Ethernet Switches & Routers

Reply
Occasional Contributor
Posts: 11
Registered: ‎09-16-2016

How to do mac-auth dynamic vlans on 7250 running 08.0.30hT211 software?

I can get this 7250 to send a RADIUS request, and my server sends an access-accept (I checked by TCPdumping), however the Brocade switch doesn't put the device in the correct vlan. The config it totally different from other Brocade switches I've used.

 

Instead of being able to do mac-authentication enable from the system config view, I have do it under the 'authentication' menu.

 

And neither under the `authentication` menu nor under the `interface` view is there a command `mac-authentication enable-dynamic-vlan`. It doesn't autocomplete and it doesn't show up in the running-config.

 

Here is the config I've tried:

SSH@1111Rusk14_1#show running-config
Current configuration:
!
ver 08.0.30hT211
!
stack unit 1
  module 1 icx7250-24-port-management-module
  module 2 icx7250-sfp-plus-8port-80g-module
!
!
!
!
vlan 1 name DEFAULT-VLAN by port
!
vlan 2 by port
!
vlan-group 1 vlan 100 to 299
 tagged ethe 1/1/1 ethe 1/2/1 to 1/2/8
 no spanning-tree
!
vlan-group 2 vlan 300 to 499
 tagged ethe 1/1/1 ethe 1/2/1 to 1/2/8
 no spanning-tree
!
!
!
!
authentication
 auth-default-vlan 2
 mac-authentication enable
 mac-authentication enable ethe 1/1/1
 mac-authentication password-format xx-xx-xx-xx-xx-xx upper-case
 mac-authentication dot1x-override
!
system-max vlan 500
!
!
aaa authentication web-server default radius local
aaa authentication dot1x default radius
aaa authentication login default local
chassis name blahblah
enable telnet authentication
enable super-user-password .....
enable port-config-password .....
enable read-only-password .....
enable aaa console
hostname blahblah
ip address 10.10.0.141 255.255.240.0
no ip dhcp-client enable
ip default-gateway 10.10.0.1
!
username admin password .....
radius-server host 10.10.0.1 auth-port 1812 acct-port 1813 authentication-only key 2 $bzhRJygrLTlCMoRe5ge8zVAQCdvKw== dot1x
snmp-server contact blahblah
snmp-server location blahblah
!
!
interface ethernet 1/1/1
 speed-duplex 1000-full
!
interface ethernet 1/2/1
 dual-mode
!
interface ethernet 1/2/2
 dual-mode
 speed-duplex 1000-full
!
interface ethernet 1/2/3
 dual-mode
!
interface ethernet 1/2/4
 dual-mode
 speed-duplex 1000-full
!
interface ethernet 1/2/5
 dual-mode
 speed-duplex 1000-full
!
interface ethernet 1/2/6
 dual-mode
 speed-duplex 1000-full
!
interface ethernet 1/2/7
 dual-mode
 speed-duplex 1000-full
!
interface ethernet 1/2/8
 dual-mode
 speed-duplex 1000-full
!
!
!
!
lldp run
!
!
!
!
end

 

-gns

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook