Can't find what you need?


• Ask the Community
• Create a Case
Reset Search
 

 

Article

How to configure NAC to work with RFC3580 and Filter-ID for Policy Role

« Go Back

Information

 
TitleHow to configure NAC to work with RFC3580 and Filter-ID for Policy Role
Objective
To configure the NAC and switches to support RF3580 for VLAN assignment plus a policy role.
Environment
  • B5
  • C5
  • NAC
  • Summit G2's

 
Procedure

1.  From NAC Manager, when adding or editing a switch, the Policy Mapping should be set to RFC3580 and Extreme Policy.
User-added image

2. The Vlan Policy Mapping must be set to include a VLAN as well as a filter attribute.

     Tools->Managment and Configuration->Advanced Configuration->NAC Profiles

      Select Profile Select Policy Mapping, add in the VLAN needed as tagged or untagged

User-added image

3.  These settings must be configured on the switch either via Policy Manager or cli.

In Policy Manager:
Select the device in the tree on the left side of the screen
  • Select the Authentication tab, set Vlan Authorization to Enabled, hit apply
  • Select the Radius tab, set Radius Response Mode to Filter ID with Vlan Attribute

Via CLI:
EOS:
set policy maptable response both
EXOS:
configure policy maptable response both


 
Additional notes
For some reference of the EOS implementation see SecureStack B3 has RFC3580 User Connectivity issues after Upgrade to firmware 6.03.xx
For some addition reference for the XOS devices using netlogin prior to 16.1 see How to configure Mac-based Netlogin with Radius on EXOS
For more discussion on the Netsight Configuration configuration possibilities see How to configure NAC for custom radius attributes such as RFC3580 VLAN ID, Egress Type, Service Type, Filter-ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255