RADIUS and dot1x configurations can assign VLANs based on the MAC addresses. One sample example configuration is shown below (static MAC configuration, but this should ideally be done by a RADIUS NAC).
jcluser@vqfx-re# show interfaces xe-0/0/2
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members default;
}
}
}
{master:0}[edit]
jcluser@vqfx-re# show protocols dot1x
authenticator {
static {
52:54:00:78:45:9e/48 {
vlan-assignment vlan2;
}
}
interface {
xe-0/0/2.0 {
supplicant multiple;
}
}
}
jcluser@vqfx-re# run show ethernet-switching table
MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static, C - Control MAC
SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC)
Ethernet switching table : 1 entries, 1 learned
Routing instance : default-switch
Vlan MAC MAC Age Logical NH RTR
name address flags interface Index ID
vlan2 52:54:00:78:45:9e D - xe-0/0/2.0 0 0
If in the authenticator configuration, the vlan is changed to vlan11, the ethernet switching table updates accordingly
jcluser@vqfx-re# show protocols dot1x
authenticator {
static {
52:54:00:78:45:9e/48 {
vlan-assignment vlan11;
}
}
interface {
xe-0/0/2.0 {
supplicant multiple;
}
}
}
jcluser@vqfx-re# run show ethernet-switching table
MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static, C - Control MAC
SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC)
Ethernet switching table : 1 entries, 1 learned
Routing instance : default-switch
Vlan MAC MAC Age Logical NH RTR
name address flags interface Index ID
vlan11 52:54:00:78:45:9e D - xe-0/0/2.0 0 0
You can have multiple vlan-assigments defined, as shown below. If multiple-macs are learnt on the interface xe-0/0/2.0, then different VLANs will be assigned based on the MAC addresses.
jcluser@vqfx-re# show protocols dot1x
authenticator {
static {
52:54:00:78:45:9e/48 {
vlan-assignment vlan11;
}
52:54:00:65:99:8f/48 {
vlan-assignment vlan2;
}
52:54:00:e0:41:b2/48 {
vlan-assignment vlan3;
}
}
interface {
xe-0/0/2.0 {
supplicant multiple;
}
}
}
------------------------------
Sheetanshu Shekhar
------------------------------
Original Message:
Sent: 03-28-2023 04:16
From: PMazurkiewicz
Subject: MAC-based VLANs
I don't think it would allow to "use a device's MAC address to assign packets to a VLAN". Would it?
------------------------------
Pawel Mazurkiewicz
Original Message:
Sent: 03-23-2023 07:53
From: tgreaser
Subject: MAC-based VLANs
Maybe what your looking for ?
https://www.juniper.net/documentation/us/en/software/junos/multicast-l2/topics/ref/statement/mac-edit-ethernet-switching-options-static.html
Original Message:
Sent: 03-23-2023 06:27
From: PMazurkiewicz
Subject: MAC-based VLANs
Hi,
I can see this feature in Feature Explorer, but I can not find and references in the documentation. Can you help me?
"MAC-based VLANs
MAC-based VLANs use a device's MAC address to assign packets to a VLAN. "
https://apps.juniper.net/feature-explorer/feature-info.html?fKey=1151&fn=MAC-based%20VLANs
------------------------------
Kind regards,
Pawel Mazurkiewicz
------------------------------