Extreme Networks

Benjamin_Kümmel · ‎09-23-2020

Hello,

some days ago we have built up our first vpex enviroment with netlogin mac enabled ports and redundant controller bridges. Allthought the netlogin request is positively answered by the nac-server the port goes in unautheticated state.

000b30985fd242e5be67150aa5c93034_35907d2f-70c1-4b59-90f9-795960c614c9.jpg

In the gtac kwonledge base I found the following article https://extremeportal.force.com/ExtrArticleDetail?an=000086551 which give hints on a enabled policy. What we have to do to solve our problem?

Benjamin

Benjamin_Kümmel · ‎10-19-2020

Hello,

here some words about my solution. As I’ve read now I need policies to solve my netlogin-problem in a vpex enviroment.

The first step was to enable policies on the switches and add some snmp write credentials so that the emc can push the policies to the switches.

Now I created on the emc a new empty policy domain and created one new policy role to give full access by permitting traffic. After saving these simple settings I distributed the policy to the switches by adding the newly created policy domain to the switches. Before that it was neccesary to add the new write credentials to the access profile.

After that I modified the given nac-configuration and modified the rules that emc now gives back the allow all policy to switches instead the enterprise user policy after a successful request.

Benjamin

View solution in original post

DrankThePurpleS · ‎01-02-2021

I was definitely not expecting to find something so specific to just one issue but a very important one.

If you don’t mind, how Control Bridges, vs v400’s? I just scrolled through a pretty hilarious proof of concept document. Showed a stack of x690’s as CB for I believe 2 v4000’s, when up to 8 v400s they obviously implemented a stack 440s for redundancy. Went into great detail about OSPF, which I might be look at is overkill here. In these models, VRRP, Stacked CBs, connected to v400s. OSPF only has one path.

Even though this company was sold this model based on a lot of false information, from XIQ CB to The BoM they built being CB here might add 24 port 590 there, but no need for it do do anything in the other buildings it’s serving, so keep layer 3 away as much as possible. Turn on XMC, NAC, EA, and looking this demo, gorgeous fingerprint, shows all this with this license IA hen you can posture, and shoot lasers at guests.

Benjamin_Kümmel · ‎10-19-2020

Hello,

here some words about my solution. As I’ve read now I need policies to solve my netlogin-problem in a vpex enviroment.

The first step was to enable policies on the switches and add some snmp write credentials so that the emc can push the policies to the switches.

Now I created on the emc a new empty policy domain and created one new policy role to give full access by permitting traffic. After saving these simple settings I distributed the policy to the switches by adding the newly created policy domain to the switches. Before that it was neccesary to add the new write credentials to the access profile.

After that I modified the given nac-configuration and modified the rules that emc now gives back the allow all policy to switches instead the enterprise user policy after a successful request.

Benjamin

Miguel-Angel_RO · ‎10-02-2020

Very good,

Please share you solution to help the community!

thanks

Mig

Benjamin_Kümmel · ‎10-02-2020

Hello,

thank for the hint on the polices. With this info in mind I was able to create a good solution on our Extreme Management Center.

Greetings

Benjamin

Extreme Networks

VPEX with netlogin mac

VPEX with netlogin mac