cancel
Showing results for 
Search instead for 
Did you mean: 

ICX MAC auth for Dynamic VLAN without RADIUS

matt_236689
New Contributor III

I saw this article and it appears the commands are in version 10, but they're not found.   mac-auth auth-filter is an interface command in the documentation, but there's no documented way to create MAC filters, only ACLs.  When you try to enter either, they aren't found.

Is it still possible to somehow create a MAC filter within ICX and dynamically assign to a given VLAN?

RUCKUS Forums - ICX MAC based dynamic vlan assignment without radi... - CommScope RUCKUS Community F...

5 REPLIES 5

Chandini
RUCKUS Team Member

Hi Matt_236689

Thank you for reaching us.

The post you have referred is from 2019. I suppose those commands only exist on older version like 8030 and below. I suppose they are unrecognized on latest version released.

I did try few random version like 8095 and 9010 and 10.0.10 version in Lab but unable to enter "mac filter" commands. I suppose they are deprecated. 

They look similar to MAC ACL's and below are few links you can refer to enable MAC ACL's.

Link to MAC ACL Configuration Notes and Limitations

Link to Configuring and Applying MAC ACLs

Link to YouTube video on RUCKUS ICX - MAC Access Control Lists

I hope the above link helps

Thanks 

matt_236689
New Contributor III

Thanks, Looks like the latest v10 documentation is just copied from older versions since it still references mac filters.  

Defining MAC address filters (commscope.com)
mac-authentication auth-filter (commscope.com)

I tried ACLs, but they don't work with assigning dynamic VLANs.  Half the commands to do a mac-based dynamic VLAN are there, but the actual filters are not.  The MAC ACLs seem to only apply to admitting traffic into the port and are not available for dynamic assignment.

authentication
auth-default-vlan 48
mac-authentication enable
mac-authentication dot1x-disable
mac-authentication enable eth 3/1/7 to 3/1/10

Not sure, but a bummer the flagship switches can't do what I'd think is basic stuff like this.

 

Chandini
RUCKUS Team Member

Hi Matt_236689

Thank you for reverting back on this post. 

You are right on the documentation side. I'll check about the documentation internally. Thank you for pointing about those details mentioned in the document to us.

I suppose you are trying to enable local authentication parameters like local user roles on the switch but I suppose those options are not available. I will need some time to check about this. 

I did run through the security guide but don't see a option where your requirement can be met. 

Could you give more idea about the what end device you are using and trying to segregate automatically to a specific vlan ?

Thanks 

matt_236689
New Contributor III

Thanks, just trying to have IP cameras go to the correct VLAN for now.  Here's the ACL with the MAC ranges for the cameras we use.

mac access-list video-vlan160
permit b8a4.4f00.0000 b8a4.4fff.ffff any
permit accc.0000.0000 accc.ffff.ffff any