Wired

 View Only
last person joined: 8 hours ago 

Back to discussions
Expand all | Collapse all

The local-mac vlan association

This thread has been viewed 10 times

  • 1.  The local-mac vlan association

    Posted 6 days ago

    I have a routine setup of a PC daisy chained to an Alcatel IP phone plugged into the 2540 port.

     I am using the local-mac groups and profiles to assign different types of devices to particular vlans; 113 for data (PC) and 172 for phones, as follows:

    aaa port-access local-mac mac-group "phones-mac-group"
       mac-oui 00809f
       exit
    aaa port-access local-mac profile "phones-profile"
       vlan tagged 172
       exit

    aaa port-access local-mac apply profile "phones-profile" mac-group "phones-mac-group"

    aaa port-access local-mac 1-24

    The vlan 113 is a default (untagged) on all 1-24 ports.

    The problem is that the PC behind the phone is not passing any traffic at all, even it's MAC is not visible from the switch; I was trying both "vlan tagged 172" and the "vlan untagged 172" as well as 172 voice and no voice - with no results.

    What am I missing here?

    Thanks!



  • 2.  RE: The local-mac vlan association
    Best Answer

    MVP GURU
    Posted 6 days ago

    Do you have a client-limit set higher than 1? "aaa port-access authenticator <port/ports> client limit <limit>"



    ------------------------------
    Dustin Burns

    Lead Mobility Engineer @Worldcom Exchange, Inc.

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022-2023
    If my post was useful accept solution and/or give kudos
    ------------------------------

    Original Message


  • 3.  RE: The local-mac vlan association

    Posted 5 days ago

    Hi Dustin,

    Thanks a lot for the tip; I didn't even know that there were clients limit settings..))

    Unfortunately it didn't work out; when checking 

    show port-access local-mac clients
    the response is:
     Port  MAC Address       IP Address         Client Status
     ----- ----------------- ------------------ ----------------------
     7     00809f-7526e6     n/a                authenticated   <-- IP phone
     7     b083fe-950d6f     n/a                rejected no vlan  <-- PC
    The idea was to assign all phones to VLAN 172 while all other hosts are on default VLAN 113 including the ones that are plugged into phones.
    Here is my config:
    ==========================
    vlan 113
       name "CenterSprings-ports"
       untagged 1-28
       ip address 10.64.13.2 255.255.255.0
       ip helper-address 10.6.66.252
       exit
     
    aaa port-access local-mac mac-group "phones-mac-group"
       mac-oui 00809f
       exit
     
    aaa port-access local-mac profile "phones-profile"
       vlan <un>tagged 172
       exit
     
    aaa port-access local-mac apply profile "phones-profile" mac-group
     "phones-mac-group"
     
    aaa port-access authenticator 1-24 client-limit 10
     
    aaa port-access local-mac 1-24 addr-limit 10

    =========================

    Any ideas what's not right?

    Thanks a lot!

    Mike S


    Original Message


  • 4.  RE: The local-mac vlan association

    MVP GURU
    Posted 5 days ago

    See if this post helps you: Wired 802.1x phone and PC



    ------------------------------
    Dustin Burns

    Lead Mobility Engineer @Worldcom Exchange, Inc.

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022-2023
    If my post was useful accept solution and/or give kudos
    ------------------------------

    Original Message


  • 5.  RE: The local-mac vlan association

    Posted 3 days ago

    Thanks a lot for your suggestion but this is not the solution I am looking for.

    The good news is that I managed to make it work exactly as intended: known MAC's are going to predefined VLAN's while the rest of the devices are placed into a default VLAN.

    Thanks again for your help; your post made me look in the right direction..))


    Original Message