UZTNA Wired Guidelines

Universal ZTNA supports Fabric Engine/VOSS and Switch Engine/EXOS NOSs. The minimum versions are:

Switch Engine 32.7.1
Fabric Engine 9.0.2

There are two management options:

Managed Mode
Locally Managed Mode

Managed Mode

Supported NOS: Switch Engine. Switches are onboarded directly from the cloud workflow using the Manage your Devices workflow.

ExtremeCloud IQ manages switch configuration. The Instant Secure Port workflow provisions the following components on the switch:

Certificate for secure RadSec communication
RADIUS/RadSec configuration to the cloud RaaS server or locally deployed RadSec proxy
802.1x or MAC authentication

Universal ZTNA updates the policy configuration on the switch, including static policy roles and rules, based on the provisioned network policy.

Locally Managed Mode

Supported NOS: Switch Engine and Fabric Engine. Switches are onboarded using the Manage your Devices Locally workflow.

ExtremeCloud IQ does not configure switches in local managed mode. In local manage mode, during the authentication process, based on the provisioned network policy, Universal ZTNA provisions policy on the switch using dynamic ACLs (dACL) conveyed using Radius VSAs.

Users configure the following components manually:

Certificate for secure RadSec communication
RADIUS/RadSec configuration to the cloud RaaS server
802.1x or MAC authentication, along with supporting feature sets, depending on the deployment model

Configuration Details for Fabric Engine and Switch Engine

To configure Fabric Engine, select Fabric Engine Locally Managed Sample Configuration
To configure Switch Engine, select Switch Engine Locally Managed Sample Configuration

Fabric Engine and Switch Engine Reference Guides