Solved

Assign a device to Policy Manager

  • 23 May 2019
  • 3 replies
  • 316 views

Hello everybody,

I'm working on the deploiment of NAC, the probleme is when I want to assign a device to a domain it shows that it's unsuported which means that appliying a policy to juniper switch and Summit X440 is unsuported.
For the Extreme witch I should just make an upgrade because the current version that I have is 15.2.

So what about Juniper switch? how can I make it supported boy Plicy Manager ?


Thank you,
icon

Best answer by ar 23 May 2019, 12:11

Hi,
I'm not sure but was "Policy Management" not a special feature of Enterasys?

I guess it will only support by Enterasys and newer Extreme Switches (like X440G2 od X460X2 and S/K/B/C/D/G-Series).

I think, that other devices like Juniper/Cisco/HP etc. will not support the Extreme Policies.

Regards,
Axel
View original

3 replies

Userlevel 2
Hi,
I'm not sure but was "Policy Management" not a special feature of Enterasys?

I guess it will only support by Enterasys and newer Extreme Switches (like X440G2 od X460X2 and S/K/B/C/D/G-Series).

I think, that other devices like Juniper/Cisco/HP etc. will not support the Extreme Policies.

Regards,
Axel
Userlevel 5
Hello Safaa,

Extreme Policy is a feature based on Enterasys portfolio capability. Only newer devices (X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X870, but also X770 which is a 'first generation model') support Extreme Policy. And ex-Enterasys devices of course, both switches and wireless (ExtremeWireless, formerly IdentiFi).
If you wanted to get policy feature on Juniper or other third party, it would have to support such feature first. However, there is no straightworward option for out-of-the-box translation of a policy domain to 3rd party devices.
What you can do, is to check the RADIUS attributes that Juniper can take during user/device authentication and authorization, like VLAN (RFC3580) but maybe other things as well (1st gen EXOS devices were based on issuing scripts - called with RADIUS attribute by their names - to reconfigure port on which a user got authenticated at the moment; Cisco Catalysts support dynamic ACL to apply on a port, etc.). These things can be ordered from Extreme Access Control that handles the authentication being an AAA server from the switches' perspective.

Hope that helps,
Tomasz
Userlevel 7
In addition to Tomasz:

Policy rules can be translated to downloadable ACLs for Cisco an HPE and to some cloud providers. No Juniper as today.

Regards

Z.

Reply