Roles
The example defines the following roles:
- guest – Used as the default policy for all unauthenticated ports. Connects a PC to the
network providing internet only access to the network. Provides guest access to a limited
number of the edge switch ports to be used specifically for internet only access. Policy is
applied using the port level default configuration, or by authentication, in the case of the
Services Edge Switch port internet only access PCs.
- student – Connects a dorm room PC to the network through a “Student”
Fixed Switch port. A configured CoS (Class of Service) rate limits the PC. Configured rules deny
access to administrative and faculty servers. The PC authenticates using RADIUS (Remote Authentication Dial In User Service). Hybrid authentication is
enabled. The student policy role is applied using the filter-ID attribute. The base
VLAN (Virtual LAN) is applied using the tunnel attributes returned in the
RADIUS response message. If all rules are missed, the settings configured in the student policy
profile are applied.
- phoneFS – Connects a dorm room or faculty office VoIP phone to the network using a stackable
fixed switch port. A configured CoS rate limits the phone and applies a high priority. The
phone authenticates using RADIUS. Hybrid authentication is enabled. Policy is applied using the
filter-ID returned in the RADIUS response message. The base VLAN is applied using the tunnel
attributes returned in the RADIUS response message. If all rules are missed, the settings
configured in the phoneFS policy profile are applied.
- faculty – Connects a faculty office PC to the network through a “Faculty” Fixed Switch port.
A configured CoS rate limits the PC. A configured rule denies access to the administrative
servers. The PC authenticates using RADIUS. Hybrid authentication is enabled. The faculty
policy role is applied using the filter-ID attribute. The base VLAN is applied using the tunnel
attributes returned in the RADIUS response message for the authenticating user. If all rules
are missed, the settings configured in the faculty policy profile are applied.
- phoneES – Connects a services VoIP phone to the network using a Services Edge Switch port. A
configured CoS rate limits the phone for both setup and payload, and applies a high priority.
The phone authenticates using RADIUS. Tunnel authentication is enabled. The base VLAN is
applied using the tunnel attributes returned in the RADIUS response message. Policy is applied
using a maptable configuration. If all rules are missed, the settings configured in the phoneES
policy profile are applied.
- services – Connects a services PC to the network through the Services
Edge Switch port. A configured CoS rate limits the PC. Services are denied access to both the
student and faculty servers. The PC authenticates using RADIUS. The base VLAN is applied using
the tunnel attributes returned in the RADIUS response message for the authenticating user. The
services policy role is applied using a policy maptable setting. The policy invalid action and
TCI overwrite are enabled for this role. If all rules are missed, the settings configured in
the services policy profile are applied.
- distribution – The Distribution policy role is applied at the Distribution Switch providing
rate limiting.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB