The phoneFS role is configured on both the dorm room and faculty office Fixed Switches with:
Because we can not apply separate rate limits to the phone setup and payload ports on the Fixed Switch using policy rules, apply CoS 10 with the higher payload appropriate rate limit of 100k bps and a high priority of 6 to the phoneFS role.
Fixed Switch->configure policy profile 3 name phoneFS pvid-status enable pvid 11 cos-status enable cos 10
Drop traffic for protocols SNMP (161), SSH (22), Telnet (23) and FTP (20 and 21) on the phone VLAN. Forward traffic on UDP source port for IP address request (68) and forward traffic on UDP destination ports for protocols DHCP (67) and DNS (53) on the phone VLAN, to facilitate phone auto configuration and IP address assignment.
Fixed Switch->configure policy rule 3 udpdestportIP 161 mask 16 drop Fixed Switch->configure policy rule 3 tcpdestportIP 22 mask 16 drop Fixed Switch->configure policy rule 3 tcpdestportIP 23 mask 16 drop Fixed Switch->configure policy rule 3 tcpdestportIP 20 mask 16 drop Fixed Switch->configure policy rule 3 tcpdestportIP 21 mask 16 drop Fixed Switch->configure policy rule 3 udpsourceport 68 mask 16 forward Fixed Switch->configure policy rule 3 udpdestportIP 67 mask 16 forward Fixed Switch->configure policy rule 3 udpdestportIP 53 mask 16 forward
Configure the RADIUS server user accounts with the appropriate tunnel information using VLAN authorization and policy filter-ID for phoneFS role members and devices. Enable hybrid authentication, allowing the switch to use both the filter-ID and tunnel attributes in the RADIUS response message. Set a VLAN-to-policy mapping as backup incase the response does not include the RADIUS filter-ID attribute. This mapping is ignored if RADIUS filter-ID attribute is present in the RADIUS response message.
Fixed Switch->configure policy maptable response both Fixed Switch->configure policy maptable 11 3