3.1.6.4. VLANs

In the VLANs menu, we can register all the VLANs that exist in the network infrastructure where OpenNAC Enterprise technologies are being deployed. If we are applying the segmentation use case, we will define in this section the different VLANs that we will later use in the network access Policies.

../../../_images/vlans_general.png


To register a new VLAN, click on the Add new button. It will display a popup window with all the parameters that need to be filled in.

../../../_images/vlans_addnew.png


We can configure a VLAN ID in the range from 0 to 4095. By default, we assume that ID = 0 is for switch default and ID = 4095 for access denied.

In the type field, a drop-down menu will appear with the different types of VLANs that we can configure:

../../../_images/vlans_type.png


Service: VLAN type that provides access to service.

Registry: VLAN type that provides access to the registry before network access, Captive portal (Guest and external collaborators), and BYOD use cases.

Quarantine: For assets that do not complain with the authentication process to access the network. This VLAN is normally used to isolate user devices that do not comply with security policy or carry out malicious activities.

Hotspot: This VLAN is normally used to configured hotspot VLANs.

Note

If a VLAN is being created and the type is not clear, it is better to configure it as “Service” VLAN.

We can also set a default VLAN by enabling the VLAN by default button. The VLAN that we configure as VLAN by default will become the default VLAN in the network that we configure it.

For instance, if we use the button quarantine in ON NAC -> Business Profiles to send a user device to quarantine, the Quarantine VLAN defined as default will be used.

To edit any VLAN, select the desired VLAN an click the Edit button. It will display a popup window where you can modify the current configuration. If we want to edit multiple VLANs at the time, select all the desired VLANs and click the Bulk Edit button. It will display a popup window, but we will only be able to modify the VLAN type and its Name.

../../../_images/vlans_bulkedit.png


Note

The VLANS that we define must previously exist in the infrastructure, especially the quarantine VLAN.