ā11-21-2022 06:20 AM
Hello together,
I am new with Extreme Control and got only in touch with it years ago on G1 switches.
I am just setting up some Universal Switches with 802.1x authentication and would like to have a default vlan all clients should fall into if all Control Engines are unavailable, so something like the "configure netlogin authentication service-unavailable" on the older G1 switches.
We are only using the "RFC3580 VLAN Authorization" and no policies so far and right now I have no glue how I should have a fallback vlan if the authentication services are not available because the config parameter "configure netlogin authentication service-unavailable" is not available on the Universal Switches.
Can you please give me an idea how to accomplish that.
Thanks in advance for your help
Joerg
ā11-22-2022 08:33 AM
Hello,
We can't create a default policy that's only triggered when Control is un-available. If Control responds with an unconfigured filter-ID the default policy is also used.
Looking at a x440g2 if I "disable policy" the command for service-unavailable is now shown:
If you are only using RFC 3580 I think you may be able to use this command.
Thanks
-Ryan
ā11-22-2022 05:34 AM
Hello,
Default VLAN or default policy on the port will be used in case of a RADIUS communication failure.
Please see following article: https://extremeportal.force.com/ExtrArticleDetail?an=000107144
Thanks
-Ryan
ā11-24-2022 02:53 AM
Hello Ryan,
thanks for your reply.
We need to go fore the provided solution with "authentication optional and a default admin policy".
But I don't know if the solution works the way we want it to.
We will implement this in the next days our customer site and will see if it works as we expected it to work.
Regards
Joerg
ā11-21-2022 08:06 AM
Hi,
sorry, of course I meant "default role" not default policy š
Regards
Joerg