Deploying an Identity Aware Network

Recommendations

Info

Extreme Networks Application Note4.2.2.1. VLAN Configurationconfigure vlan default delete ports 1-26create vlan “authvlan”configure vlan authvlan tag 7create vlan “corp”configure vlan corp tag 2create vlan “corpvoice”configure vlan corpvoice tag 3create vlan “crmapps”configure vlan crmapps tag 8create vlan “webapps”configure vlan webapps tag 5configure vlan corp add ports 1 untaggedconfigure vlan crmapps add ports 3 untaggedconfigure vlan webapps add ports 2 untaggedconfigure vlan Mgmt ipaddress 10.127.2.18 255.255.255.0configure vlan corp ipaddress 192.168.0.1 255.255.255.0configure vlan authvlan ipaddress 192.168.100.1 255.255.255.0configure vlan webapps ipaddress 192.168.1.1 255.255.255.0configure vlan crmapps ipaddress 192.168.2.1 255.255.255.0NOTES• In this network topology, ports 1 through 12 are used for connectivity to the backend servers• Ports 13 through 24 are used for client connectivity (and can be subsequently seen that NetLogin is enabled on these ports)• None of the VLANs actually contain user ports4.2.2.2. AAA Module Configurationconfigure radius netlogin primary server 192.168.0.10 1812 client-ip 192.168.0.1 vr VR-Defaultconfigure radius netlogin primary shared-secret encrypted “gt}xolg”enable radius netlogin4.2.2.3. LLDP Configurationenable lldp ports 21enable lldp ports 22enable lldp ports 23enable lldp ports 244.2.2.4. NetLogin Configurationconfigure netlogin vlan authvlanenable netlogin dot1x mac web-basedenable netlogin ports 13-16 dot1xenable netlogin ports 21-24 macenable netlogin ports 17-20 web-basedconfigure netlogin ports 13 mode port-based-vlansconfigure netlogin ports 13 no-restartconfigure netlogin ports 14 mode port-based-vlansconfigure netlogin ports 14 no-restartconfigure netlogin ports 15 mode port-based-vlansconfigure netlogin ports 15 no-restartconfigure netlogin ports 16 mode port-based-vlansconfigure netlogin ports 16 no-restartconfigure netlogin ports 17 mode port-based-vlansconfigure netlogin ports 17 no-restartconfigure netlogin ports 18 mode port-based-vlansconfigure netlogin ports 18 no-restart© 2010 Extreme Networks, Inc. All rights reserved. Identity Aware Network—Page 10
Extreme Networks Application Noteconfigure netlogin ports 19 mode port-based-vlansconfigure netlogin ports 19 no-restartconfigure netlogin ports 20 mode port-based-vlansconfigure netlogin ports 20 no-restartconfigure netlogin ports 21 mode port-based-vlansconfigure netlogin ports 21 no-restartconfigure netlogin ports 22 mode port-based-vlansconfigure netlogin ports 22 no-restartconfigure netlogin ports 23 mode port-based-vlansconfigure netlogin ports 23 no-restartconfigure netlogin ports 24 mode port-based-vlansconfigure netlogin ports 24 no-restartconfigure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 ports 21-24NOTES• NetLogin is configured to use the “authvlan”• Local database authentication is NOT used in the edge switch• 802.1x based authentication is configured on ports 13-16• Web-based authentication is configured on ports 17 - 20 (and subsequently the NetTools module will also be configured to serve asa DHCP server to assign IP addresses to clients temporarily for authentication purpose)• MAC-based authentication is configured on ports 21 - 24• Switch is configured to accept all MAC addresses on ports 21-24 with password set to use the MAC address itself (as a string)4.2.2.5. NetTools Configurationconfigure vlan authvlan dhcp-address-range 192.168.100.10 - 192.168.100.50configure vlan authvlan dhcp-options default-gateway 192.168.100.14.2.2.6. Web/thttpd Configurationenable web httpenable web https4.2.2.7. Identity-Management (idMgr) Configurationenable identity-managementconfigure identity-management ports 13-24NOTES• Identity Management is only configured on ports where clients are connected• Enabling Identity Management on ports which provide connectivity to the rest of the enterprise could result in identity managementtracking possibly a large number of entries, which would be unnecessary. It is recommended that Identity Management be enabledon ports used for connecting end systems directly or through port extenders like the ReachNXT 100-8t.© 2010 Extreme Networks, Inc. All rights reserved. Identity Aware Network—Page 11
Page 1 and 2: Extreme Networks Application NoteDe
Page 3 and 4: Extreme Networks Application NoteTa
Page 5 and 6: Extreme Networks Application Note3.
Page 9: Extreme Networks Application Note4.
Page 13 and 14: Extreme Networks Application NoteSt
Page 31 and 32: Extreme Networks Application NoteTh
Page 35 and 36: Extreme Networks Application Note©
Page 39 and 40: Extreme Networks Application NoteDe
Page 59 and 60: Extreme Networks Application Note<r
Page 61 and 62:
Extreme Networks Application Note<c
Page 63 and 64:
Extreme Networks Application NoteBe
Page 65 and 66:
Extreme Networks Application Note*
Page 67 and 68:
Extreme Networks Application NoteTo
show all

Deploying an Identity Aware Network

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?