cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

VLAN Assignment Policy Manager NAC

VLAN Assignment Policy Manager NAC

Ronny_Engelhard
New Contributor II
Hi,

i have one problem with vlan assignment and nac / policy manager.
We are introducing a Extreme NAC Appliance.
So at present the vlan information for a client is set in the Netsight Console.
In the future we only want to assign a vlan for a client only at one position in network, only in the assigned role for example.
So when i define a role, i can choose the standard operation for traffic that not matches any service rule. Only when i choose contain to vlan, the assigned vlan id that is configured on the switch is overwritten. But then i have the princip of a blacklist if i want to filter any traffic.
How is it possible to invers that princip.
I have been experimenting with the vlan egress tab in policy manager, but with this option you have the problem that the configured vlan on the switch must be consisent with the vlan chosen in policy manager. Additionally i have to say i only want to use untagged vlans.
Is there any possibility to do this?

Many thanks

Ronny

6 REPLIES 6

Ronny_Engelhard
New Contributor II
So i checked the Solution and it works indeed.

Thank you for that solution!! ļ™‚

Ronny_Engelhard
New Contributor II
Thanks a lot, think this will solve my problem.
I will test it tomorrow.

TylerMarcotte
Extreme Employee
Another option would be to send back both VLAN Assignment (RFC 3580) and Policy assignment from NAC. You need to configure the switch to accept both in Policy Manager, but that should allow you to dynamically assign the VLAN and use any permit/deny rules needed. See attached images for where to allow this in Policy Manager and where to configure it in NAC.




Piotr_Owczarek
New Contributor III
It is not possible to ivert action of contain to vlan. But You can still use deny action with static port to clan assignment. You can also try to play with NAC profile and check if it will be possible to send both Enterasys policy and clan id in one profile.
GTM-P2G8KFN