Configuration example 1

Procedure
In this example, PCs are connected to a meeting room 2615 switch series, which is connected to a 38xx switch series where local MAC authentication occurs. In addition:
  1. Authentication of the 2615, example MAC is 00:10:80:* belongs to VLAN 15 tagged (management traffic)
  2. The corporate PC MAC is: 002622bba7ac, and belongs to VLAN 2 (Notebook of network administrator)
  3. The rest of the corporate PC Series MACs are : 002622bb* and 00:26:22:bc:*, and belong to VLAN 3
  4. The guest PC is an unknown MAC, and belongs to Guest VLAN 99
  5. The corporate IP phones, is MAC: 00:80:11:*, and belongs to VLAN 5 tagged
  6. The WLAN AP MAC is : 00:80:12:*, and belongs to VLAN 10 untagged, 12-14 tagged (10 management, 12-14 SSIDs with local break-out)

For further authentication of any OUIs, predefined in SwitchOS, group default is not allowed.

  • Create 5 LMA profiles

  • There is no need to create profiles for Guest PCs as you don’t know the MACs. Configure unauth-vid (explained in step 3 below) so that such a client fails the authentication and is put into guest VLAN.

  • 
    aaa port-access local-mac profile “corp-switch-prof” vlan tagged 15
    
    (for 2615 switches)
  • 
    aaa port-access local-mac profile “corp-pc-prof” vlan untagged 2
    
    (for corporate PCs)
  • 
    aaa port-access local-mac profile “rest-pc-prof” vlan untagged 3
    
    (for the rest of corporate PCs)
  • 
    aaa port-access local-mac profile “corp-phone-prof” vlan tagged 5
    
    (for corporate ip phones)
  • 
    aaa port-access local-mac profile “wlan-ap-prof” vlan untagged 10 tagged 12-14
    
    (for WLAN APs)
  • Associate MACs to these profiles
    
    aaa port-ac local-mac apply profile corp-switch-prof mac-oui 001080
    
    
    aaa port-ac local-mac apply profile corp-pc-prof mac-addr 002622bba7ac
    
    
    aaa port-ac local-mac apply profile rest-pc-prof mac-mask 002622bb/32 mac-mask 002622bc/32
    
    
    aaa port-ac local-mac apply profile corp-phone-prof mac-oui 008011
    
    
    aaa port-ac local-mac apply profile “wlan-ap-prof” mac-oui 008012
    
  • Configure guest VLAN
    
    aaa port-ac local-mac <ports> unauth-vid 99
    
  • Enable LMA on ports
    
    aaa port-ac local-mac <ports>