Header Only - DO NOT REMOVE - Extreme Networks

How to assign tagged VLAN and policy with NAC for user port?

  • 23 October 2017
  • 1 reply

Userlevel 3
  • Participator
  • 54 replies
we are using NAC to assign policies and a location-dependent VLAN-ID for untagged VLANs on our User ports (Summit x450-G2- and Enterasys G3-Switches).
So we have at Control / Access Control / Configuration / Policy Mappings a policy mapping table which defines what VLAN is to be used for each profile depending on location. (f.e. profile "printer" VLAN is 20 at location A and 30 at location 😎.
At NAC configuration the setting "RADIUS-Attributes to send" for our switches is set to "RFC 3580 - VLAN-ID and Extreme Policy".

Question 1: At Policy Mappings Table the is a column "VLAN egress" which can be set to tagged, untagged, same as ingress and user-defined. When I select "tagged" here, the VLAN is still untagged at user port, maybe because RFC3580 does not include taggedd or untagged information. What must I do if I want to assign a tagged VLAN for a NAC user profile / mapping?

Question 2: Policy mapping Table is named "default". Can I use multiple mapping tables somehow?

1 reply

Userlevel 7
Please reference the following article: https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-NAC-to-work-with-RFC3580-...