Configure a Switch for Instant Secure Port

Before you begin

This task is configured in ExtremeCloud IQ.

About this task

Use this task to configure a switch for Instant Secure Port in ExtremeCloud IQ.

Procedure

  1. Go to Configure > Network Policies.
  2. On an existing network policy, select to edit.
  3. Select the Switching section of the configuration. Go to Switch Settings > Instant Secure Port Profiles.
  4. Select to create a new profile and configure the settings.
    1. In the Create Instant Secure Port Profile dialog, enter a name.
    2. To assign a VLAN on an authentication failure, an unreachable server, or other non-authenticated conditions, select the Enable Unauthenticated VLAN check box and select or create an Unauthenticated VLAN. Otherwise, any unauthenticated session will be rejected.
    3. Leave the option for UZTNA RADIUS Cloud configuration enabled. This ensures the switch automatically installs the RadSec certificates and authentication configuration.
    4. Select SAVE.
    Click to expand in new window
  5. Select Switch Templates and add or edit a switch template for the relevant device types.
    Note

    Note

    Instant Secure Port only works on Universal switches running SwitchEngine and the X435 switch models.
  6. Select Port / VLAN Configuration. Under Configure Instant Profile, select the previously created profile.
  7. Click and drag a box around multiple ports or select an individual port to enable. Select Create New from the Assign > Port Type drop-down menu.
    Note

    Note

    Default port types cannot be edited.
    Click to expand in new window
    The system displays the Create Port Type dialog.
  8. Configure the port type settings.
    1. Enter a name for the new port type.
    2. Select NEXT until the Instant Secure Port Settings section is selected.
      Note

      Note

      The VLAN doesn't require configuration in ExtremeCloud IQ. It is assigned in Universal ZTNA.
    3. On the Instant Secure Port Settings tab, enable the desired authentication types the switch port.
    4. Continue selecting NEXT until the system displays the Summary screen.
    5. Select SAVE.
  9. Note

    Note

    The port types are now assigned to the ports, however Instant Profiles are not enabled for those ports.
    Select the ports again from the switch picture, and select Assign > Instant Profile > Enable. Alternatively, enable the slider for each port that Instant Profiles should be enabled.
    Click to expand in new window
  10. With the Instant Secure Port enabled, select SAVE.
  11. Select the Deploy Policy workflow menu.
  12. Update the relevant devices.
    Click to expand in new window
9038015-00 Rev AB