cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

EXOS, Fabric Standalone Proxy, XMC and VLAN islands!

EXOS, Fabric Standalone Proxy, XMC and VLAN islands!

Anonymous
Not applicable
Hi

Looking into taking advantage of the new standalone proxy feature in EXOS. If I have understood this correctly it allows me to make use of fabric attach without the use of a fabric server.

The way I am translating that, and want to make use of, is the ability for NAC to dynamically add a VLAN at the edge but additionally make use of the fabric functionality to also dynamically extend the VLAN from the proxy (X590), to the Fabric Attach device (X450G2). Hopefully I have that understanding correct?

The issue I have is that each edge location (fabric attach device X450G2 stack), has its own VLAN / Subnet, for example each location has a /24 subnet for Data, Voice etc.

There are VLANs though like wireless and AV that will require extending to various places all over the network.

In this scenario making use of VLAN islands in XMC (policy) allows the dynamic allocation of different VLAN ID's for the same purpose i.e Data, for the various different locations.

In the screenshot below there is a function in 'Roles' to assign a 'Service ID', the issue is the 'Data VLAN' given below is dependant on the location / VLAN island configuration. So effectively the actual VLAN ID for Data will be different for each stack, would that require a different SID for VLAN therefore, or does this not matter?

Below is where the VLAN to SID is configured in policy, this I have use with EXOS and VSP switches and NAC, which worked well:

099f8bceac904a37869669e7edb1ed85_f5f5798e-86ce-45aa-a73a-ae4271b6d09e.png



Here is an example of the VLAN island configuration that I am questioning the use:

099f8bceac904a37869669e7edb1ed85_9ed958e6-f51f-4dca-8d7f-e11e7ce1fb13.png



099f8bceac904a37869669e7edb1ed85_683d12e2-616e-403e-b819-96a9d1802d81.png



Might have my understanding wrong, or might just work with the use of including an 'Service ID' in the policy configuration?

One thing I did think of was pre-configuring the VLAN to I-SID assignment on the standalone proxy.

The train of thought was in assigning the VLAN at the edge via NAC will transition down to the uplinks from the VLAN proxy via the advertisements passed by LLDP!?

Used the command:

config vlan xxxx add nsi xxxxxx

The command would take but not appear in the configuration, which might be related to configuring the X590 as a standalone proxy!?

Be useful to hear any experience anyone has had with the use of the feature on VSP / ERS switches, on EXOS and XMC.

Thanks in advance for any advise.
1 REPLY 1

Anonymous
Not applicable
It would seem this feature maybe coming out in release 8.3, where there is an additional field for the I-SID in the VLAN configuration.

Will post back the success of using it once its out.
GTM-P2G8KFN