Assigning a i-sid/vlan to a port via Radius in a SPB environment.

  • 0
  • 1
  • Question
  • Updated 6 days ago
  • Answered

Hi,

I have a full spb environment and an IDE to authenticate the clients via MAC.

In addition, I would like to send a vlan/i-sid that exist in the spb but not on the switch to the port.

Is it possible?

I have this working with FA but I cannot find how to do it in a SPB switch.
Photo of Jose Chaves

Jose Chaves

  • 100 Points 100 badge 2x thumb

Posted 1 week ago

  • 0
  • 1
Photo of Shmulik

Shmulik, Employee, PLM for ExtremeGuest and ExtremeControl

  • 564 Points 500 badge 2x thumb
Hello Jose,

Not following you when you say "I have this working with FA but I cannot find how to do it in a SPB switch."...do you not have an FA Proxy switch and FA Server switch set up? if you do, then the FA Proxy switch will communicate the required VLAN:ISID mapping upstream to the FA Server switch. Or perhaps you have SPB to the edge? which switches are involved here.

Just as a reminder to all readers, ExtremeControl also fully supports FA.

Thanks!

Shmulik

Photo of Jay

Jay, Employee

  • 256 Points 250 badge 2x thumb
Jose,
If I understand you correctly, you would like IDE to send the VLAN/I-SID to the switch after a MAC authenticated device attaches.
If this is correct then you will need to create a new Outbound Attribute and Outbound Values.
Please go to https://downloads.avaya.com/css/P8/documents/101008758
Beginning on page 33 you will see the instructions.


Photo of Jose Chaves

Jose Chaves

  • 100 Points 100 badge 2x thumb

Hi,

I am currently using ERS 4800 and VSP 4000.

I have the solution working in the switchs that are connected via FA (FA proxy) like in the manual.

My problem is in the FA server. All the examples that I see are for FA proxy.

The VSP 4000 are part of the SPB cloud. I want to send the VLAN/I-Sid to the port like I send to the FA Proxy. That means that if needed I can send a VLAN/I-Sid that is not configured in the switch (like I can do in the FA Proxy).
Photo of Shmulik

Shmulik, Employee, PLM for ExtremeGuest and ExtremeControl

  • 564 Points 500 badge 2x thumb
Jose, as far as I knowl, the VSP does not support receiving the FA VSAs to apply them on endpoints connecting directly to the switch. The VSP can only receive them from the FA Proxy switch via FA LLDP signaling for clients that connect to the FA Proxy switch (EXOS or BOSS)

Shmulik