Execute a script when a rule is used
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-01-2016 01:06 PM
Hello,
I'm working with NAC and so netlogin.
We have a need to have a switch plugged on another one without having to disable the netlogin but it looks like it's impossible.
We tried numerous setup, and the only one that is working, is to make the second switch linked with a trunk port.
As every port on the network has netlogin enabled by default, I would like to know if there is a way to disable it and make the edge port, a trunk port with all the VLANs on it.
I was wondering, is it possible to call a script and execute it when a specific rule / policy is used ?
This script would basically disable netlogin on that port and put all the VLANs, basically changing it from a end user type port, to a trunk type port.
I know we can do that by hand, through OneView and it works fine, but it's not very efficient in our setup.
Thanks
Gaspard
I'm working with NAC and so netlogin.
We have a need to have a switch plugged on another one without having to disable the netlogin but it looks like it's impossible.
We tried numerous setup, and the only one that is working, is to make the second switch linked with a trunk port.
As every port on the network has netlogin enabled by default, I would like to know if there is a way to disable it and make the edge port, a trunk port with all the VLANs on it.
I was wondering, is it possible to call a script and execute it when a specific rule / policy is used ?
This script would basically disable netlogin on that port and put all the VLANs, basically changing it from a end user type port, to a trunk type port.
I know we can do that by hand, through OneView and it works fine, but it's not very efficient in our setup.
Thanks
Gaspard
38 REPLIES 38
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-06-2016 01:45 PM
I'm going to test with authentication instead of device detect, I'll keep you updated.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-06-2016 01:45 PM
That makes sense. However, I would consider using authentication/de-authentication as triggers and then set up MAC authentication in parallel with dot1x authentication whereby a MAC-list filter is used to authenticate Extreme switches (when receiving their first EDP packet). (Per my example above.) The complexity comes in determining if the port connecting to an Extreme switch should be a member or a master port of a LAG.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-06-2016 01:45 PM
I think it would work if netlogin authentication failure vlan or guest vlan is enabled/configured. Once authentication fails, a port will be moved to a quest vlan and LLDP or EDP neighbor would show up.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-06-2016 07:10 AM
Hello everyone,
I'm testing how to use UPM, and what are the problems that are related to it.
Is there a way to have the UPM script execute when netlogin is enabled on that port ? Seems like netlogin prevents the script from being executed, but when disabled, the UPM triggers correctly.
Thanks
I'm testing how to use UPM, and what are the problems that are related to it.
Is there a way to have the UPM script execute when netlogin is enabled on that port ? Seems like netlogin prevents the script from being executed, but when disabled, the UPM triggers correctly.
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-02-2016 05:34 AM
this definetely looks like a LLDP thing. Have a look at the generic phone UPM in the User Guide.
this should be a good start to begin with
this should be a good start to begin with
