Ethernet Switches & Routers

Reply
Contributor
Posts: 24
Registered: ‎03-28-2014

Re: Foundry FastIron GS648P

System Parameters Default Maximum Current
igmp-max-group-addr 8192 32768 8192
ip-filter-sys 1021 1021 1021
l3-vlan 32 1024 32
mac 16384 16384 16384
vlan 64 4095 64
spanning-tree 32 255 32
mac-filter-port 32 256 32
mac-filter-sys 64 512 64
view 10 65535 10
rmon-entries 6144 32768 6144
mld-max-group-addr 8192 32768 8192
igmp-snoop-mcache 4096 8192 4096
mld-snoop-mcache 4096 8192 4096

 

This is my ouput

Frequent Contributor
Posts: 144
Registered: ‎11-07-2013

Re: Foundry FastIron GS648P

Ok, that is the default setting for the VLAN's - you can have up to 63 (plus the default) VLAN's, do you have that many configureed?  Also did you check if you are using MAC Auth?  

 

Thanks

Michael.

Thanks
Michael
Contributor
Posts: 24
Registered: ‎03-28-2014

Re: Foundry FastIron GS648P

I verified that MAC auth does not exist. 

 

The VLANs configured are as follwos: 3,16,555,854

 

Let me remind you that according to the last test I was able to authenticate two users from the same VLAN (3) but I cannot authenticate a third one in VLAN 16, for example. Is there any way of doing that? (To be honest, I cannot achieve that neither by my Cisco switches)...

 

Thanks

 

Stoimen

Highlighted
Frequent Contributor
Posts: 144
Registered: ‎11-07-2013

Re: Foundry FastIron GS648P

Hi Stoimen,

   So the first client to get a successful Auth from RADIUS will set the dynamic VLAN, if another client then connects and RADIUS says pleace in another VLAN then it will fail the Auth for the second client (This is what you are seeing).

 

Below is from the manual where I found this.

 

The PVID for a port Stoimencan be changed only once through RADIUS authentication. For example, if RADIUS
authentication for a Client causes a port’s PVID to be changed from 1 to 10, and then RADIUS authentication for
another Client on the same port specifies that the port’s PVID be moved to 20, then the second PVID assignment
from the RADIUS server is ignored.

 

If the port is already a member of a RADIUS-specified VLAN, and the RADIUS Access-Accept message
specifies the name or ID of a different VLAN, then it is considered an authentication failure. The port’s VLAN
membership is not changed.

 

So No, there is not a way of doing what you are tring to do as such, you would need to move dot1x out to the very edge so each port only carries the same VLAN.

 

Thanks

Michael.

Thanks
Michael
Contributor
Posts: 24
Registered: ‎03-28-2014

Re: Foundry FastIron GS648P

Thanks Michael,

 

Can you upload the configuration manual you have been loking at as i was not able to find this one?

 

I just thought that there might be some wayout of this situation...

 

Thanks

 

Stoimen

Contributor
Posts: 24
Registered: ‎03-28-2014

Re: Foundry FastIron GS648P

Hello, again

 

Now I experience another problem with this switch.

I have an IP phone Yealink T19P which supports only LLDP protocol (no CDP)

 

I attach a PC to it in roder to get the follwoing configuration: Network --> Foundry FastIron --> Yealink (Phone) --> PC

 

I nterms of configuration I do the follwoing:

vlan 3 - DATA

tagged eth 1/1/3

 

vlan 10 - VOICE

tagged eth 1/1/3

 

int eth 1/1/3

dual-mode 3 (In order to make vlan 3 the untagged VLAN)

 

I start the LLDP service: lldp run

LLDP is enabled by default on the phone (this has been confirmed)

 

Then I apply the following commands on the switch in order to forcely put the phone in VLAN VOICE:

 

lldp med network-policy application voice tagged vlan 854 priority 7 dscp 48 ports ethe 1/1/1 to 1/1/48 ethe 1/2/1 to 1/2/2
lldp advertise vlan-name vlan 854 ports ethe 1/1/1 to 1/1/48 ethe 1/2/1 to 1/2/2

 

It was working fine a week ago. However, at present the phone is not put automatically in the proper VLAN and goes directly in the DATA one...

 

Where do I go wrong?

 

Thank you

 

Stoimen Hristov

 

Frequent Contributor
Posts: 144
Registered: ‎11-07-2013

Re: Foundry FastIron GS648P

Here it is mate.

Thanks
Michael

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.