Header Only - DO NOT REMOVE - Extreme Networks

Assign one untagged and several tagged ports thru 802.1x with MAC Authentication. (NAC)


Userlevel 1
Hi,

I have an extreme NAC solution which has 802.1x-rules with MAC authentication configured.
In my network there are several VLAN's.
My goal is, to assign one untagged and several tagged VLANs to a port, if a access point is connected on the switch.
Currently, I can assign only the untagged VLAN (management VLAN of the AP).
Is there a way to assing tagged and untagged ports based on the MAC address?

Thanks for your feedback,
Yves

4 replies

Userlevel 6
What type of switch you are connected to? How many devices will be connected to this port ultimately?
Userlevel 1
I will connect only one access point per switchport. I have Cisco and Extreme Switches (x440).
Userlevel 6
So the following Net login rules apply, for the products below.



If you create a end systems group within NAC for the MAC address or some other identifier for the AP's, then you can then add a specific egress policy as well. If that egress policy is just a VLAN for one physical node, than it can be modified accordingly.



So in the above, the policy can have a VLAN assigned discretely, or if multiple VLAN egress assignments need to be done (based on only one mac being added to the port), than a filter-id assignment would need to be provided here, and matched up with Policy Manager or policy to modify the egress tab with that software.


This assumes the X440-G2 is the product, and running fairly recent firmware with it as well.
So this is not a solution discussed above, merely guidance on the discussion.
Userlevel 1
Hi Mike,

thank you for your answer. I will test this in my lab.
Br, Yves

Reply