cancel
Showing results for 
Search instead for 
Did you mean: 

Enterasys C5 dynamic policy role/vlan assignment

Enterasys C5 dynamic policy role/vlan assignment

Matt_Dillion
New Contributor III
How do I configure Enterasys C5 dynamic policy role/vlan assignment for 3com IP Phone?
Basically what I need to happen is vlan 150 to be assigned as untagged and vlan 120 (voice vlan) assigned as tagged. The problem I am having is that vlan 150 although showing as untagged does not show up as the FID when entering the command show mac port ge.X.X. Anyone guidance would be much appreciated!

9 REPLIES 9

Jason_Parker
Contributor
To add to James comments, you will need to also run the command Set multiAuth port numusets users to 2

Matt,
show vlanauthorization does indeed seem to only show the untagged port information. Do a

show port egress ge.x.y which should tell you all the VLANs associated with that port.
Likewise show port vlan ge.x.y only tell you about the default (untagged ) VLAN.

show mac port ge.x.y should should you the MAC of both the phone and data device, unless of course they haven't talked or the bridging table timed out.

When I did a show mac port, I actually saw 3 entries for a phone plus data. The phone, for whatever reason popped up on both VLANs. I don't understand why
since the phone itself shouldn't be talking to that VLAN. You might try changing your set multiauth port numusers 2 to 3 just incase you are seeing the same thing and the switch is dumping the 3rd entry, which in my case was the VOIP VLAN.
James

Here is some food for thought from GTAC Knowledge, in answer to the two questions...

Execution Sequence for EOS Policy Rules
How to Configure EOS Policy to Deny all other traffic after Permitting only certain traffic

These were written for the EOS Modular (S/N/K/7100) products. The policy command set is slightly more limited with the EOS C5-Series, in that for instance the lowest precedence rule type is "VLANTag" rather than "Port" ('
code:
show policy profile
<
code:
profile_ID
>'), and VLAN assignment is restricted unless numusers=1 ('
code:
show policy capability
'). But it's sufficiently similar to provide guidance.

Matt,
That is great news.
As for the policy order, I believe they are executed sequentially, top to bottom, so you want to put any "allows" first, then end with the "deny all".
James

GTM-P2G8KFN