Configuring QoS Configuring Global QoS Parameters
OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008 page 30-17
• Remediation server URL. The qos quarantine path command is used to specify a URL for the reme-
diation server. Note that this done in addition to specifying the server IP address in the “alaException-
Subnet” network group.
• Quarantined Page. When a client is quarantined and a remediation server URL is not configured,
QMR can send a Quarantine Page to notify the client of its quarantined state. To enable or disable the
sending of a Quarantine Page, use the qos quarantine page command.
• HTTP proxy port group. This is a known QoS service group, called “alaHTTPProxy”, that specifies
the HTTP port to which quarantined client traffic is redirected for remediation. The default HTTP port
used is TCP 80 and TCP 8080. To specify a different HTTP port, use the policy service group
command.
Configuring Quarantine Manager and Remediation
When OVQM quarantines clients, the client MAC address is added to the MAC address group on the
LDAP server. QMR pulls the MAC addresses from this group to populate the QoS Quarantined MAC
address group on the switch. At this point, network access for these clients is restricted to communication
with the designated remediation server until their quarantined status is corrected.
When a client has corrected its quarantined state, OVQM updates the MAC address group on the LDAP
server to remove the MAC address of the client. QMR will then restore network access to that same client
the next time QMR checks the LDAP MAC address group.
The following steps provide an example of configuring QMR on the switch:
1 Optional. Configure the name of the MAC address group that will contain quarantined addresses (the
default name is “Quarantined”):
-> qos quarantine mac-group Quarantined
2 Specify the URL for the remediation server:
-> qos quarantine path www.remediate.com
3 Optional. If a remediation server URL is not configured, configure QMR to send a Quarantine Page to
notify the client of its quarantined status:
-> qos quarantine page
4 Add the IP address of the remediation server (required) and any exception subnets (optional) to the
QoS alaExceptionSubnet network group:
-> policy network group alaExceptionSubnet 192.168.1.10 192.169.1.0 mask
255.255.255.0 192.170.1.0 mask 255.255.255.0
5 Optional. Specify an HTTP port (the default is TCP 80 and TCP 8080) for client HTTP redirects:
-> policy service alaHTTPProxy protocol 6 destination ip port 8069
6 Optional. The QMR MAC address group is populated from the same group located on the LDAP
server. However, it is also possible to add addresses to the QMR MAC address group from the switch
CLI:
-> policy mac group Quarantined 00:9a:2d:00:00:10
7 Apply the QMR configuration to the switch:
-> qos apply
To Next Page
Loading...
