Wired

 View Only
last person joined: yesterday 

Expand all | Collapse all

Aurba Local Mac Authentication

This thread has been viewed 15 times
  • 1.  Aurba Local Mac Authentication

    Posted Dec 15, 2021 09:15 AM

    Hope someone can point me in a direction. So, a little background info. This is for voip phones that will have a PCs daisy chained through them. Have been installing this configuration for years using LLDP and a voice vlan where the Mitel Minet IP phones would boot and the LLDP would tell them to tag their packets with the correct vlan. Then depending on the layout of the network I would untagged certain ports to force them in the voice or default data vlan.

    We have added a hosted ip solution that uses snom sip phones to our inventory of products. I have discovered they do not boot like the minet  IP phones. They will come up 1st with a dhcp request and grab an IP on the data subnet causing it to eat up an IP until the lease expires, then in about a minute it will reboot and come up on the correct voice vlan.

    I have configured Local Mac Authentication and it will put both the Minet IP and the snom sip phone into the correct vlan. But it appears that if I set a port to be only data or voice vlan to connect my uplink to my home router. It does not allow the phones to get an IP address. if I set a port to just be untagged for the phone subnet and plug either of the phones into it will grab an ip and work. when connected to any ports I check the active vlan on it and it shows that it is in the correct vlan just will not pass through to the uplink port that is set as phone only.

    See my config below. Basically, I need the ports to move the devices into the correct vlans before they do a dhcp request and where I can set a port as untagged only to a single vlan allowing traffic from the other ports to access that port and remove their tag. Some sites the router will not support vlan tagging on their sub interfaces and in the past we have had to set up two uplinks from the switch to handle the dhcp and internet for the separate vlans.

    Thank you anyone that takes the time to read this.

     

    ; J9779A Configuration Editor; Created on release #YB.16.11.0002

    ; Ver #14:41.44.00.04.19.02.13.98.82.34.61.18.28.c3.84.9c.63.ff.37.27:35

    hostname "HP-2530-24-PoEP"

    snmp-server community "public" unrestricted

    aaa port-access local-mac profile "Phone"

       vlan tagged 10

       exit

    aaa port-access local-mac apply profile "Phone" mac-oui 000413

    aaa port-access local-mac apply profile "Phone" mac-oui 08000f

    aaa port-access local-mac 3-24

    aaa port-access local-mac 1 addr-limit 2

    aaa port-access local-mac 3 unauth-vid 1

    aaa port-access local-mac 4 unauth-vid 1

    aaa port-access local-mac 5 unauth-vid 1

    aaa port-access local-mac 6 unauth-vid 1

    aaa port-access local-mac 7 unauth-vid 1

    aaa port-access local-mac 8 unauth-vid 1

    aaa port-access local-mac 9 unauth-vid 1

    aaa port-access local-mac 10 unauth-vid 1

    aaa port-access local-mac 11 unauth-vid 1

    aaa port-access local-mac 12 unauth-vid 1

    aaa port-access local-mac 13 unauth-vid 1

    aaa port-access local-mac 14 unauth-vid 1

    aaa port-access local-mac 15 unauth-vid 1

    aaa port-access local-mac 16 unauth-vid 1

    aaa port-access local-mac 17 unauth-vid 1

    aaa port-access local-mac 18 unauth-vid 1

    aaa port-access local-mac 19 unauth-vid 1

    aaa port-access local-mac 20 unauth-vid 1

    aaa port-access local-mac 21 unauth-vid 1

    aaa port-access local-mac 22 unauth-vid 1

    aaa port-access local-mac 23 unauth-vid 1

    aaa port-access local-mac 24 unauth-vid 1

    aaa port-access 1 mixed

    vlan 1

       name "DEFAULT_VLAN"

       no untagged 1,25

       untagged 2-24,26-28

       ip address xxx.xxx.xxx.xxx 255.255.255.0

       exit

    vlan 10

       name "phones"

       untagged 1,25

       tagged 3-24

       no ip address

       exit



    ------------------------------
    Henry Lubiak
    ------------------------------


  • 2.  RE: Aurba Local Mac Authentication

    EMPLOYEE
    Posted Dec 16, 2021 07:52 AM
    Hi,

    According to the SNOM docs it should support LLDP-MED. So in that case you could add voice to vlan 10.


    =======
    vlan 10

     name voice

     voice

    exit
    ======

    you can skip local-mac auth or you could  mix LLDP-MED  with local-mac auth by adding:

    aaa port-access use-lldp-data