Hi Matt,
Ok, let me introduce you to Access Guardian 2.0 ...
The good news:
- You can use port ranges
- You can write templates
- You can have port groups talk to different radius servers
- much more that doesn't fit here ..
The bad:
- You'll need to adapt to a new CLI (that imho is better)
I encourage you to test this on a lab-switch before going in production as I don't have a OS6860 running right now ...
Select your edge ports (your list):
Code: Select all
AOS_R8-> unp port 2/1/40-48 port-type edge
(Setting the port-type
edge sets it role to something that could be authenticated.)
Create an edge-template, you can set many more options there - just have a look through them, very powerful:
Code: Select all
AOS_R8-> unp edge-template "mobility-template"
AOS_R8-> unp edge-template "mobility-template" classification enable
AOS_R8-> unp port 2/1/40-48 edge-template "mobility-template"
Create two edge-profiles (you can choose any name, I just use your VLANs since I don't know your use for them):
Code: Select all
AOS_R8-> unp edge-profile "vlan-1050"
AOS_R8-> unp edge-profile "vlan-1053"
AOS_R8-> unp vlan-mapping edge-profile "vlan-1050" vlan 1050
AOS_R8-> unp vlan-mapping edge-profile "vlan-1053" vlan 1053
(Note that you could also attach "qos-policy-list" to edge-profiles, delivering ACL and QOS capabilities)
Create your classification rules for MAC addresses and bind them to your edge-profile:
Code: Select all
AOS_R8-> unp classification mac-address-range 00:10:49:00:00:00 00:10:49:ff:ff:ff edge-profile vlan-1050
AOS_R8-> unp classification mac-address-range 18:64:72:00:00:00 18:64:72:ff:ff:ff edge-profile vlan-1053
I'm planning to do some before & after configuration comparing AOS R6 to R7/R8, but I'm lacking the time to do that ..
Hope that helps, let me know if you have questions Matt.
B