Dynamic VLAN / Sticky mac-address

Post Reply
mertensseppe
Member
Posts: 2
Joined: 23 May 2019 07:16

Dynamic VLAN / Sticky mac-address

Post by mertensseppe » 23 May 2019 07:30

Hi all!

I am a student who is doing research around Alcatel switches. I have only experience in Cisco switches so i would love some help.

I am currently doing some research around dynamic vlan and sticky mac-addresses. And I was wondering if you guys could help me.

Within our company network we have wired computers that are in a Vlan together. Now it is intended that only company computers can access this Vlan, all other computers (from visitors or people with less good intentions) should be automatically sent to the guest Vlan.

I was thinking of Dynamic Vlan myself, but I would not know if this is possible. If this were possible, you can provide some information here and put me on my way.

As a second option, which is less appropriate but can serve as a temporary solution, I thought of sticky mac addresses. Is this possible to do and how can I do this easily, so that I do not have to configure each port separately. Can this be done automatically or in one go?

Thanks for your help!
Seppe

silvio
Alcatel Unleashed Certified Guru
Alcatel Unleashed Certified Guru
Posts: 1320
Joined: 01 Jul 2008 10:51
Location: Germany

Re: Dynamic VLAN / Sticky mac-address

Post by silvio » 26 May 2019 05:18

I will start with the second question: With port-security (LPS) feature you can do it. For example you can "convert-to-static" the actual successfull learned mac-address (the good one) to a fix entry at this port. This you can do for all the ports at the same time (port-range).

To allow only your domain computers to access the network you have two ways.
Mac-Addess-Authentication with a central Radius-Server where all your mac-addresses will be stored (f.e. within the AD).
Or (the best way) to use computer certificates. Create for all the good computers a certifate and store them at the computers. Than you have to activate access guardian with 802.1x authentication (the config within the switches is similar to mac-Auth.) against the radius-server (f.e. Windows Network policy server NPS).

For more infos, how to configure etc. look into the guides for the switches.
best regards
Silvio

mertensseppe
Member
Posts: 2
Joined: 23 May 2019 07:16

Re: Dynamic VLAN / Sticky mac-address

Post by mertensseppe » 30 May 2019 04:23

silvio wrote:
26 May 2019 05:18
I will start with the second question: With port-security (LPS) feature you can do it. For example you can "convert-to-static" the actual successfull learned mac-address (the good one) to a fix entry at this port. This you can do for all the ports at the same time (port-range).

To allow only your domain computers to access the network you have two ways.
Mac-Addess-Authentication with a central Radius-Server where all your mac-addresses will be stored (f.e. within the AD).
Or (the best way) to use computer certificates. Create for all the good computers a certifate and store them at the computers. Than you have to activate access guardian with 802.1x authentication (the config within the switches is similar to mac-Auth.) against the radius-server (f.e. Windows Network policy server NPS).

For more infos, how to configure etc. look into the guides for the switches.
best regards
Silvio
Thank you very much you helped me alot!

Post Reply

Return to “OmniSwitch 6450”