Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
864
Views
0
Helpful
6
Replies

CBS350 - MAC based VLAN Group assignment doesn't work

magnum77
Level 1
Level 1

‎01-30-2022 09:18 AM

Hello,

 

I have created several VLANs with my new cbs350 without problems. I configured what port belongs to what VLAN.

Now I want to define also MAC based VLAN groups. 

So for example if I connect a device with MAC-address X it is connected to VLAN 1 and another device with MAC-address Y to VLAN 2.

But unfortunately the device is only attached to the VLAN defined for the port.

 

Do I have to change other settings? I tried to set the port to VLAN none and thought the MAC-based grouping rule will do the job but that didn't work either.

 

Does anyone knows how to configure it?

 

Thanks in advance.

Labels:
0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎01-30-2022 12:24 PM

What kind of 802.1x infrastructure do you have, ISE ? or ACS ?

 

check the config below :

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/csbms/CBS_250_350/CLI/cbs-350-cli-/802_1X_Commands.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

magnum77
Level 1
Level 1

‎01-31-2022 08:10 AM

I use the switch in my private home so I don't have any ISE or ACS.

I configured the device with the web interface - not CLI.

0 Helpful

magnum77
Level 1
Level 1

‎02-06-2022 01:32 AM

Hi,

I configured and tested it several times now but without success. The relevant lines in the config file looks like the following (maybe easier to interpret for you instead of screenshots). I replaced my mac address with XX.

map mac XX:XX:XX:XX:XX:XX 48 macs-group v20

interface GigabitEthernet1
bridge multicast unregistered filtering
switchport access vlan 10
switchport general map macs-group v20 vlan 20

Any idea why it doesn't work?

0 Helpful

jimstewart77
Level 1
Level 1
In response to magnum77

‎02-06-2022 10:00 AM

I am also struggling (my post is currently a few up).  Mine is switching ok but I have DHCP servers on each vlan and I am getting no DHCP on the general ports when they route through to vlan 400

 

In your case I believe the starting issue is that you should be using a General port not Access port.  Mine looks like this:

 

interface GigabitEthernet5
switchport mode general
switchport general allowed vlan add 400 tagged
switchport general allowed vlan add 100 untagged
switchport general map macs-group 1 vlan 400

0 Helpful

magnum77
Level 1
Level 1

‎02-07-2022 08:11 AM - edited ‎02-07-2022 08:13 AM

Thanks for the reply. You're right, I got the same hint from another forum meanwhile to use general port instead of access port.

In the Web UI this is not clear but in the configuration file it will become more clear.

For me it works now as wanted with the lines below. For default all devices at this port become VLAN 10 members except members of mac group 1, they will become members of VLAN 20. My devices get an DHCP address for both cases. 

 

interface GigabitEthernet5
switchport mode general
switchport general allowed vlan add 10,20 untagged
switchport general map macs-group 1 vlan 20
switchport general pvid 10

0 Helpful

jimstewart77
Level 1
Level 1
In response to magnum77

‎02-07-2022 08:16 AM

Yup, your doing the same as me with the same results (I found my problem was that I needed both VLANs as untagged which I didn't realise was possible until I noticed I had accidentally done it on another port).  With the exception of vlan numbers yours is the same as I ended up with in my other thread.

0 Helpful
Customers Also Viewed These Support Documents