On a V1910 (JE009A), I'm trying to set up a hybrid port which assigns VLAN IDs to MAC addresses based on the configured RADIUS server's (freeradius, but doesn't matter I think) response.
Example:
- device_1 with MAC = 0000-1111-1111 appears on the port
- the switch sends an auth request to the RADIUS server with username = '000011111111'
- the RADIUS server replies (an Access-Accept) with the proper Tunnel-* attributes which are casually used in dot1x + dynamic VLAN assignment, setting the VLAN ID for this 'user' to 10
- from now on the switch uses VLAN 10 for device_1
- device_2 with MAC = 0000-2222-0000 appears on the same port (say they're behind an unmanaged switch)
- the switch sends an auth request with username = '000022220000'
- the server replies like in step 3, only with a different VLAN ID, say 20
- from now on, device_2's traffic uses VLAN 20, while device_1's traffic still uses VLAN 10 (like in a standard, static hybrid port scenario)
I'm stuck at step 4 & 8: RADIUS replies with an Access-Accept which contains the configured Tunnel-* attributes, but the port/VLAN doesn't change, here's its state:
[switch-GigabitEthernet1/0/32]dis mac-au i g 1/0/32
MAC address authentication is enabled.
User name format is MAC address in lowercase, like xxxxxxxxxxxx
Fixed username:mac
Fixed password:not configured
Offline detect period is 300s
Quiet period is 60s
Server response timeout value is 100s
The max allowed user number is 1024 per slot
Current user number amounts to 2
Current domain is test
Silent MAC User info:
MAC Addr From Port Port Index
GigabitEthernet1/0/32 is link-up
MAC address authentication is enabled
Authenticate success: 0, failed: 0
Max number of on-line users is 256
Current online user number is 2
MAC Addr Authenticate State Auth Index
0000-1111-0000 MAC_AUTHENTICATOR_CONNECT 65
0000-2222-0000 MAC_AUTHENTICATOR_CONNECT 66
Is such a setup technically possible?
#Radius#DynamicVLAN#hybrid#JE009A#v1910