Header Only - DO NOT REMOVE - Extreme Networks

Universal Port

Userlevel 4
Create Date: Sep 5 2012 12:52PM


New extreme user here. v. nice kit, v. well thought out.

I have two different sets of computers with their own AD domains that have a corresponding VLAN.

domain 1 --> vlan 7
domain 2 --> vlan 9

clients currently running XP.

i would like to detect the client and its domain and place on the approriate vlan.

and i would also like to place printing devices into a different vlan need to do mac address based detection here.
cameras in another vlan (probably mac based, might support 802.1x)

and place all other "unknown" devices in evil vlan.

am I correct in thinking I can achieve this all on the same port so I could place any of these device in the port once configured and be on the correct vlan?


(from conrad_jones)

4 replies

Userlevel 4
Create Date: Sep 5 2012 1:14PM

Hello OxideYes you can use 802.1x and MAC based authentication to do what you want to do. UPM can also be used in conjunction with 802.1x to configure the ports with ACLs or QoS etc.The switches also support IDM (Identity Manager). IDM allows the switch to snoop the kerberos information when the user logs in and sets a policy to restrict where the user can go. Each type of user i.e. based on location, dept etc from AD can have a policy that determines which devices/subnets it has access to. IDM doesn't yet support moving a user to a VLAN but it can also be used in combination with 802.1x where .1x moves the user to the VLAN and the policy is applied to the AD credentials. IDM also works with MAC OUI or LLDP so can be used with printers cameras etc.Does that help? All of this is documented in the Concepts guide found on the web site.P (from Paul_Russo)
Userlevel 4
Create Date: Sep 5 2012 1:25PM

hi prusso

first- i think i may have reported your post whoops (probably to you!)

okay thanks, I am currently reading the concepts guide for Xos. i just wanted to ask the question that what i was doing was achievable.

i am going to have a proper play with a test machine and a test port.

to achieve the domain 1 or domain 2 I use 802.1x i am wondering how i identify that the machine belongs to domain 1 or domain 2. i will re-read concepts sections tomorrow. Also I suppose I am trying to ascertain which particular sections of that concepts guide are relevant, as I'm not reading all 1100 pages just now. (from conrad_jones)
Userlevel 4
Create Date: Sep 5 2012 1:50PM

Hey OxideHere's a link to a document from our site that may help in setting up netlogin to Microsoft.www.extremenetworks.com/libraries/appnotes/ANNPSandEXOS_1714.pdfIf the link doesn't work just go to extremenetworks.com and search IASThanksP (from Paul_Russo)
Userlevel 4
Create Date: Sep 5 2012 11:24PM

Hi Prusso,

Nice link, thanks.

Oxide (from conrad_jones)