Vlan attribution: for single-vlan switches, not by end-device

Background

FreeNAC attributes Vlans depending on a vlan value stored for that device.

There is also the "Vlan exception " feature, which allows the vlan attributed to be changed depending on the switch location. (See also the method Ports->getPortDefaultVlan() ). However if there are many "exceptions", i.e. many switches which do not have all Vlans, or vlan with different names, it can be difficult to manage.

Aim

There are sites who just need to attribute two vlans, allowed or denied. In this case, it is overkill to have a vlan per end-device, it would be simpler to just attribute a vlan per switch.

Lets say there is a Vlan "Internal" on all switches, but with different numbers. There is also a vlan "Guest".

• The idea is to allow all known end-device (state=active) automaticallyonto "Internal", and unknowns onto "Guest".
• So set the global default vlan to be "Guest".
• In the policy file, write a policy that says:
  a) if device=active set vlan=getSwitchVlan
  b) if device=unknown set vlan=Gllobal default

Implementation

Thats the concept. For the implementation a vlan_id field has been added to the V3.0 DB schema. The Windows GUI (build 164) can modify that column.  A method getSwitchVlan has been added to the sample policies in V3.0.1.

[sb, 22nd Dec'07]