Configuring Application Monitoring and Enforcement Configuring AppMon
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 29-11
Configuration Guidelines
Review the guidelines in this section before configuring AppMon on the OmniSwitch.
• AppMon works on an application level and not on individual application events/operations. On
configuring an application, all associated events are considered for application monitoring and
enforcement.
• Supports only IP traffic (TCP or UDP).
• AppMon must not be configured on user ports and uplink ports at the same time.
• AppMon does not support link aggregate interface. AppMon is supported at individual port level only.
Also, port will not be allowed to be configured in the link aggregate if AppMon is enabled on the port.
• AppMon configuration is not allowed on Virtual Fabric Link, ERP, VLAN stacking, SPB, or port
mirroring ports.
• Does not support tunneled traffic, encrypted traffic, and fragmented traffic (supported only if initial
fragmented packet contains the signature).
• Software policy lookup considers AppMon enforcement specific policies for a given application name
only when it is part of an active application list. In case of policy configured both for application and
application group where same application is part, policy will be selected based on what is configured in
the active application list. Active application list allows only one application at a time, either directly
added in the application list or added through an application group.
• Application enforcement cannot be provided to IP flows which moves between NIs (due to link
aggregate, STP block scenario, or L3 ECMP group configuration).
• If an AppMon flow is detected on a UNP port, then AppMon UNP policy list is applied to the flow. If
UNP policy list is not configured, then default QoS policy list is applied. For non-UNP ports, default
QoS policy list is applied. The show unp user details command displays the list of enforcement
applications used by the UNP user. For example:
-> show unp user details
Port: 4/1/6
MAC-Address: 00:80:9f:a0:65:94
Access Timestamp = 02/18/2014 04:42:33,
User Name = 00:80:9f:a0:65:94,
IP-Address = 25.1.1.25,
Vlan = 25,
Authentication Type = Mac,
Authentication Status = Authenticated,
Authentication Failure Reason = -,
Authentication Retry Count = 0,
Authentication Server IP Used = 135.254.163.143,
Authentication Server Used = cppm,
Server Reply-Message = -,
Profile = UNP-device,
Profile Source = Auth - Pass - Server UNP,
Profile From Auth Server = UNP-device,
Classification Profile Rule = -,
Role = pl3,
Role Source = L2-Profile,
User Role Rule = -,
Restricted Access = No,
Location Policy Status = -,
Time Policy Status = -,
To Next Page
Loading...
