Enterasys SecureStack C2 C2G170-24

To Next Page

To Previous Page

set policy rule

11-12 Policy Classification Configuration

Usage

Anadminrulecanbeusedtomapincomingtaggedframestoapolicyrole(profile).Therecanbe

onlyoneadminruleconfiguredpersystem(stack).Typically ,thisruleisusedtoimplementthe

“User+IPphone”feature.Referto“ConfiguringMulti‐UserAuthentication(User+IPphone)”

on

page 23‐33formoreinformation.Youwouldconfigureapolicyprofile/roleforIPphones(for

example,assigningthetraffictoa“voice”VLAN),thenassociatethatpolicyprofilewiththe

adminrule,andassociatetheadminrulewiththedesired ports.Usersauthenticatingoverthe

sameportwilltypically

useadynamicallyassignedpolicyrole.

Apolicyclassificationrulehastwomainparts:TrafficDescriptionandActions.TheTraffic

Descriptionidentifiesthetypeoftraffictowhichtherulewillpertain.Actionsspecifywhether

thattrafficwillbeassignedclassofservice,assignedtoaVLAN,orboth.

Table 11‐3provides

thesetpolicyruledatavaluesthatcanbeenteredforaparticularparameter, 

andthemaskbitsthatcanbeenteredforeachclassifierassociatedwiththatparameter.

Examples

ThisexampleshowshowtouseTable 11‐3toassignaruletopolicyprofile3thatwillfilter

EthernetIIType1526framestoVLAN7:

C2(su)->set policy rule 3 ether 1526 vlan 7

ThisexampleshowshowtouseTable 11‐3toassignaruletopolicyprofile5thatwillforward

UDPpacketsfromsourceport45:

C2(su)->set policy rule 5 udpportsource 45 forward

Table 11-3 Valid Values for Policy Classification Rules

Classification Rule Parameter data value mask bits

ether Type field in Ethernet II packet:

1536 - 65535 or 0x600 - 0xFFFF

Not applicable.

icmptype ICMP Type: a.b Not applicable.

ipproto Protocol field in IP packet:

0 - 255 or 0 - 0xFF

Not applicable.

Destination or Source IP Address:

ipdestsocket

ipsourcesocket

IP Address in dotted decimal

format: 000.000.000.000 and

(Optional) post-fixed port: 0 -

65535

1 - 48

iptos Type of Service field in IP packet:

0 - 252 or 0 - 0xFC

Not applicable.

Destination or Source MAC:

macdest

macsource

MAC Address: 00-00-00-00-00-

1 - 48

Destination or Source TCP port:

tcpdestport

tcpsourceport

TCP Port Number:

0 - 65535 or 0 - 0xFFFF

1 - 16

Destination or Source UDP port:

udpsourceport

udpdestport

UDP Port Number:

0 - 65535 or 0 - 0xFFFF

1 - 16

vlantag VLAN tag: 1- 4094 Not applicable.

Main Page

Table of Contents

Other manuals for Enterasys SecureStack C2 C2G170-24

Related product manuals