Automativ VLAN port assignment with MACMon

[dtdamen]

Hi guys,
we´re using MacMon as Radius server for automatic vlan assignment (MAC-based) on our HP system.
Now I´d like to use this in our new Alcatel LAN enviroment as well.
Can someone please tell me the 802.1x commands on an Alcatel switch?

Thanks in advance
Thomas

[Cristek]

You can find detailed information and examples from ALE in the Network Configuration Guide in section 35 (Access Guardian) but something like this might get you started in the right direction:

Code: Select all

aaa radius-server 'MACMON' host 1.2.3.4 key xxxxxxxx
aaa device-authentication mac 'MACMON'

unp profile 'ACCOUNTS'
unp profile 'ACCOUNTS' map vlan 10
unp profile 'ENGINEERING'
unp profile 'ENGINEERING' map vlan 20
unp profile 'VOIP'
unp profile 'VOIP' map vlan 30

unp port-template 'TEMPLATE' mac-authentication
unp port 1/1/1-24 port-type bridge
unp port 1/1/1-24 port-template 'TEMPLATE'

This setup gives you 3 vlans, and based on the returned value from MACMON, the relevant MAC gets assigned into either of the 3.
The filter-id MACMON returns must match the unp profile name like-for-like.
Also, there's loads of cavebeats you can add to this, such as redundancy and failover scenarios, and you'll have some additional examples both in the manual and here in the forums if you search for similar AG or 802.1x examples.

[silvio]

Hi Thomas,
I have often seen that the technicans from MACmon prefere to use MAC-based authentication by changing the vlan config in the switch via snmp. This is not possible at UNP-ports. 802.1x like explained is the best way. If you still need MAC-based than you need MAC-authentication against MACmon. This is possible there - but often the MACmon technicans don't know...
BR Silvio