Alcatel switches Auto Vlan Assignement

Switch configuration includes many tasks, some of them are just boring and error prone.

Vlan port assignment on access switches, excited huh? There can be many vlans (clients, printers, access-point, security cameras and more) and it may not be easy to plan the assignments before the actual installation.

meme_ava

No my friend! In this installation I was lucky enough to deal with Alcatel switches that have a great feature: auto vlan assignments without the hassle of 802.1x authentication and Radius attributes or mac-auth.

Configuration

How to configure the access ports:

Vlan 999 port default 1/1-8
Vlan port mobile 1/1-8
Vlan port 1/1-8 default vlan restore disable
Vlan port 1/1-8 default vlan enable

Then we define the vlan rules, in my case based on the mac-address ranges (not real mac ranges shown):

vlan 2 mac range 22:22:22:0:0:0 22:22:22:ff:ff:ff
vlan 3 ma range 33:33:33:0:0:0 33:33:33:ff:ff:ff
vlan 4 mac range 44:44:44:0:0:0 44:44:44:ff:ff:ff
vlan 5 mac range 55:55:55:0:0:0 55:55:55:ff:ff:ff

When a client connects to a mobile port and its mac address is in one range its traffic will be assigned to the corresponding VLAN.

If the MAC address is not in any of the ranges client traffic will be assigned to vlan 999.

Trunks?

The installation includes many access points, some of them are configured to local switch the traffic, that means client traffic is not tunneled to the controller but sent tagged on the AP port based on the SSID/VLAN mapping.

Can mobile ports work in this case? Of course they can!

The concept is: if a mobile port receives tagged traffic with a VLAN ID that has mobile-tag enabled, the VLAN is added to the mobile port dynamically and the traffic will be forwarded to the correct VLAN.

Enable mobile tag on a vlan:

vlan 2 mobile-tag enable
vlan 3 mobile-tag enable
vlan 4 mobile-tag enable
vlan 5 mobile-tag enable

The result: an AP is connected to a mobile port of the switch, it matches a mac range so it is assigned to the wireless management VLAN. Client traffic is encapsulated by the AP in 802.1q frames, the mobile port receives the tagged traffic and forwards it like a trunk.

 Wrap-up

An installation that could have been time-consuming and error-prone now with the use of mobile ports becomes dynamic, does not require a detailed low-level design anymore and installers can connect the devices in any port without any intervention by the network administrator.

Vlan rules are just one of the many options that can be used to match client traffic, DHCP, IP, protocol are other options available.

Other vendors may have similar proprietary features, I did it on Alcatel OS6450 family switches, they worked for me.

 
comments powered by Disqus