Implementing BYOD-redirect configuration examples

The following examples show how to implement BYOD-redirect for both wired and wireless solutions.

BYOD configuration on a distribution switch

To facilitate the BYOD-redirect function, complete the following tasks on the distribution switch:

  1. Configure DNS and make FQDN solution successful: ip dns server-address priority 1 <DNS-server-IP>.
    NOTE:

    The argument to the URL can be an FQDN or IP address. If you use the IP address as an argument, this step is not necessary.

  2. Configure BYOD web-server URL: portal web-server "byod" url http://imc.com:8080/byod.

  3. Enable BYOD-redirect on a VLAN: vlan 101 portal web-server "byod."

  4. Configure BYOD-redirect free-rules on the on-boarding VLAN 101 to permit client traffic transit through DNS and DHCP servers using the following commands.To permit DNS traffic to/from a DNS server to a client through on-boarding VLAN:

    1. portal free-rule 1 vlan 101 source any udp 0 destination any udp 53

    2. portal free-rule 2 vlan 101 source any udp 53 destination any udp 0

    To permit DHCP traffic to/from DHCP server to client through on-boarding VLAN:

    1. portal free-rule 3 vlan 101 source any udp 68 destination any udp 67

    2. portal free-rule 4 vlan 101 source any udp 67 destination any udp 68

  5. Register device in IMC on the on-boarding VLAN. When registration is successful, client traffic is placed into different VLAN (guest/corporate) configurations.

Client authentication configuration on edge switch

Enable MAC authentication on edge switch port 1-2 using the following commands:

  • # enable mac authentication on ports 1-2
  • aaa port-access mac-based 1-2
  • # configure number of client limits on port 1 and port2
  • aaa port-access mac-based 1 addr-limit 32
  • aaa port-access mac-based 2 addr-limit 32
  • radius-server host <radius ip> dyn-authorization
  • radius-server host <radius ip> time-window 0
Wired and wireless components configured in a network topology

Access Type

Edge Switch

Distribution Switch

Configuration ProcedureNote

Wired Access

Aruba 2530 switch

Aruba 5400 switch

  1. Register the Aruba 2530 switch in Aruba IMC.

  2. Create the configuration on Aruba 2530 switch.

  3. Create the configuration on Aruba 5400 switch.

Wireless Access

   

  1. Make the Aruba MSM controller reachable by Aruba IMC.

  2. Ensure that access points (Aruba 422) are managed by the MSM controller.

  3. Configure MAC or 802.1X authentication on the MSM controller.

  4. Create the configuration on the Aruba 5400 switch.

Wired clients solution

Access Type

Edge Switch

Distribution Switch

Configuration Procedure

Wired Access

Aruba 2530 switch

Aruba 3810M switch

  1. Register the Aruba 2530 switch and Aruba 3810M switch in IMC.

  2. Ensure that both Aruba 2530 switch and Aruba 3810M switch can reach the DHCP and DNS server.

  3. Create the configuration on Aruba 2530 switch.

  4. Create the configuration on Aruba 3810M switch.

Configuration and access for wired clients on an edge switch

Access Type

Edge Switch

Distribution Switch

Configuration Procedure

Wired Access

Aruba 5400R switch

N/A

  1. Register the Aruba 5400R switch in Aruba IMC.

  2. Ensure that the Aruba 5400R switch is reachable by the DHCP and DNS server.

  3. Create the configuration on the Aruba 5400R switch.

  4. Create the following configuration on the Aruba 5400R switch.