Enterasys C5 dynamic policy role/vlan assignment
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-15-2015 05:44 PM
How do I configure Enterasys C5 dynamic policy role/vlan assignment for 3com IP Phone?
Basically what I need to happen is vlan 150 to be assigned as untagged and vlan 120 (voice vlan) assigned as tagged. The problem I am having is that vlan 150 although showing as untagged does not show up as the FID when entering the command show mac port ge.X.X. Anyone guidance would be much appreciated!
Basically what I need to happen is vlan 150 to be assigned as untagged and vlan 120 (voice vlan) assigned as tagged. The problem I am having is that vlan 150 although showing as untagged does not show up as the FID when entering the command show mac port ge.X.X. Anyone guidance would be much appreciated!
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-15-2015 07:21 PM
To add to James comments, you will need to also run the command Set multiAuth port numusets users to 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-15-2015 07:21 PM
Matt,
show vlanauthorization does indeed seem to only show the untagged port information. Do a
show port egress ge.x.y which should tell you all the VLANs associated with that port.
Likewise show port vlan ge.x.y only tell you about the default (untagged ) VLAN.
show mac port ge.x.y should should you the MAC of both the phone and data device, unless of course they haven't talked or the bridging table timed out.
When I did a show mac port, I actually saw 3 entries for a phone plus data. The phone, for whatever reason popped up on both VLANs. I don't understand why
since the phone itself shouldn't be talking to that VLAN. You might try changing your set multiauth port numusers 2 to 3 just incase you are seeing the same thing and the switch is dumping the 3rd entry, which in my case was the VOIP VLAN.
James
show vlanauthorization does indeed seem to only show the untagged port information. Do a
show port egress ge.x.y which should tell you all the VLANs associated with that port.
Likewise show port vlan ge.x.y only tell you about the default (untagged ) VLAN.
show mac port ge.x.y should should you the MAC of both the phone and data device, unless of course they haven't talked or the bridging table timed out.
When I did a show mac port, I actually saw 3 entries for a phone plus data. The phone, for whatever reason popped up on both VLANs. I don't understand why
since the phone itself shouldn't be talking to that VLAN. You might try changing your set multiauth port numusers 2 to 3 just incase you are seeing the same thing and the switch is dumping the 3rd entry, which in my case was the VOIP VLAN.
James
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-15-2015 07:21 PM
Here is some food for thought from GTAC Knowledge, in answer to the two questions...
Execution Sequence for EOS Policy Rules
How to Configure EOS Policy to Deny all other traffic after Permitting only certain traffic
These were written for the EOS Modular (S/N/K/7100) products. The policy command set is slightly more limited with the EOS C5-Series, in that for instance the lowest precedence rule type is "VLANTag" rather than "Port" ('
Execution Sequence for EOS Policy Rules
How to Configure EOS Policy to Deny all other traffic after Permitting only certain traffic
These were written for the EOS Modular (S/N/K/7100) products. The policy command set is slightly more limited with the EOS C5-Series, in that for instance the lowest precedence rule type is "VLANTag" rather than "Port" ('
code:
<show policy profile
code:
>'), and VLAN assignment is restricted unless numusers=1 ('profile_ID
code:
'). But it's sufficiently similar to provide guidance.
show policy capability
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-15-2015 07:21 PM
Matt,
That is great news.
As for the policy order, I believe they are executed sequentially, top to bottom, so you want to put any "allows" first, then end with the "deny all".
James
That is great news.
As for the policy order, I believe they are executed sequentially, top to bottom, so you want to put any "allows" first, then end with the "deny all".
James
