Specifications

ManualsBrandsEnterasys ManualsComputer equipmentN Standalone (NSA) Series

201

202

203

204

205

206

207

208

209

210

Policy Overview

May 18, 2009 Page 7 of 32

•Appliesboththefilter‐IDandtheVLANtunnelattributesifallattributesexist

Ifallattributesexist,thefollowingrulesapply:

•Thepolicyrolewillbeenforced,withtheexceptionthatany portPVIDspecifiedintherole

willbereplacedwiththeVLANtunnelattributes

•Thepolicymapisignored

becausethepolicyroleisexplicitlyassigned

•VLANclassificationrulesareassignedasdefinedbythepolicyrole

vlanauthorizationmustbeenabledortheVLANtunnelattributesareignoredandthedefault

VLANisused.PleaseseetheConfiguringUserAuthenticationfeatureguidelocat edat

http://secure.enterasys.com/support/manuals/foracompleteVLANAuthorizationdiscussion.



HybridModesupporteliminatesthedependencyofVLAN assignmentbasedonroles.Asa

result,VLANscanbeassignedviathetunnel‐private‐group‐ID,asdefinedperRFC3580,while

assigningrolesviathefilter‐ID.Thisseparationgivesadministratorsmoreflexibilitytosegment

theirnetworksforefficiencybeyondthe

rolelimitsassociatedwiththeB3,C3,andG3platforms.

Device Response to Invalid Policy

Enhanced Policy

Theactionthatthedeviceshouldtakewhenaskedtoapplyaninvalidorunknownpolicycanbe

specified.Theavailableactionsare:

• Ignoretheresultandsearchforthenextpolicyassignmentrule.Ifallrulesaremissed,the

defaultpolicyisapplied.

•Blocktraffic

•Forwardtrafficasifnopolicy

hasbeenassignedusing802.1D/Qrules

Usethesetpolicyinvalidactioncommandtospecifyadefaultactiontotakewhenaskedtoapply

aninvalidorunknownpolicy.

Classification Rules

Classificationrulesassociatespecifictrafficclassificationsorpolicybehaviorswiththepolicyrole.

Therearetwoaspectsofclassificationruleconfiguration:

•Theassociationofatrafficclassificationwithapolicyrolebyassigningthetrafficclassification

toanadministrativeprofile.

•Theassignmentofpolicyrulesthatdefinedesiredpolicybehaviorsfor

thespecifiedtraffic

classificationtype.

Boththeadministrativeprofileandpolicyrulesareassociatedwiththepolicyrolebyspecifying

theadmin‐pidoption,inthecaseofanadministrativeprofile,oraprofile‐indexvalue,inthecase

ofthepolicyrule.Administrativeprofilesandpolicyrulesareconfigured

usingthe setpolicyrule

command.

Theadministrativeprofileassignsatrafficclassificationtoapolicyrolebyusingthe

admin‐profileoptionofthesetpolicyrulecommand.

Note: Standard policy supports the VLAN tag traffic classification for administrative profiles. All

other traffic classifications are enhanced policy in an administrative profile context. See Table 1 for

a listing of supported traffic classifications.