This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

VLAN Assignment Policy Manager NAC

VLAN Assignment Policy Manager NAC

Ronny_Engelhard
New Contributor II

ā€Ž06-16-2015 11:14 AM

Hi,

i have one problem with vlan assignment and nac / policy manager.
We are introducing a Extreme NAC Appliance.
So at present the vlan information for a client is set in the Netsight Console.
In the future we only want to assign a vlan for a client only at one position in network, only in the assigned role for example.
So when i define a role, i can choose the standard operation for traffic that not matches any service rule. Only when i choose contain to vlan, the assigned vlan id that is configured on the switch is overwritten. But then i have the princip of a blacklist if i want to filter any traffic.
How is it possible to invers that princip.
I have been experimenting with the vlan egress tab in policy manager, but with this option you have the problem that the configured vlan on the switch must be consisent with the vlan chosen in policy manager. Additionally i have to say i only want to use untagged vlans.
Is there any possibility to do this?

Many thanks

Ronny

0 Kudos
6 REPLIES 6

Ronny_Engelhard
New Contributor II

ā€Ž06-16-2015 03:13 PM

Hi,

thanks for you comment.
Yes i understand that but why is it not possible to invers that.
My aim is to deny any traffic as default option and allow only specific traffic to one vlan.

Ronny

0 Kudos

Piotr_Owczarek
New Contributor III

ā€Ž06-16-2015 11:47 AM

Hi Ronny,

Contain to Vlan means Allow. If You want to deny some traffic you have to explicit specify it as a blocking rule.

0 Kudos
GTM-P2G8KFN