Extreme Networks

Alagesan_Jeyara · ‎02-22-2017

I have configured DHCP server on Extreme X440 G2 Switch and it is working as expected. Now i want to add the the Switch into NAC control engine which eventually enables netlogin session.

I believe the DHCP server will provide leases only on systems connected on particular vlan enabled ports. Below command for reference.

enable dhcp ports vlan

But netlogin session will have dynamic vlan assigned to the ports based on dot1x/mac and above mentioned command is a contradict to that.

Can someone help me on this?

Matthew_Helm1 · ‎02-28-2017

The command that I used in the UPM profile that launches when the client is authenticated and assigned a VLAN is as follows:
enable dhcp port $(EVENT.USER_PORT) vlan $(EVENT.USER_VLAN)

Is this what you are after?

The UPM profile for un-authentication is "blank".

Alagesan_Jeyara · ‎02-25-2017

Hi Mathew,

Thanks for your efforts. I would try that let you know if it works.

What i need to enter in below syntax for our DHCP requirement while creating profile

Matthew_Helm1 · ‎02-22-2017

I have confirmed that the extended-security VSA is supported by NAC either as a proxy or acting as a full radius server.

Matthew_Helm1 · ‎02-22-2017

I'm investigating, but you should be able to use a UPM profile specified in a VSA associated with the account passed from the radius server through the NAC as a proxy.

You would have to configure the UPM user-authenticate event on every port where you want DHCP to be enabled. Here is an article on how to use UPM for authenticating clients.

I'm investigating if NAC as a proxy somehow interferes with the VSA being passed from the radius server, but I do not believe it does. I assume you are using NAC as a proxy to a radius server, right?

Extreme Networks

Configure DHCP server on EXOS Switch enabled with Netlogin

Configure DHCP server on EXOS Switch enabled with Netlogin