Policy Configuration Example
Fixed Switch Configuration Guide 16-17
destination ports for protocols DHCP (67) and DNS (53) on the phone VLAN, to facilitate phone
auto configuration and IP address assignment.
Fixed Switch(rw)->set policy rule 3 udpdestport 161 mask 16 drop
Fixed Switch(rw)->set policy rule 3 tcpdestport 22 mask 16 drop
Fixed Switch(rw)->set policy rule 3 tcpdestport 23 mask 16 drop
Fixed Switch(rw)->set policy rule 3 tcpdestport 20 mask 16 drop
Fixed Switch(rw)->set policy rule 3 tcpdestport 21 mask 16 drop
Fixed Switch(rw)->set policy rule 3 udpsourceport 68 mask 16 forward
Fixed Switch(rw)->set policy rule 3 udpdestport 67 mask 16 forward
Fixed Switch(rw)->set policy rule 3 udpdestport 53 mask 16 forward
Configuring Dynamic Policy Assignment
Configure the RADIUS server user accounts with the appropriate policy Filter-ID for phoneFS role
members and devices. When a phone authenticates through the RADIUS server, the name of the
phoneFS policy is returned in the RADIUS Access-Accept response message and that policy is
applied by the switch to the phone device.
Configuring Policy for the Edge Faculty Fixed Switch
Configuring the Policy Role
The faculty role is configured with:
• A profile-index value of 4
• A name of faculty
• A port VLAN of 10
•A CoS of 8
Create a policy role that applies a CoS 8 to data VLAN 10 and configures it to rate-limit traffic to
200,000 kbps with a moderate priority of 5.
FacultyFS(rw)->set policy profile 4 name faculty pvid-status enable pvid 10
cos-status enable cos 8
Assigning Traffic Classification Rules
Forward traffic on UDP source port for IP address request (68), and UDP destination ports for
protocols DHCP (67) and DNS (53). Drop traffic on UDP source ports for protocols DHCP (67) and
DNS (53). Drop traffic for protocols SNMP (161), SSH (22), Telnet (23) and FTP (20 and 21) on both
the data and phone VLANs.
FacultyFS(rw)->set policy rule 4 udpsourceport 68 mask 16 forward
FacultyFS(rw)->set policy rule 4 udpdestport 67 mask 16 forward
FacultyFS(rw)->set policy rule 4 udpdestport 53 mask 16 forward
FacultyFS(rw)->set policy rule 4 udpsourceport 67 mask 16 drop
FacultyFS(rw)->set policy rule 4 udpsourceport 53 mask 16 drop
FacultyFS(rw)->set policy rule 4 udpdestport 16 mask 16 drop
FacultyFS(rw)->set policy rule 4 tcpdestport 22 mask 16 drop
FacultyFS(rw)->set policy rule 4 tcpdestport 23 mask 16 drop
FacultyFS(rw)->set policy rule 4 tcpdestport 20 mask 16 drop
FacultyFS(rw)->set policy rule 4 tcpdestport 21 mask 16 drop
Faculty should only be allowed access to the services server (subnet 10.10.50.0/24) and the faculty
server (subnet 10.10.70.0/24) and should be denied access to the administrative server (subnet
10.10.60.0/24).
FacultyFS(rw)->set policy rule 4 ipdestsocket 10.10.60.0 mask 24 drop
To Next Page
Loading...
Need help?
General