Create a policy role that applies a CoS 8 to data VLAN 10 and configures it to rate-limit traffic to 1M with a moderate priority of 5.
StudentFS->configure policy profile 2 name student pvid-status enable pvid 10 cos-status enable cos 8
Configure the RADIUS (Remote Authentication Dial In User Service) server user accounts with the appropriate tunnel information using VLAN authorization and policy filter-ID for student role members and devices. Enable hybrid authentication, allowing the switch to use both the filter-ID and tunnel attributes in the RADIUS response message. Set a VLAN-to-policy mapping as backup incase the response does not include the RADIUS filter-ID attribute. This mapping is ignored in case RADIUS filter-ID attribute is present in the RADIUS response message.
StudentFS->configure policy maptable response both StudentFS->configure policy maptable 10 2
Forward traffic on UDP source port for IP address request (68), and UDP destination ports for protocols DHCP (Dynamic Host Configuration Protocol) (67) and DNS (53). Drop traffic on UDP source ports for protocols DHCP (67) and DNS (53). Drop traffic for protocols SNMP (Simple Network Management Protocol) (161), SSH (22), Telnet (23) and FTP (20 and 21) on both the data and phone VLANs.
StudentFS->configure policy rule 2 udpsourceport 68 mask 16 forward StudentFS->configure policy rule 2 udpdestport 67 mask 16 forward StudentFS->configure policy rule 2 udpdestport 53 mask 16 forward StudentFS->configure policy rule 2 udpsourceportIP 67 mask 16 drop StudentFS->configure policy rule 2 udpsourceportIP 53 mask 16 drop StudentFS->configure policy rule 2 udpdestportIP 16 mask 16 drop StudentFS->configure policy rule 2 tcpdestportIP 22 mask 16 drop StudentFS->configure policy rule 2 tcpdestportIP 23 mask 16 drop StudentFS->configure policy rule 2 tcpdestportIP 20 mask 16 drop StudentFS->configure policy rule 2 tcpdestportIP 21 mask 16 drop
Students should only be allowed access to the services server (subnet 10.10.50.0/24) and should be denied access to both the administrative (subnet 10.10.60.0/24) and faculty servers (subnet 10.10.70.0/24).
StudentFS->configure policy rule 2 ipdestsocket 10.10.60.0 mask 24 drop StudentFS->configure policy rule 2 ipdestsocket 10.10.70.0 mask 24 drop