Specifications

ManualsBrandsEnterasys ManualsComputer equipmentN Standalone (NSA) Series

211

212

213

214

215

216

217

218

219

220

Policy Configuration Example

May 18, 2009 Page 25 of 32

ARPforwardingisrequiredonetherport0x806.

Enterasys(rw)->set policy rule 1 ether 0x806 mask 16 forward

Assigning the Guest Policy Profile to All Edge Ports

AssigntheguestpolicyprofiletoallSecureStackandN3edgeports.

Enterasys(rw)->set policy port ge.*.1-47 1

Configuring Policy for the Edge Student SecureStack C3

Configuring the Policy Role

Thestudentroleisconfiguredwith:

•Aprofile‐indexvalueof2

•Anameofstudent

•AportVLANof10

•ACoSof8

CreateapolicyrolethatappliesaCoS8todataVLAN10andconfiguresittorate‐limittrafficto

1Mwithamoderatepriorityof5.

StudentC3(rw)->set policy profile 2 name student pvid-status enable pvid 10

cos-status enable cos 8

Assigning Hybrid Authentication

ConfiguretheRADIUSserveruseraccountswiththeappropriatetunnelinformationusingVLAN

authorizationandpolicyfilter‐IDforstudentrolemembersanddevices.Enablehybrid

authentication,allowingtheswitchtouseboththefilter‐IDandtunnelattributesintheRADIUS

responsemessage.SetaVLAN‐to‐policymapping as

backupincasetheresponsedoesnotinclude

theRADIUSfilter‐IDattribute.ThismappingisignoredifRADIUSfilter‐IDattributeispresentin

theRADIUSresponsemessage.

StudentC3(rw)->set policy maptable response both

StudentC3(rw)->set policy maptable 10 2

Assigning Traffic Classification Rules

ForwardtrafficonUDPsourceportforIPaddressrequest(68),andUDPdestinationportsfor

protocolsDHCP(67)andDNS(53).DroptrafficonUDPsourceportsforprotocolsDHCP(67)and 

DNS(53).DroptrafficforprotocolsSNMP(161),SSH(22),Telnet(23)andFTP(20and21)on

both

thedataandphoneVLANs.

StudentC3(rw)->set policy rule 2 udpsourceport 68 mask 16 forward

StudentC3(rw)->set policy rule 2 udpdestport 67 mask 16 forward

StudentC3(rw)->set policy rule 2 udpdestport 53 mask 16 forward

StudentC3(rw)->set policy rule 2 udpsourceportIP 67 mask 16 drop

StudentC3(rw)->set policy rule 2 udpsourceportIP 53 mask 16 drop

StudentC3(rw)->set policy rule 2 udpdestportIP 16 mask 16 drop

StudentC3(rw)->set policy rule 2 tcpdestportIP 22 mask 16 drop

StudentC3(rw)->set policy rule 2 tcpdestportIP 23 mask 16 drop

StudentC3(rw)->set policy rule 2 tcpdestportIP 20 mask 16 drop

StudentC3(rw)->set policy rule 2 tcpdestportIP 21 mask 16 drop