- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Purgatory VLAN assistance
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-10-2016 08:21 AM
10-10-2016 08:21 AM
Purgatory VLAN assistance
Hello,
I've been give the tasked to create a purgatory VLAN on the company's network so if an unauthorized device (non domain system) is detected on the network, the NAC will instruct the switch to place the device on a particular VLAN that has access to the following:
- Internet only
- Domain controller (only, no other servers accessable) This way, if a machine needs to join the domain, it can.
- not sure if I need to create ACL to deny all traffic from VLAN with the exception of the IPs of the Domain controller (if that is possible).
Once joined to the domain, the NAC will install the agent on the device that will notify the switch to move to a corporate VLAN.
Need some guidance on best way to configure if possible.
Equipment
- Core Switch Procurve 6600 -4XG FW 15.10
- Access/Edge Switches Procurve 3500yl
- Network Access Controller : Forescout Counter Act.
Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-10-2016 08:22 AM
10-10-2016 08:22 AM
Re: Purgatory VLAN assistance
Forgot to mention that communication between NAC and Switch is via SNMPv3
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP