Contents x
    Configuration
    • 26 Jul 2022
    • 2 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Contents

    Configuration

    • Updated on 26 Jul 2022
    • 2 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Configuring the Intelligent VLANs is simple you can manually specify MAC addresses which will be subject to iVLAN change or you can configure an import rule which will import MAC addresses automatically from a MAC group.

    Manual configuration

    To add a new Endpoint into the Intelligent VLAN module, navigate to Intelligent VLAN Module -> Devices List and click the New button

    image.png

    There are few things to configure:

    • MAC - A MAC address of an Endpoint
    • Active - A name variable and a default number of the VLAN when iVLAN change is enabled
    • Not Active - A name variable and a default number of the VLAN when iVLAN change is disabled (The default switch interface VLAN)
    • Disconnect Timeout - When an Endpoint is logged out (an Accounting Stop is received). The Active VLAN configuration will be kept on the port for the specified Disconnect Timeout. The default value is 168 hours.
    • Check Interval - Specifies an interval of often is the Live log checked for authentications. The default value is 1 hour which is the recommended interval
    • Check Interface - The registered interface is checked for another MAC address activity. If another MAC address is detected on the interface and this option is enabled the iVLAN is immediately disabled on the interface.
    • Set Default - One time setting, the Endpoint status is restarted and set to the Unknown state during the next check interval
    • Reset Last Check - The next check will be performed immediately and will not wait for the check interval
    iVLAN configuration

    iVLAN configuration allows you to configure VLAN variables exactly the same as in the Compliance Module. This format allows you to configure a variable VLAN name and not the exact VLAN number which can vary from switch to switch. VLAN name variable allows you to check for the vlan group command and vlan name to find the correct access VLAN to configure.

    Please navigate to Compliance Module Configuration for more details.

    Using Synchronization Rules

    Synchronization rules allow you to automatically import multiple Endpoints from a MAC group in XTENDISE. When a rule is configured, Endpoints are automatically imported every hour into the module from the Endpoint database with the specified configuration. Endpoints are also deleted from the module if they are deleted from XTENDISE or their MAC group is changed.
    Navigate to Intelligent VLANs -> Intelligent VLANs Configuration and click the new button.

    802.1X Configuration Guidelines

    The functionality of this module is based on the accounting messages in the Live log. This means that is crucial to:

    • Network Switches have to be configured to send RADIUS Accounting messages
    • RADIUS Interim-Updates or Endpoint reauthentication timeout have to be configured to less than 24 hours.
    What's Next