX TX Total (RX+TX)
    ---------------- -------------------- -------------------- --------------------
    Mbits / sec 0.00 0.02 0.02
    KPkts / sec 0.00 0.02 0.02
    Unicast 0.00 0.00 0.00
    Multicast 0.00 0.01 0.01
    Broadcast 0.00 0.01 0.01
    Utilization 0.00 0.02 0.02

    Statistic RX TX Total
    ---------------- -------------------- -------------------- --------------------
    Packets 715668 3442753 4158421
    Unicast 572704 147754 720458
    Multicast 1018 1825103 1826121
    Broadcast 141946 1469896 1611842
    Bytes 47004636 535176593 582181229
    Jumbos 0 0 0
    Dropped 0 0 0
    Pause Frames 0 0 0
    Errors 0 0 0
    CRC/FCS 0 n/a 0
    Collision n/a 0 0
    Runts 0 n/a 0
    Giants 0 n/a 0

    sw-arb01(config)# show mac-address-table port 1/1/10
    MAC age-time : 300 seconds
    Number of MAC addresses : 1

    MAC Address VLAN Type Port
    --------------------------------------------------------------
    00:09:40:xx:xx:xx 1 dynamic 1/1/10

    sw-arb01(config)# sh vlan 100

    ------------------------------------------------------------------------------------------------------------------
    VLAN Name Status Reason Type Interfaces
    ------------------------------------------------------------------------------------------------------------------
    100 VLAN100 up ok static 1/1/2


    sw-arb01(config)# show port-access device-profile

    Profile Name : test_profile
    LLDP Groups :
    CDP Groups :
    MAC Groups : test
    Role : test_role
    State : Enabled

    sw-arb01(config)# sh port-access device-profile interface all
    No device-profile clients found.


    regards
    David

    ------------------------------
    David
    ------------------------------



  • 7.  RE: Voice VLAN based on MAC range or Mac-OUI in 6200F or 6100

    Posted Oct 13, 2021 09:33 AM
    OUI is correct, VLAN 100 is present, device-profile is enabled, the role is bound... The only issue is that the switch can't match the phone to the profile... Could you send me output of 'show system' so I can check if it's not a limitation or a bug...

    ------------------------------
    Ivan Bondar
    ------------------------------



  • 8.  RE: Voice VLAN based on MAC range or Mac-OUI in 6200F or 6100

    Posted Oct 13, 2021 09:53 AM
    Hi,

    sw-arb01# show system
    Hostname : sw-arb01
    System Description : PL.10.08.0001
    System Contact :
    System Location :

    Vendor : Aruba
    Product Name : JL675A 6100 48G CL4 4SFP+ Swch
    Chassis Serial Nbr : XXXXXXXXXX
    Base MAC Address : 38XXXX-XXXXXXX
    ArubaOS-CX Version : PL.10.08.0001

    Time Zone : Europe/Amsterdam

    Up Time : 3 weeks, 2 days, 1 hour, 3 minutes
    CPU Util (%) : 6
    Memory Usage (%) : 24


    regards

    ------------------------------
    David
    ------------------------------



  • 9.  RE: Voice VLAN based on MAC range or Mac-OUI in 6200F or 6100

    Posted Oct 13, 2021 10:53 AM

    Ok, I've just tested your configuration and found the issue. You miss one additional configuration that is required for the local MAC match:

    switch(config)# interface 1/1/10
    switch(config-if)# port-access device-profile
    switch(config-if-deviceprofile)# mode block-until-profile-applied
    switch(config-if-deviceprofile)# end​

    "Configures the switch to block the port until a profile match occurs for a device. This configuration is required when no security feature is enabled on the port.
    You must enable this mode or security on the port for local MAC match feature to operate. You must not enable both features on the same port at the same time."

    After I added the commands above on the switchport and flapped the port, the host connected appeared under VLAN 100. Please, make a test and let me know if it works for you.

    ------------------------------
    Ivan Bondar
    ------------------------------



  • 10.  RE: Voice VLAN based on MAC range or Mac-OUI in 6200F or 6100

    Posted Oct 13, 2021 12:33 PM
    Hi

    yes it works!! but how can I do it for all 200 ports in vsf domain (stäcking)?
    I've tried it with the interface range command, it doesn't work. 

    We want that, when user connects the phone to the switch port, no matter which port, and the mac address is match, he should automatically go to VLAN 100, otherwise he should stay in vlan 1, such as Laptop or PC.


    With which command can I do it for all switchport? 
    I found that in Aruba Swicth Manuel: "You must configure this mode in device profile only on standalone ports"

    how can I do it for all Swicth ports?

    thanks and regards


    ------------------------------
    David
    ------------------------------



  • 11.  RE: Voice VLAN based on MAC range or Mac-OUI in 6200F or 6100

    Posted Oct 13, 2021 01:06 PM
    I am afraid I don't know the answer, at first sight it seems to be impossible to execute these commands on a range of ports. But maybe somebody else can figure out any shortcut, let's wait for input from other community members...

    EDIT: Actually it works. Not sure why it didn't work from my first attempt, maybe I mistyped the command and since you said it doesn't work I didn't put much effort to verify it. But it really works, check your range statement and correctness of the commands you type.


    ------------------------------
    Ivan Bondar
    ------------------------------



  • 12.  RE: Voice VLAN based on MAC range or Mac-OUI in 6200F or 6100

    Posted Oct 13, 2021 02:20 PM
    Hello, 

    The command seems to be working with an interface range. Here an example how I pushed it to 5 ports with a single entry.
    What exactly is not working for you?
    ...

    6200# conf
    6200(config)# interface 1/1/1-1/1/5
    6200(config-if-<1/1/1-1/1/5>)# port-access device-profile mode block-until-profile-applied
    6200(config-if-<1/1/1-1/1/5>)# show run int 1/1/1-1/1/5
    interface 1/1/1
    no shutdown
    vlan access 1
    port-access device-profile
    mode block-until-profile-applied
    exit
    interface 1/1/2
    no shutdown
    vlan access 1
    port-access device-profile
    mode block-until-profile-applied
    exit
    interface 1/1/3
    no shutdown
    vlan access 1
    port-access device-profile
    mode block-until-profile-applied
    exit
    interface 1/1/4
    no shutdown
    vlan access 1
    port-access device-profile
    mode block-until-profile-applied
    exit
    interface 1/1/5
    no shutdown
    vlan access 1
    port-access device-profile
    mode block-until-profile-applied
    exit

    ------------------------------
    Emil Gogushev
    ------------------------------



  • 13.  RE: Voice VLAN based on MAC range or Mac-OUI in 6200F or 6100

    Posted Oct 13, 2021 11:01 PM
    Hi Emil!

    Yes, you are completely right. TBH for me it was giving and error, but now I believe it was due to the incorrect buffer contents during copy-paste. And since David claimed it doesn't work for him too I didn't investigate it as careful as I should. But after re-entering those commands manually under the range context I see it works now.

    ------------------------------
    Ivan Bondar
    ------------------------------



  • 14.  RE: Voice VLAN based on MAC range or Mac-OUI in 6200F or 6100

    Posted Oct 14, 2021 03:54 AM
    Hello
    Problem is:
    when I give the command like this, it doesn't work!

    sw-arb01(config)# interface 1/1/10-1/1/15
    sw-arb01(config-if-<1/1/10-1/1/15>)# port-access device-profile test_profile
    sw-arb01(config-device-profile)# mode block-until-profile-applied
    Invalid input: mode

    But when i do this:

    sw-arb01(config-if-<1/1/10-1/1/15>)#port-access device-profile mode block-until-profile-applied

    it works.

    But when i connect other devices to the switch, the port goes immediately offline. that's what i want and it doesn't work!!


    I did something else, and I don't know if it's best practice or not ! if it is not please correct me.

    sw-arb01(config)#port-access role FALLBACK
    vlan access 1

    sw-arb01(config-if-<1/1/10-1/1/15>)#port-access fallback-role FALLBACK
    sw-arb01(config-if-<1/1/10-1/1/15>)#port-access device-profile mode block-until-profile-applied

    After these commands it works. Phone move to Vlan 100 and other devices to vlan 1. I don't know if it's best practice or not, but it works.
    if it is not please correct me.

    regards




    ------------------------------
    David
    ------------------------------