Looking into taking advantage of the new standalone proxy feature in EXOS. If I have understood this correctly it allows me to make use of fabric attach without the use of a fabric server.
The way I am translating that, and want to make use of, is the ability for NAC to dynamically add a VLAN at the edge but additionally make use of the fabric functionality to also dynamically extend the VLAN from the proxy (X590), to the Fabric Attach device (X450G2). Hopefully I have that understanding correct?
The issue I have is that each edge location (fabric attach device X450G2 stack), has its own VLAN / Subnet, for example each location has a /24 subnet for Data, Voice etc.
There are VLANs though like wireless and AV that will require extending to various places all over the network.
In this scenario making use of VLAN islands in XMC (policy) allows the dynamic allocation of different VLAN ID's for the same purpose i.e Data, for the various different locations.
In the screenshot below there is a function in 'Roles' to assign a 'Service ID', the issue is the 'Data VLAN' given below is dependant on the location / VLAN island configuration. So effectively the actual VLAN ID for Data will be different for each stack, would that require a different SID for VLAN therefore, or does this not matter?
Below is where the VLAN to SID is configured in policy, this I have use with EXOS and VSP switches and NAC, which worked well:
Here is an example of the VLAN island configuration that I am questioning the use:
Might have my understanding wrong, or might just work with the use of including an 'Service ID' in the policy configuration?
One thing I did think of was pre-configuring the VLAN to I-SID assignment on the standalone proxy.
The train of thought was in assigning the VLAN at the edge via NAC will transition down to the uplinks from the VLAN proxy via the advertisements passed by LLDP!?
Used the command:
config vlan xxxx add nsi xxxxxx
The command would take but not appear in the configuration, which might be related to configuring the X590 as a standalone proxy!?
Be useful to hear any experience anyone has had with the use of the feature on VSP / ERS switches, on EXOS and XMC.
Thanks in advance for any advise.