i have one problem with vlan assignment and nac / policy manager.
We are introducing a Extreme NAC Appliance.
So at present the vlan information for a client is set in the Netsight Console.
In the future we only want to assign a vlan for a client only at one position in network, only in the assigned role for example.
So when i define a role, i can choose the standard operation for traffic that not matches any service rule. Only when i choose contain to vlan, the assigned vlan id that is configured on the switch is overwritten. But then i have the princip of a blacklist if i want to filter any traffic.
How is it possible to invers that princip.
I have been experimenting with the vlan egress tab in policy manager, but with this option you have the problem that the configured vlan on the switch must be consisent with the vlan chosen in policy manager. Additionally i have to say i only want to use untagged vlans.
Is there any possibility to do this?