[f-nsp] Brocade ICX6450, mac-auth and wake on lan

Du Feu, Richard r.dufeu at lancaster.ac.uk
Fri Jun 6 10:19:15 EDT 2014


Quick update here - it appears as if setting the default-vlan-id to be 3 puts all the mac-auth'ed ports onto vlan 3 until they see a mac address.  As a result we can make WOL work how we want.

Regards,

Richard

From: foundry-nsp [mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of Du Feu, Richard
Sent: 06 June 2014 13:09
To: foundry-nsp at puck.nether.net
Subject: [f-nsp] Brocade ICX6450, mac-auth and wake on lan

Hi,

We're currently evaluating a Brocade ICX6450 for various things and have hit a bit of a stumbling block.  We are doing mac-authentication via radius so have the unit configured as follows:

vlan 2 name office by port
tagged ethe 1/1/24
 mac-vlan-permit ethe 1/1/2 to 1/1/23
!
vlan 3 name unval by port
tagged ethe 1/1/24
 mac-vlan-permit ethe 1/1/2 to 1/1/23
!
vlan 4 name voip by port
tagged ethe 1/1/24
 mac-vlan-permit ethe 1/1/2 to 1/1/23
!
vlan 5 name fallback by port
tagged ethe 1/1/24
 mac-vlan-permit ethe 1/1/2 to 1/1/23

mac-authentication enable
mac-authentication mac-vlan-dyn-activation
mac-authentication auth-fail-vlan-id 5

interface ethernet 1/1/2
mac-authentication mac-vlan max-mac-entries 16
mac-authentication mac-vlan enable
mac-authentication auth-fail-action restrict-vlan
inline power
voice-vlan 4

Everything works fine and as we would expect.  The problem we have and can't find a solution to is how to make a client without a mac entry (and therefore no port authentication) appear on a default vlan.   We need them on a vlan so we can send a wake on lan request to sleeping clients.

With HPs and Junipers we just add the vlan we want them to be on by default as untagged to all edge ports which just works.  As soon as they send a packet the client authenticates and when we send a WOL request to the default vlan they wake up.  With the brocades when I try to add a vlan to a port I get the following error message:

SSH at brocade-test(config-vlan-3)#untagged ethernet 1/1/2
Error - command not allowed for 'mac-vlan-permit' port: 1/1/2
SSH at brocade-test(config-vlan-3)#

I've had a good read through the documentation and it hasn't helped so I'm wondering if anyone on this list has found a solution to this problem.

Regards,

Richard du Feu
Network Support
Information Systems Services
Lancaster University

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20140606/574cd124/attachment.html>


More information about the foundry-nsp mailing list