Specifications

ManualsBrandsEnterasys ManualsComputer equipmentN Standalone (NSA) Series

211

212

213

214

215

216

217

218

219

220

Policy Configuration Example

May 18, 2009 Page 24 of 32

Forthisconfigurationexample,CoSrelatedconfigurationwillbespecifiedasafinalCoS.For

detailsonconfiguringCoS,seetheQoSConfigurationfeatureguidelocatedat

http://secure.enterasys.com/support/manuals/.

Configuring Guest Policy on Edge Platforms

Alledgeportswillbesetwithadefaultguestpolicyusingthesetpolicyportcommand.This

guestpolicyprovidesforaninternetonlyaccesstothenetwork.Usersonallportswillattemptto

authenticate.Iftheauthenticationsucceeds,the policyreturnedbyauthenticationor, inthecaseof



theN3configuration,themaptablesetting,overridesthedefaultportpolicysetting.If

authenticationfails,theguestpolicyisused.OntheN3 ,fiveportsareusedbyPCsatlocations

throughoutthecampus,suchasthelibrary,toprovideaccesstotheinternet.ThePCsattachedto

thesefive

portswillauthenticatewiththeguestpolicyrole.Publicfacingserviceswouldalsobe

configuredforgueststatusinaschoolorenterprisescenario.Publicfacingservicesarenotpartof

thisexample.

Configuring the Policy Role

Theguestroleisconfiguredwith:

•Aprofile‐indexvalueof1

•Anameofguest

•APVIDsetto0

•ACoSsetto4

Createtheguestpolicyprofileonallplatforms:

Enterasys(rw)->set policy profile 1 name guest pvid-status enable pvid 0

cos-status enable cos 4

Assigning Traffic Classification Rules

ForcaseswherediscoverymusttakeplacetoassignanIPaddress,DNSandDHCPtrafficmustbe

allowed.ForwardingoftrafficisallowedonUDPsourceport68(IPaddressrequest)andUDP

destinationports53(DNS)and67(DHCP).

Enterasys(rw)->set policy rule 1 udpsourceport 68 mask 16 forward

Enterasys(rw)->set policy rule 1 udpdestportIP 53 mask 16 forward

Enterasys(rw)->set policy rule 1 udpdestportIP 67 mask 16 forward

Guestpolicyallowsinternettraffic.TCPdestinationPorts80,8080,and443willbeallowedtraffic

forwarding.

Enterasys(rw)->set policy rule 1 tcpdestportIP 80 mask 16 forward

Enterasys(rw)->set policy rule 1 tcpdestportIP 443 mask 16 forward

Enterasys(rw)->set policy rule 1 tcpdestport 8080 mask 16 forward

Note: CLI command prompts used in this configuration example have the following meaning:

• Enterasys(rw)-> - Input on all platforms used in this example.

• C3(rw)-> - Input on all SecureStack C3 switches.

• StudentC3-> - Input on the student SecureStack C3.

• FacultyC3-> - Input on the faculty SecureStack C3.

• ServicesN3(rw)-> - Input on the services N-Series N3.

• DistributionN5(rw)-> - Input on the distribution N-Series N5.