VLAN Assignment Policy Manager NAC

  • 1
  • 2
  • Question
  • Updated 3 years ago
  • Answered

i have one problem with vlan assignment and nac / policy manager.
We are introducing a Extreme NAC Appliance.
So at present the vlan information for a client is set in the Netsight Console.
In the future we only want to assign a vlan for a client only at one position in network, only in the assigned role for example.
So when i define a role, i can choose the standard operation for traffic that not matches any service rule. Only when i choose contain to vlan, the assigned vlan id that is configured on the switch is overwritten. But then i have the princip of a blacklist if i want to filter any traffic.
How is it possible to invers that princip.
I have been experimenting with the vlan egress tab in policy manager, but with this option you have the problem that the configured vlan on the switch must be consisent with the vlan chosen in policy manager. Additionally i have to say i only want to use untagged vlans.
Is there any possibility to do this?

Many thanks

Photo of Ronny Engelhardt

Ronny Engelhardt

  • 310 Points 250 badge 2x thumb

Posted 3 years ago

  • 1
  • 2
Photo of Tyler Marcotte

Tyler Marcotte, Official Rep

  • 2,818 Points 2k badge 2x thumb
Official Response
Another option would be to send back both VLAN Assignment (RFC 3580) and Policy assignment from NAC. You need to configure the switch to accept both in Policy Manager, but that should allow you to dynamically assign the VLAN and use any permit/deny rules needed. See attached images for where to allow this in Policy Manager and where to configure it in NAC.