Specifications
Policy Configuration Example
May 18, 2009 Page 23 of 32
Basic Edge
Protocolsnotappropriatetotheedgeshouldbeblocked.ForthisexamplewewillblockDHCP,
DNS,SNMP,SSH,TelnetandFTPattheedgeonthedataVLAN.Wewillforwarddestinationport
DHCPandDNSandsourceportforIPaddressrequesttofacilitateautoconfigurationandIP
address
assignment.SeeBlockingNon‐EdgeProtocolsattheEdgeNetworkLayeronpage 11fora
listingofprotocolsyoushouldconsiderblockingattheedge.
Standard Edge
Platformssupportingstandardpolicywillberate‐limitedusingaconfiguredCoSthatwillbe
appliedtothestudentandfaculty,andphoneSSpolicyroles.Thoughlistedasanenhancedpolicy
feature,theSecureStackC3supportsthe hybridauthenticationenhancedpolicycapability.Hybrid
authenticationwillbeenabled.
Premium Edge
Platformssupportingenhancedpolicywillberate ‐limitedusingaconfiguredCoSthatisapplied
totheservicesandphoneN3policyrole.Thepremiumedgewillbeenabledforthefollowing
enhancedpolicycapabilities:
•PolicyAccounting
•Syslogruleusageenabledandsettomachine‐readable
•Invalidpolicyactionsettodrop
•TCIoverwrite
enabled
Premium Distribution
Thedistributionlayerswitchrouterwillberate‐limitedusingaconfiguredCoS.Premium
distributionwillbeenabledforthefollowingenhancedpolicycapabilities:
•PolicyAccounting
•SyslogRuleUsageenabledandsettomachine‐readable
•Invalidpolicyactionsettodrop
•TCIoverwriteenabled
Platform Configuration
ThissectionwillprovidetheCLIbasedpolicyconfigurationonthefollowingplatforms:
•StudentSecureStackC3
•FacultySecureStackC3
•ServicesN3
• DistributionSwitch
InCLImode,configurationtakesplaceoneachplatform.WhenusingtheNetSightPolicy
Manager,configurationtakesplaceatacentrallocationandispushedouttotheappropriate
network
devices.