This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Execute a script when a rule is used

Execute a script when a rule is used

Gaspard_W
New Contributor

ā€Ž06-01-2016 01:06 PM

Hello,

I'm working with NAC and so netlogin.

We have a need to have a switch plugged on another one without having to disable the netlogin but it looks like it's impossible.

We tried numerous setup, and the only one that is working, is to make the second switch linked with a trunk port.
As every port on the network has netlogin enabled by default, I would like to know if there is a way to disable it and make the edge port, a trunk port with all the VLANs on it.

I was wondering, is it possible to call a script and execute it when a specific rule / policy is used ?
This script would basically disable netlogin on that port and put all the VLANs, basically changing it from a end user type port, to a trunk type port.
I know we can do that by hand, through OneView and it works fine, but it's not very efficient in our setup.

Thanks
Gaspard

0 Kudos
38 REPLIES 38

Gaspard_W
New Contributor
In response to Matthew_Helm1

ā€Ž06-06-2016 01:45 PM

I'm going to test with authentication instead of device detect, I'll keep you updated.
0 Kudos

Matthew_Helm1
Extreme Employee
In response to Matthew_Helm1

ā€Ž06-06-2016 01:45 PM

That makes sense. However, I would consider using authentication/de-authentication as triggers and then set up MAC authentication in parallel with dot1x authentication whereby a MAC-list filter is used to authenticate Extreme switches (when receiving their first EDP packet). (Per my example above.) The complexity comes in determining if the port connecting to an Extreme switch should be a member or a master port of a LAG.
0 Kudos

Kevin_Kim
Extreme Employee
In response to Matthew_Helm1

ā€Ž06-06-2016 01:45 PM

I think it would work if netlogin authentication failure vlan or guest vlan is enabled/configured. Once authentication fails, a port will be moved to a quest vlan and LLDP or EDP neighbor would show up.
0 Kudos

Gaspard_W
New Contributor

ā€Ž06-06-2016 07:10 AM

Hello everyone,

I'm testing how to use UPM, and what are the problems that are related to it.

Is there a way to have the UPM script execute when netlogin is enabled on that port ? Seems like netlogin prevents the script from being executed, but when disabled, the UPM triggers correctly.

Thanks
0 Kudos

AndrƩ_Herkenrat
Extreme Employee

ā€Ž06-02-2016 05:34 AM

this definetely looks like a LLDP thing. Have a look at the generic phone UPM in the User Guide.
this should be a good start to begin with
0 Kudos
GTM-P2G8KFN