12-29-2023 11:39 AM
I saw this article and it appears the commands are in version 10, but they're not found. mac-auth auth-filter is an interface command in the documentation, but there's no documented way to create MAC filters, only ACLs. When you try to enter either, they aren't found.
Is it still possible to somehow create a MAC filter within ICX and dynamically assign to a given VLAN?
12-31-2023 08:28 AM
Hi Matt_236689
Thank you for reaching us.
The post you have referred is from 2019. I suppose those commands only exist on older version like 8030 and below. I suppose they are unrecognized on latest version released.
I did try few random version like 8095 and 9010 and 10.0.10 version in Lab but unable to enter "mac filter" commands. I suppose they are deprecated.
They look similar to MAC ACL's and below are few links you can refer to enable MAC ACL's.
Link to MAC ACL Configuration Notes and Limitations
Link to Configuring and Applying MAC ACLs
Link to YouTube video on RUCKUS ICX - MAC Access Control Lists
I hope the above link helps
Thanks
12-31-2023 08:49 AM
Thanks, Looks like the latest v10 documentation is just copied from older versions since it still references mac filters.
Defining MAC address filters (commscope.com)
mac-authentication auth-filter (commscope.com)
I tried ACLs, but they don't work with assigning dynamic VLANs. Half the commands to do a mac-based dynamic VLAN are there, but the actual filters are not. The MAC ACLs seem to only apply to admitting traffic into the port and are not available for dynamic assignment.
authentication
auth-default-vlan 48
mac-authentication enable
mac-authentication dot1x-disable
mac-authentication enable eth 3/1/7 to 3/1/10
Not sure, but a bummer the flagship switches can't do what I'd think is basic stuff like this.
12-31-2023 09:45 AM - edited 12-31-2023 10:31 AM
Hi Matt_236689
Thank you for reverting back on this post.
You are right on the documentation side. I'll check about the documentation internally. Thank you for pointing about those details mentioned in the document to us.
I suppose you are trying to enable local authentication parameters like local user roles on the switch but I suppose those options are not available. I will need some time to check about this.
I did run through the security guide but don't see a option where your requirement can be met.
Could you give more idea about the what end device you are using and trying to segregate automatically to a specific vlan ?
Thanks
12-31-2023 10:24 AM
Thanks, just trying to have IP cameras go to the correct VLAN for now. Here's the ACL with the MAC ranges for the cameras we use.
mac access-list video-vlan160
permit b8a4.4f00.0000 b8a4.4fff.ffff any
permit accc.0000.0000 accc.ffff.ffff any