Policy Configuration Overview
Fixed Switch Configuration Guide 16-5
QoS configuration details are beyond the scope of this chapter. See Chapter 17, Configuring
Quality of Service in this book for a complete discussion of QoS configuration.
The following example creates a policy profile with a profile-index value of 1, enables CoS
overwrite, and associates with the profile a user configured CoS 8:
System(rw)->set policy profile 1 cos-status enable cos 8
Defining Policy Rules
There are two types of policy rules: admin rules and traffic classification rules.
Admin Rules
An admin rule can be used to map incoming tagged frames to a policy role (profile). There can be
only one admin rule configured globally per system (stack), although other admin rules can be
applied to specific ports. Typically, this rule is used to implement the “User + IP phone” legacy
feature. Refer to“Configuring User + IP Phone Authentication” on page 10-22 for more
information. You would configure a policy profile/role for IP phones (for example, assigning a
high priority and TOS/DSCP), then associate that policy profile with the admin rule, and associate
the admin rule with the desired ports. Users authenticating over the same port will typically use a
dynamically assigned policy role (see “Applying Policies Dynamically” on page 16-8).
Admin rules are supported only when the port’s number of authenticated users is set to 2 or
greater for multi-user authentication. (Refer to “Multi-User Authentication” on page 10-4.)
Table 16-1 lists the parameters used to create an admin rule.
The following example creates an admin rule that maps frames tagged for VLAN 100 ingressing
on ports ge.1.1 through ge.1.4 to policy profile 10. Ports ge.1.1 through ge.1.4 will also be set as
tagged egress ports for VLAN 100.
System(su)->set policy rule admin-profile vlantag 100 admin-pid 10 port-string
ge.1.1-4
Traffic Classification Rules
A policy traffic classification rule has two main parts: Traffic Description or classification, and
Actions. The Traffic Description identifies the type of traffic to which the rule will apply. Actions
specify whether that traffic will be dropped or forwarded, or have a CoS applied to it.
On the Fixed Switch platforms, for the ether type classification type only, an additional action is to
assign the traffic to a VLAN if the port’s number of users is set to 1 for multi-user authentication
(refer to “Multi-User Authentication” on page 10-4).
Table 16-2 provides the supported policy rule traffic classification command options and
definitions for the Fixed Switches.
A detailed discussion of supported traffic classifications is available in the “Traffic Classification
Rules” section of the NetSight Policy Manager online help.
Table 16-1 Admin Rule Parameters
Parameter Description
vlantag vlan-id Specifies the VLAN tag used to classify traffic.
admin-pid profile-index Specifies the policy profile to apply to the classified traffic.
port-string port-string Optionally assigns the VLAN-to-policy mapping rule to the specified ports and
also sets those ports as tagged egress ports for the VLAN.
To Next Page
Loading...
Need help?
General