Feature "Protected Port" needed - EXOS and S-Series
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-12-2017 12:37 PM
On Secure Stacks "Protected Port" is available for client isolation. This can be also combined with NAC dynamic vlan assignment. (Not tested really but feature description sounds very good.)
Compareable Features on S-Series and EXOS are needed.
Private VLANs is not a solution because private VLANs needs static VLAN and Port configurations, so dynamic VLAN assignment via RADIUS / NAC is not possible.
Any solution available ?
Compareable Features on S-Series and EXOS are needed.
Private VLANs is not a solution because private VLANs needs static VLAN and Port configurations, so dynamic VLAN assignment via RADIUS / NAC is not possible.
Any solution available ?
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-19-2017 10:22 AM
Hi Community,
i am looking still for that feature on s-series ... any advices ?
Given Szeanrio:
All Edge ports on EOS (D- and B-Series) and EXOS Switches are working with protected ports. All Edge Switches are linked with S-Series which is the L3- / Inter-VLAN Router and the Central point for Servers. So client are only alloweded to communicate with Router IP or central Servers - not with other Clients (not on same not on other edge switches).
Regards,
Matthias
i am looking still for that feature on s-series ... any advices ?
Given Szeanrio:
All Edge ports on EOS (D- and B-Series) and EXOS Switches are working with protected ports. All Edge Switches are linked with S-Series which is the L3- / Inter-VLAN Router and the Central point for Servers. So client are only alloweded to communicate with Router IP or central Servers - not with other Clients (not on same not on other edge switches).
Regards,
Matthias
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-19-2017 10:22 AM
Talking with two of extreme pre-sales guys bring a good solution:
s-series L2 ACL (starting with V8.42)!
with a few lines i can allow communication to MAC of L3 Router, ARP, needed Broadcast traffic only and deny all other Client to Client traffic.
Logging function is very helpful to see if ruleset is complete.
Regards,
Matthias
s-series L2 ACL (starting with V8.42)!
with a few lines i can allow communication to MAC of L3 Router, ARP, needed Broadcast traffic only and deny all other Client to Client traffic.
Logging function is very helpful to see if ruleset is complete.
Regards,
Matthias
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-12-2017 12:45 PM
In EXOS there is a feature "port isolation" which does the trick.
You can configure it on the port with an UPM that is triggered from the security profile, which comes along with the vlan assignment via Radius.
/André
You can configure it on the port with an UPM that is triggered from the security profile, which comes along with the vlan assignment via Radius.
/André
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-12-2017 12:45 PM
many thanks for that advice.
