Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-23-2019 09:44 AM
Hello everybody,
I'm working on the deploiment of NAC, the probleme is when I want to assign a device to a domain it shows that it's unsuported which means that appliying a policy to juniper switch and Summit X440 is unsuported.
For the Extreme witch I should just make an upgrade because the current version that I have is 15.2.
So what about Juniper switch? how can I make it supported boy Plicy Manager ?
Thank you,
I'm working on the deploiment of NAC, the probleme is when I want to assign a device to a domain it shows that it's unsuported which means that appliying a policy to juniper switch and Summit X440 is unsuported.
For the Extreme witch I should just make an upgrade because the current version that I have is 15.2.
So what about Juniper switch? how can I make it supported boy Plicy Manager ?
Thank you,
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-23-2019 10:11 AM
Hi,
I'm not sure but was "Policy Management" not a special feature of Enterasys?
I guess it will only support by Enterasys and newer Extreme Switches (like X440G2 od X460X2 and S/K/B/C/D/G-Series).
I think, that other devices like Juniper/Cisco/HP etc. will not support the Extreme Policies.
Regards,
Axel
I'm not sure but was "Policy Management" not a special feature of Enterasys?
I guess it will only support by Enterasys and newer Extreme Switches (like X440G2 od X460X2 and S/K/B/C/D/G-Series).
I think, that other devices like Juniper/Cisco/HP etc. will not support the Extreme Policies.
Regards,
Axel
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-24-2019 06:17 AM
In addition to Tomasz:
Policy rules can be translated to downloadable ACLs for Cisco an HPE and to some cloud providers. No Juniper as today.
Regards
Z.
Policy rules can be translated to downloadable ACLs for Cisco an HPE and to some cloud providers. No Juniper as today.
Regards
Z.
Regards
Zdeněk Pala
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-23-2019 12:02 PM
Hello Safaa,
Extreme Policy is a feature based on Enterasys portfolio capability. Only newer devices (X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X870, but also X770 which is a 'first generation model') support Extreme Policy. And ex-Enterasys devices of course, both switches and wireless (ExtremeWireless, formerly IdentiFi).
If you wanted to get policy feature on Juniper or other third party, it would have to support such feature first. However, there is no straightworward option for out-of-the-box translation of a policy domain to 3rd party devices.
What you can do, is to check the RADIUS attributes that Juniper can take during user/device authentication and authorization, like VLAN (RFC3580) but maybe other things as well (1st gen EXOS devices were based on issuing scripts - called with RADIUS attribute by their names - to reconfigure port on which a user got authenticated at the moment; Cisco Catalysts support dynamic ACL to apply on a port, etc.). These things can be ordered from Extreme Access Control that handles the authentication being an AAA server from the switches' perspective.
Hope that helps,
Tomasz
Extreme Policy is a feature based on Enterasys portfolio capability. Only newer devices (X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X870, but also X770 which is a 'first generation model') support Extreme Policy. And ex-Enterasys devices of course, both switches and wireless (ExtremeWireless, formerly IdentiFi).
If you wanted to get policy feature on Juniper or other third party, it would have to support such feature first. However, there is no straightworward option for out-of-the-box translation of a policy domain to 3rd party devices.
What you can do, is to check the RADIUS attributes that Juniper can take during user/device authentication and authorization, like VLAN (RFC3580) but maybe other things as well (1st gen EXOS devices were based on issuing scripts - called with RADIUS attribute by their names - to reconfigure port on which a user got authenticated at the moment; Cisco Catalysts support dynamic ACL to apply on a port, etc.). These things can be ordered from Extreme Access Control that handles the authentication being an AAA server from the switches' perspective.
Hope that helps,
Tomasz
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-23-2019 10:11 AM
Hi,
I'm not sure but was "Policy Management" not a special feature of Enterasys?
I guess it will only support by Enterasys and newer Extreme Switches (like X440G2 od X460X2 and S/K/B/C/D/G-Series).
I think, that other devices like Juniper/Cisco/HP etc. will not support the Extreme Policies.
Regards,
Axel
I'm not sure but was "Policy Management" not a special feature of Enterasys?
I guess it will only support by Enterasys and newer Extreme Switches (like X440G2 od X460X2 and S/K/B/C/D/G-Series).
I think, that other devices like Juniper/Cisco/HP etc. will not support the Extreme Policies.
Regards,
Axel
