Posted on September 19, 2019 5:43 pm
 |  Asked by Jon Nicholson
 |  73 views
0
0
Print Friendly, PDF & Email

Hi,

I’m setting up a network where we want to use MAC auth on the edge ports (i.e. only specific MACs will be allowed access to the network) and I want to be able to assign the MAC address to a specific vlan.

In another vendor I’ve done the same sort of thing using a mac-based vlan with a RADIUS back end – the RADIUS server returns the vlan that the mac should be associated with.

Is this possible in Arista’s implementation of .1x? I can’t find any documentation on doing this.

Any help appreciated.

0
Posted by Deep Gajjar
Answered on September 19, 2019 6:15 pm

Hi Jon,

Yes, EOS supports vlan assignment in the .1x implementation (dot1x as well as Mac-based auth).

This is the link for the TOI:

https://eos.arista.com/eos-4-22-0f/802-1x-on-arista-switches/

In general, this is the configuration on to the interface for a host doing Mac-based authentication:
Arista(config-if-Et1/1)#show active
speed forced 1000full
dot1x pae authenticator
dot1x port-control auto
dot1x mac based authentication

After the host gets authenticated through the Mac address and Radius server returns a Vlan, the host should be placed in that Vlan.

Post your Answer

You must be logged in to post an answer.