cancel
Showing results for 
Search instead for 
Did you mean: 

Policy maptable vs VLAN authorization

Policy maptable vs VLAN authorization

James_A
Valued Contributor

I'm tossing up how to do VLAN mapping, is it better to do it in the RADIUS policy mapping in ExtremeControl, or set up policy profiles on the switch and return Filter-IDs?

It's a small environment, about 30 switches, a mix of B5 (going to be replaced with 5420s running Fabric Engine over time), X440-G2s at the edge, and 7400s at the core, running campus fabric. The X440-G2s are my main focus at the moment, I only have one set up for fabric attach, the others are just doing normal VLAN switching.

Also, why is there policy maptable, which makes the switch look at Filter-ID, RFC 3580 VLAN ID, or both, which is fine, but then also policy vlanauthorization? What's the point of having a separate knob (and if you look at policy manager, maptable is under RADIUS and VLAN authorization is under Authentication)?

https://extremeportal.force.com/ExtrArticleDetail?an=000080175

1 ACCEPTED SOLUTION

Gabriel_G
Extreme Employee

Hey James,

Either way is fine, but I'll note that policy profiles via filter ID are a little bit easier to expand upon in my opinion as the ACL style filtering configuration is mostly on the switch side and is a little more straightforward to read vs. having to setup multiple radius responses with strange syntax.

Regarding the maptable vs vlanauthorization, the maptable determines which response is honored, as you mentioned. VLAN authorization allows for the creation of new VLANs via RADIUS attributes, among other things, so that's a slightly different function.

 

Hope that helps!

 

 

View solution in original post

1 REPLY 1

Gabriel_G
Extreme Employee

Hey James,

Either way is fine, but I'll note that policy profiles via filter ID are a little bit easier to expand upon in my opinion as the ACL style filtering configuration is mostly on the switch side and is a little more straightforward to read vs. having to setup multiple radius responses with strange syntax.

Regarding the maptable vs vlanauthorization, the maptable determines which response is honored, as you mentioned. VLAN authorization allows for the creation of new VLANs via RADIUS attributes, among other things, so that's a slightly different function.

 

Hope that helps!

 

 

GTM-P2G8KFN