Policy Configuration Example
Fixed Switch Configuration Guide 16-15
Configuring Guest Policy on Edge Platforms
All edge ports will be set with a default guest policy using the set policy port command. This
guest policy provides for an internet-only access to the network. Users on all ports will attempt to
authenticate. If the authentication succeeds, the policy returned by authentication overrides the
default port policy setting. If authentication fails, the guest policy is used.
Configuring the Policy Role
The guest role is configured with:
• A profile-index value of 1
• A name of guest
• A PVID set to 0 (deny all traffic)
• A CoS set to 4 (note that CoS has previously been configured)
Create the guest policy profile on all platforms:
Enterasys(rw)->set policy profile 1 name guest pvid-status enable pvid 0
cos-status enable cos 4
Assigning Traffic Classification Rules
For cases where discovery must take place to assign an IP address, DNS and DHCP traffic must be
allowed. Forwarding of traffic is allowed on UDP source port 68 (IP address request) and UDP
destination ports 53 (DNS) and 67 (DHCP).
Enterasys(rw)->set policy rule 1 udpsourceport 68 mask 16 forward
Enterasys(rw)->set policy rule 1 udpdestport 53 mask 16 forward
Enterasys(rw)->set policy rule 1 udpdestport 67 mask 16 forward
Guest policy allows internet traffic. TCP destination Ports 80, 8080, and 443 will be allowed traffic
forwarding.
Enterasys(rw)->set policy rule 1 tcpdestport 80 mask 16 forward
Enterasys(rw)->set policy rule 1 tcpdestport 443 mask 16 forward
Enterasys(rw)->set policy rule 1 tcpdestport 8080 mask 16 forward
ARP forwarding is required on ether port 0x806.
Enterasys(rw)->set policy rule 1 ether 0x806 mask 16 forward
Assigning the Guest Policy Profile to All Edge Ports
Assign the guest policy profile to all Fixed Switch and Services Edge Switch ports.
Enterasys(rw)->set policy port ge.*.* 1
Configuring Policy for the Edge Student Fixed Switch
Configuring the Policy Role
The student role is configured with:
• A profile-index value of 2
• A name of student
• A port VLAN of 10
Note: The CLI configuration for the Services Edge Switch is not presented here. Refer to the
S-Series Configuration Guide for that information.
To Next Page
Loading...
Need help?
General