cancel
Showing results for 
Search instead for 
Did you mean: 

ExtremeControl & XIQ Controller - Policy Role - "Bridged@AP" VLAN

ExtremeControl & XIQ Controller - Policy Role - "Bridged@AP" VLAN

Guilhem_Lejeune
New Contributor III

Hi everyone,

I want to take advantage of pushing Policy Role (and only this) to XIQ Controller upon authentication.
My idea is :

  • Role with "Contain to VLAN X".
  • Accept Policy with my role only (no VLAN)
  • XIQ Controller as RADIUS client with "Extreme IdentiFi Wireless" in "RADIUS Attributes to Send".

I have noticed that, after Policy Enforce, VLAN (configured in XIQ SE/ExtremeControl in "Policy > Roles" menu) are pushed to XIQ Controller in "Bridged@AC" mode.

As expected, there was issue when testing 😄

Is there a way to have these VLAN being pushed with "Bridged@AP" mode ?

Kind regards,

6 REPLIES 6

Goldy-chicken
New Contributor

The system doesn’t automatically switch to Bridged@AP just based on role assignment. To get Bridged@AP working, you usually need to define VLAN behavior directly in the SSID or AP profile so the AP takes control. Also check if any RADIUS attributes Morse Code Translator or controller policies are overriding what you’re trying to enforce from ExtremeControl.

iDavidHere
New Contributor

Hi, your approach makes sense but in ExtremeCloud IQ the VLAN assignment is usually controlled by the forwarding mode, not just the policy role. In many cases the VLAN will still land in Bridged @ AC unless it’s defined directly at the SSID or AP template level. You might want to check if the AP profile allows VLAN override from RADIUS. That usually solves the mismatch in Bridged@AP behavior.

John David

Doug
Extreme Employee

Are you using Filter-ID=<role name> to push the role (which should have a topology mapping) 

Doug Hyde
Sr. Director, Technical Support / Extreme Networks

Guilhem_Lejeune
New Contributor III

Hi,

Yes. The preview shows me this :

Filter-Id=Enterasys:version=1:policy=<role_name>

Kind regards,

GTM-P2G8KFN