I've done a lab on the integration between the TMMC and the Extreme Networks solution using the Distributed IPS connect module present on the EMC server.
Extreme Management Center (EMC) version 8.0.4
ExtremeControl version 8.0.4
Trend Micro Control Manager version 6.0 Build 1327
Trend Micro Officescan version 12.1
Lab network: actors and data flows
All conversations beetween different vendor are done using standard protocols: Trend Micro TMCM speaks with EMC using syslog and EMC speaks with switches using Radius or SNMP.
First of all I have configured TMCM to export via syslog the relevant security events to EMC server:
This is a global configuration. After that I have configured TMCM to send only some kind of syslog messages to the EMC (for example C&C botnet callback):
In my lab I have configured TMCM in order to not send messages related to blocked malware.
This is all for TMCM.
After that I have configured EMC Distributed IPS Connect module. I have enabled the module:
and then I have configured the rules to add infected or hacked host to the Quarantine_MAC group:
And finally, I have created a NAC rule to move the hosts in Quarantine_MAC Group in a quarantine VLAN. This rule should be placed before other client rules: