Can't find what you need?


• Ask the Community
• Create a Case
Reset Search
 

 

Article

How to configure NAC to work with RFC3580 and Filter-ID for Policy Role

« Go Back

Information

 
TitleHow to configure NAC to work with RFC3580 and Filter-ID for Policy Role
Objective
To configure the NAC and switches to support RF3580 for VLAN assignment plus a policy role.
Environment
  • B5
  • C5
  • NAC
  • Summit G2's

 
Procedure
NAC Manager
1.  From NAC Manager, when adding or editing a switch, the Policy Mapping should be set to RFC3580 and Extreme Policy.
User-added image

2. The Vlan Policy Mapping must be set to include a VLAN as well as a filter attribute.

     Tools->Management and Configuration->Advanced Configuration->NAC Profiles

      Select Profile Select Policy Mapping, add in the VLAN needed as tagged or untagged.  
User-added image

3.  These settings must be configured on the switch either via Policy Manager or cli.

XMC
1.  From XMC Control > Switches > Add or Edit
User-added image
2.  XMC > Control > Profiles > Policy Mappings > Select Profile > Edit
Add in the VLAN needed as tagged or untagged.  Save
User-added image
In Policy Manager:
Select the device in the tree on the left side of the screen
  • Select the Authentication tab, set Vlan Authorization to Enabled, hit apply
  • Select the Radius tab, set Radius Response Mode to Filter ID with Vlan Attribute
In XMC:
  • Select Policy > Device > Authentication tab > set RFC3580 Vlan Authorization to Enabled, hit apply
  • Select Policy > Device > Radius tab > set Response Mode to Filter ID with Vlan Tunnel Attribute
Via CLI:
EOS:
set policy maptable response both
EXOS:
configure policy maptable response both


 
Additional notes
For some reference of the EOS implementation see SecureStack B3 has RFC3580 User Connectivity issues after Upgrade to firmware 6.03.xx
For some addition reference for the XOS devices using netlogin prior to 16.1 see How to configure Mac-based Netlogin with Radius on EXOS
For more discussion on the Netsight Configuration configuration possibilities see How to configure NAC for custom radius attributes such as RFC3580 VLAN ID, Egress Type, Service Type, Filter-ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255