Deploying an Identity Aware Network
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Extreme Networks Application Note
configure netlogin ports 19 mode port-based-vlans
configure netlogin ports 19 no-restart
configure netlogin ports 20 mode port-based-vlans
configure netlogin ports 20 no-restart
configure netlogin ports 21 mode port-based-vlans
configure netlogin ports 21 no-restart
configure netlogin ports 22 mode port-based-vlans
configure netlogin ports 22 no-restart
configure netlogin ports 23 mode port-based-vlans
configure netlogin ports 23 no-restart
configure netlogin ports 24 mode port-based-vlans
configure netlogin ports 24 no-restart
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 ports 21-24
NOTES
• NetLogin is configured to use the “authvlan”
• Local database authentication is NOT used in the edge switch
• 802.1x based authentication is configured on ports 13-16
• Web-based authentication is configured on ports 17 - 20 (and subsequently the NetTools module will also be configured to serve as
a DHCP server to assign IP addresses to clients temporarily for authentication purpose)
• MAC-based authentication is configured on ports 21 - 24
• Switch is configured to accept all MAC addresses on ports 21-24 with password set to use the MAC address itself (as a string)
4.2.2.5. NetTools Configuration
configure vlan authvlan dhcp-address-range 192.168.100.10 - 192.168.100.50
configure vlan authvlan dhcp-options default-gateway 192.168.100.1
4.2.2.6. Web/thttpd Configuration
enable web http
enable web https
4.2.2.7. Identity-Management (idMgr) Configuration
enable identity-management
configure identity-management ports 13-24
NOTES
• Identity Management is only configured on ports where clients are connected
• Enabling Identity Management on ports which provide connectivity to the rest of the enterprise could result in identity management
tracking possibly a large number of entries, which would be unnecessary. It is recommended that Identity Management be enabled
on ports used for connecting end systems directly or through port extenders like the ReachNXT 100-8t.
© 2010 Extreme Networks, Inc. All rights reserved. Identity Aware Network—Page 11