Marki
2013-08-30 08:46:10 UTC
Hi,
a few years ago I started digging around the Policy Manager and the NAC.
However, nothing was ever put into place.
Now the need for it starts getting more real.
Now I'd like to configure at least some small things manually:
Let's start small with the following profile:
1) Certain MAC ranges put the port into VLAN X.
2) Else put port into VLAN Y.
I've tried this on the console.
set policy profile 1 name GUEST pvid-status enable pvid Y untagged-vlans Y
set policy rule 1 macsource 00-12-34-00-00-00/24 vlan X
Showstopper right there.
Apparently, the vlan/macsource combo is not allowed. (C3)
Was that attempt correct?
Would you also remind me what the actual NAC appliance does when you do only
stuff like deciding using a MAC address what's done with the port and what's
not (like in my example)? Does it more than push a policy to the switch as I
have done above?
Bye,
Marki
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org
a few years ago I started digging around the Policy Manager and the NAC.
However, nothing was ever put into place.
Now the need for it starts getting more real.
Now I'd like to configure at least some small things manually:
Let's start small with the following profile:
1) Certain MAC ranges put the port into VLAN X.
2) Else put port into VLAN Y.
I've tried this on the console.
set policy profile 1 name GUEST pvid-status enable pvid Y untagged-vlans Y
set policy rule 1 macsource 00-12-34-00-00-00/24 vlan X
Showstopper right there.
Apparently, the vlan/macsource combo is not allowed. (C3)
Was that attempt correct?
Would you also remind me what the actual NAC appliance does when you do only
stuff like deciding using a MAC address what's done with the port and what's
not (like in my example)? Does it more than push a policy to the switch as I
have done above?
Bye,
Marki
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org