ExtremeCloud IQ- Site Engine & Extreme Management Center

Expand all | Collapse all

Default Role on port prevents communication with access switch IP

  • 1.  Default Role on port prevents communication with access switch IP

    Posted 11-22-2018 15:54
    Hello there,

    I am currently playing a little bit with Policy & NAC for EXOS through XMC.
    I have created a user role called XYZ with Contain to VLAN as a default action, no rules within. Did that also with default deny + rule to allow ICMP.
    The case is, when a port default role is set via Policy manager section in XMC (what I confirm when doing show config policy in EXOS), connected client device cannot ping the VLAN IP address on that switch.

    Configuration:
    Switch_A is 172.16.11.103/24 on VLAN 11. VLAN 11 is not set to port manually but enforced via static policy role (and it works). Access port in VLAN 11 as untagged. It also contains uplink port as tagged.
    Core_A is 172.16.11.1/24 on VLAN 11, downlink to access switch included as tagged and ipforwarding for different purposes.

    When a client connected to role-applied port it can ping to Core_A, but cannot ping to Switch_A (timeout).
    EXOS version 22.4.1.4.

    Any assistance here would be much appreciated, thanks!

    Kind regards,
    Tomasz


  • 2.  RE: Default Role on port prevents communication with access switch IP

    Posted 12-05-2018 08:28
    FYI, upgrade to 22.5.1.7patch1-2 solved the issue.