Switch configuration includes many tasks, some of them are just boring and error prone.
Vlan port assignment on access switches, excited huh? There can be many vlans (clients, printers, access-point, security cameras and more) and it may not be easy to plan the assignments before the actual installation.
No my friend! In this installation I was lucky enough to deal with Alcatel switches that have a great feature: auto vlan assignments without the hassle of 802.1x authentication and Radius attributes or mac-auth.
How to configure the access ports:
Vlan 999 port default 1/1-8 Vlan port mobile 1/1-8 Vlan port 1/1-8 default vlan restore disable Vlan port 1/1-8 default vlan enable
Then we define the vlan rules, in my case based on the mac-address ranges (not real mac ranges shown):
vlan 2 mac range 22:22:22:0:0:0 22:22:22:ff:ff:ff vlan 3 ma range 33:33:33:0:0:0 33:33:33:ff:ff:ff vlan 4 mac range 44:44:44:0:0:0 44:44:44:ff:ff:ff vlan 5 mac range 55:55:55:0:0:0 55:55:55:ff:ff:ff
When a client connects to a mobile port and its mac address is in one range its traffic will be assigned to the corresponding VLAN.
If the MAC address is not in any of the ranges client traffic will be assigned to vlan 999.
The installation includes many access points, some of them are configured to local switch the traffic, that means client traffic is not tunneled to the controller but sent tagged on the AP port based on the SSID/VLAN mapping.
Can mobile ports work in this case? Of course they can!
The concept is: if a mobile port receives tagged traffic with a VLAN ID that has mobile-tag enabled, the VLAN is added to the mobile port dynamically and the traffic will be forwarded to the correct VLAN.
Enable mobile tag on a vlan:
vlan 2 mobile-tag enable vlan 3 mobile-tag enable vlan 4 mobile-tag enable vlan 5 mobile-tag enable
The result: an AP is connected to a mobile port of the switch, it matches a mac range so it is assigned to the wireless management VLAN. Client traffic is encapsulated by the AP in 802.1q frames, the mobile port receives the tagged traffic and forwards it like a trunk.
An installation that could have been time-consuming and error-prone now with the use of mobile ports becomes dynamic, does not require a detailed low-level design anymore and installers can connect the devices in any port without any intervention by the network administrator.
Vlan rules are just one of the many options that can be used to match client traffic, DHCP, IP, protocol are other options available.
Other vendors may have similar proprietary features, I did it on Alcatel OS6450 family switches, they worked for me.comments powered by Disqus