Specifications

ManualsBrandsEnterasys ManualsComputer equipmentN Standalone (NSA) Series

201

202

203

204

205

206

207

208

209

210

Policy Overview

May 18, 2009 Page 12 of 32

Standard and Enhanced Policy Considerations

ThissectionitemizesadditionalpolicyconsiderationsfortheSecureStackandstandalone

platforms,andprovidesatablecross‐referencingstandardandenhancedpolicycapabilityand

policycapabilitytotrafficclassificationrules.

NotallSecureStackplatformssupportpolicy.OnsomeSecureStackandstandaloneplatforms

policysupportrequiresapurchasedlicense.Seethefirmware

releasenotesthatcomewithyour

deviceforpolicysupportandlicenserequirementsdetails.

Table 3providesalistingofpolicycapabilitiesbystandardandenhancedsupportlevel.Standard

policycapabilitiesarefurthergranulatedbasedupontrafficclassificationsupport.See Table 4on

page 13foracross‐referenceoftrafficclassificationtopolicy

capabilitysupport.

Web Server Protocol Stop malicious proxies and application-layer attacks by ensuring

only the right Web servers can connect from the right location at

the right time, by blocking HTTP on the source port for this device.

Legacy Protocols If IPX, AppleTalk, DECnet or other protocols should no longer be

running on your network, prevent clients from using them. Some

organizations even take the approach that unless a protocol is

specifically allowed, all others are denied.

Table 2 Non-Edge Protocols (continued)

Protocol Policy Effect

Table 3 Standard and Enhanced Policy Capability Cross-Reference

Policy Support Level Policy Capability

Standard

• Dynamic PID Assign Rule - The ability to dynamically assign a policy

based upon a traffic classification (Standard policy is limited to the

port-string traffic classification). See Dynamic in Tab le 4 .

• Admin PID Assign Rule - The ability to administratively assign a policy

based upon a traffic classification (Standard policy is limited to the

port-string traffic classification). See Admin in Table 4.

• VLAN Forwarding - The ability to assign a forwarding VLAN rule. (Standard

policy is limited to the Ether II packet type and port-string classification

rules). See VLAN in Table 4.

• Deny - The ability to assign a drop traffic rule. See Drop in Table 4.

• Permit - The ability to assign a forward traffic rule. See Forward in Table 4.

• CoS Assign Rule - The ability to assign a CoS rule. See CoS in Table 4.

• Priority - The ability to assign traffic priority using a CoS assignment. See

CoS in Table 4.

• Longest Prefix Rules - The ability to always look at the highest bit mask for

an exact traffic classification match.

• VLAN Assign Rule - The ability to assign rules based upon the ingress

VLAN. (TCI overwrite must be enabled on DFE blades).