Extreme Networks

Walt_Witkowski · ‎02-24-2020

Trying to set a policy on a vlan on an S Series switch/router ingress port (trunk port). This is to prevent these users from accessing other vlans/networks/devices. No NAC involved here. The policy works but it is being applied to everything coming in the port. Both student and employee networks are being restricted.

Zdeněk_Pala · ‎02-24-2020

There are big differences between C3 and S. (not only in price, but also in features/capabilities)

The C3 is very limited on vlan to policy mapping compare to S. If I remember well it was only one mapping per switch on C3.

i do not see any deny rule in the list of commands.

Regards Zdeněk Pala

Walt_Witkowski · ‎02-24-2020

I am testing on a trunk port of a C3 which is connected to a downstream user switch before trying on the cores “S” Series trunk ports. Although it appears to be attached to the ports the deny services do not function. What am I missing. This was set with EMC Policy mngr.

set policy profile 12 name "Assessing" pvid-status enable pvid 0
set policy profile 13 name "Base Services Student"
set policy profile 14 name "Student_Access_Role"
set policy rule admin-profile vlantag 849 admin-pid 14
set policy rule admin-profile vlantag 849 admin-pid 14 port-string ge.1.2

Zdeněk_Pala · ‎02-24-2020

You can assign policy to port

you can assign policy to subnet

you can assign policy to MAC

you can assign policy to Vlan

you can assign policy to authenicated entity (radius/nac)

so I suggest to use either IP to policy mapping or Vlan to policy mapping. You may need to use TCI override.

all is configurable through policy manager or through CLI.

Regards Zdeněk Pala

Extreme Networks

Can a policy be assigned to a vlan on a S series ingress trunk port.

Can a policy be assigned to a vlan on a S series ingress trunk port.