802.1x: MAB / VLAN-Assignment / MAC-Based
I want to use IEEE 802.1x (and RADIUS) with these components:
- dot1x vlan-assignment
- dot1x mab
- dot1x port-method mac-based
This doesn't seems to work, meanwhile this combination is not explicitly forbidden by any document.
The only thing a found was under 'dot1x vlan-assignment':
add the authenticated port to the VLAN and change the PVID based on the assigned VLAN
Any hints?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Andone ,what a pity!
I hopped this could work because of the 'mac-vlan' commands which do just the same with a local database instead the use of RADIUS.
So technically it should be possible in my constellation, too!?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
MAB works as Port-Based, yes. As MAB will not work with Guest vlan, it is also a bad solution. Use one more managed switches :)
I feel other vendors, like D-Link, have 'mac_based_access_control' feature both local and RADIUS, which will suit you.
- Copy Link
- Report Inappropriate Content
@Andone, surely, it would.
But we're talking about a professional environment with hundreds of MACs and changes every day, so a local database (as i.e. 'mac-vlan mac-address 00:11:11:01:01:12 vlan 2' is) would be impossible to handle. Also, I would guess, there is (implicit?) limit in configuration lines which would limit the entries in the database, also.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Mitya, thank you very much.
Do other vendors offer my required combination of features on edge switches completely?
BTW: Guest VLAN is implicitly possible, too. I made my RADIUS offer this special VLAN id in case of unknown clients. ;-)
- Copy Link
- Report Inappropriate Content
@PeterS I know, that D-Link's mac-based-access-control is the same, as theoretically "MAB for MAC-Based", not MAC for Port-Based only. I had a client, which wanted to change dlink with tplink, but tplink didn't support it. Probably, other vendors also have MAB for MAC-Based, need to check deeper.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2399
Replies: 8
Voters 0
No one has voted for it yet.