This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enterasys C5 dynamic policy role/vlan assignment

Enterasys C5 dynamic policy role/vlan assignment

Matt_Dillion
New Contributor III

‎04-15-2015 05:44 PM

How do I configure Enterasys C5 dynamic policy role/vlan assignment for 3com IP Phone?
Basically what I need to happen is vlan 150 to be assigned as untagged and vlan 120 (voice vlan) assigned as tagged. The problem I am having is that vlan 150 although showing as untagged does not show up as the FID when entering the command show mac port ge.X.X. Anyone guidance would be much appreciated!

0 Kudos
9 REPLIES 9

Jason_Parker
Contributor

‎04-15-2015 07:21 PM

To add to James comments, you will need to also run the command Set multiAuth port numusets users to 2
0 Kudos

JAMES_WIEDEL
New Contributor II
In response to Jason_Parker

‎04-15-2015 07:21 PM

Matt,
show vlanauthorization does indeed seem to only show the untagged port information. Do a

show port egress ge.x.y which should tell you all the VLANs associated with that port.
Likewise show port vlan ge.x.y only tell you about the default (untagged ) VLAN.

show mac port ge.x.y should should you the MAC of both the phone and data device, unless of course they haven't talked or the bridging table timed out.

When I did a show mac port, I actually saw 3 entries for a phone plus data. The phone, for whatever reason popped up on both VLANs. I don't understand why
since the phone itself shouldn't be talking to that VLAN. You might try changing your set multiauth port numusers 2 to 3 just incase you are seeing the same thing and the switch is dumping the 3rd entry, which in my case was the VOIP VLAN.
James

0 Kudos

Paul_Poyant
New Contributor III
In response to Jason_Parker

‎04-15-2015 07:21 PM

Here is some food for thought from GTAC Knowledge, in answer to the two questions...

Execution Sequence for EOS Policy Rules
How to Configure EOS Policy to Deny all other traffic after Permitting only certain traffic

These were written for the EOS Modular (S/N/K/7100) products. The policy command set is slightly more limited with the EOS C5-Series, in that for instance the lowest precedence rule type is "VLANTag" rather than "Port" ('
code:
show policy profile
<
code:
profile_ID
>'), and VLAN assignment is restricted unless numusers=1 ('
code:
show policy capability
'). But it's sufficiently similar to provide guidance.
0 Kudos

JAMES_WIEDEL
New Contributor II
In response to Jason_Parker

‎04-15-2015 07:21 PM

Matt,
That is great news.
As for the policy order, I believe they are executed sequentially, top to bottom, so you want to put any "allows" first, then end with the "deny all".
James

0 Kudos
GTM-P2G8KFN