Device discovery and configuration

The switch provides support for LLDP, CDP, and local MAC match by using device profiles to enable automatic discovery and configuration of other devices on the network.

Based on the type of devices connected to the interface, device profiles enable predefined configurations that can be applied to the interface. Connected devices are identified using corresponding protocol packets. When the protocol information on the interface ages, the profile or role is revoked from the interface. Only devices connected directly to the switch are detected and processed to apply a device profile. When a device of a configured type is connected to an interface, the switch automatically applies the corresponding device profile.

Local MAC match enables dynamic assignment of client attributes, such QoS and VLANs by using a locally configured authentication repository. Local MAC match involves creating MAC groups that are used to classify connected devices based on MAC address, MAC address mask, and MAC OUI. Local MAC match feature is useful when you do not want to afford RADIUS infrastructure or when you want to use local authentication as a backup method in case the RADIUS server is unreachable.

The following parameters can be configured for each role:
  • associate: Used to associate captive-portal-profile or policy with the role.

  • auth-mode: Used to configure authentication mode for the role.

    NOTE:

    There is no need to configure auth-mode for a plain device profile.

  • mtu: Used to configure MTU for the role.

  • poe-priority: Used to configure the PoE priority for the role.

  • trust-mode: Used to configure trust mode for the role.

  • vlan: Used to configure VLAN mode for the role.

  • stp-admin-edge-port: Used to configure STP administrative edge port for the role.

For information on role configurations, see the Security Guide.
NOTE:
The following commands are not supported in local MAC match feature:
  • aaa authentication port-access mac-auth cached-reauth

  • aaa authentication port-access mac-auth cached-reauth-period

  • aaa authentication port-access mac-auth quiet-period

  • aaa authentication port-access mac-auth reauth-period

Figure 1: Example configuration of device deployment

The switch provides simplified deployment of devices, such as access points, IP phones, security cameras, and printers, through the use of a locally configured repository that provides authentication and dynamic port assignment, such as QoS, PoE, and tagged VLANs.