Hi,
We're currently evaluating a Brocade ICX6450 for various things and have hit a bit of a stumbling block. We are doing mac-authentication via radius so have the unit configured as follows:
vlan 2 name office by port
tagged ethe 1/1/24
mac-vlan-permit ethe 1/1/2 to 1/1/23
!
vlan 3 name unval by port
tagged ethe 1/1/24
mac-vlan-permit ethe 1/1/2 to 1/1/23
!
vlan 4 name voip by port
tagged ethe 1/1/24
mac-vlan-permit ethe 1/1/2 to 1/1/23
!
vlan 5 name fallback by port
tagged ethe 1/1/24
mac-vlan-permit ethe 1/1/2 to 1/1/23
mac-authentication enable
mac-authentication mac-vlan-dyn-activation
mac-authentication auth-fail-vlan-id 5
interface ethernet 1/1/2
mac-authentication mac-vlan max-mac-entries 16
mac-authentication mac-vlan enable
mac-authentication auth-fail-action restrict-vlan
inline power
voice-vlan 4
Everything works fine and as we would expect. The problem we have and can't find a solution to is how to make a client without a mac entry (and therefore no port authentication) appear on a default vlan. We need them on a vlan so we can send a wake on lan request to sleeping clients.
With HPs and Junipers we just add the vlan we want them to be on by default as untagged to all edge ports which just works. As soon as they send a packet the client authenticates and when we send a WOL request to the default vlan they wake up. With the brocades when I try to add a vlan to a port I get the following error message:
SSH@brocade-test(config-vlan-3)#untagged ethernet 1/1/2
Error - command not allowed for 'mac-vlan-permit' port: 1/1/2
SSH@brocade-test(config-vlan-3)#
I've had a good read through the documentation and it hasn't helped so I'm wondering if anyone on this list has found a solution to this problem.
Regards,
Richard du Feu
Network Support
Information Systems Services
Lancaster University
We're currently evaluating a Brocade ICX6450 for various things and have hit a bit of a stumbling block. We are doing mac-authentication via radius so have the unit configured as follows:
vlan 2 name office by port
tagged ethe 1/1/24
mac-vlan-permit ethe 1/1/2 to 1/1/23
!
vlan 3 name unval by port
tagged ethe 1/1/24
mac-vlan-permit ethe 1/1/2 to 1/1/23
!
vlan 4 name voip by port
tagged ethe 1/1/24
mac-vlan-permit ethe 1/1/2 to 1/1/23
!
vlan 5 name fallback by port
tagged ethe 1/1/24
mac-vlan-permit ethe 1/1/2 to 1/1/23
mac-authentication enable
mac-authentication mac-vlan-dyn-activation
mac-authentication auth-fail-vlan-id 5
interface ethernet 1/1/2
mac-authentication mac-vlan max-mac-entries 16
mac-authentication mac-vlan enable
mac-authentication auth-fail-action restrict-vlan
inline power
voice-vlan 4
Everything works fine and as we would expect. The problem we have and can't find a solution to is how to make a client without a mac entry (and therefore no port authentication) appear on a default vlan. We need them on a vlan so we can send a wake on lan request to sleeping clients.
With HPs and Junipers we just add the vlan we want them to be on by default as untagged to all edge ports which just works. As soon as they send a packet the client authenticates and when we send a WOL request to the default vlan they wake up. With the brocades when I try to add a vlan to a port I get the following error message:
SSH@brocade-test(config-vlan-3)#untagged ethernet 1/1/2
Error - command not allowed for 'mac-vlan-permit' port: 1/1/2
SSH@brocade-test(config-vlan-3)#
I've had a good read through the documentation and it hasn't helped so I'm wondering if anyone on this list has found a solution to this problem.
Regards,
Richard du Feu
Network Support
Information Systems Services
Lancaster University