Hi,
I know that I can use policy instead of ACLs, but how can I configure policies on a S4 Chassis acting as the Core Switch (no user will be connected on there)? I mean, if for example I have the following scenario: Servers VLAN: 2 Firewall VLAN: 3 (10.10.4.10/23) Employees VLANs: 6 (10.10.6.1/23), 8 (10.10.8.1/23) WLAN Students VLAN: 30 (10.10.30.2/19) On ports ge.3.33-35 I have configured a LAG between the S4 and a Blade c7000 with VLAN 2,6,7,8 tagged. On port ge.3.29 I have configured VLAN 30 untagged that has a physical connection with the students DHCP server. The students DHCP server is not on the Blade c7000, it has a physical server that is providing the IP scope on VLAN 30 for the students. On port ge.3.30 I have configured VLAN 30 untagged that has a physical connection with the Firewall that also has an interface VLAN 30 with (10.10.30.1/19) that allows the students traffic to the internet. The Firewall has an interface VLAN 2 with 10.10.2.200/22 that contain a server farm, and on the S4 I have also created VLAN 2. On port ge.3.31 I have configured VLAN 2 untagged. On port ge.3.32 I have configured VLAN 3 untagged that has a physical connection with the Firewall that also has an interface VLAN 3 with (10.10.4.1/23) that allows the employees traffic to the internet. Case Scenario: The Students VLAN 30 cannot access any of the administrative VLANs (2,6,8), drop packets from HTTP and HTTPS to destination (10.10.30.1-2/19), and also drop packets from Telnet to destination (10.10.30.2/19). Policies acting as ACLs. Do I need to configure the policies physically on each of the ports that is connected each device as Default Role? or. Do I need to make another config to make this happens? Egbert Rodriguez Hernandez User Support CCTV Level I, ESE Caribbean Micro Services Tel. 787-620-7780 x4327 Fax.787-620-7784 Mobile.787-224-0193 <BLOCKED::http://www.caribbeanmicro.com> www.caribbeanmicro.com CONFIDENTIALITY NOTE: The information contained in this e-mail and its attachments are proprietary and confidential to Caribbean Micro Services, Inc.(CMS), its affiliates or its clients. They may not be disclosed, distributed, used, copied or modified in any way without CMS, Inc.s authorization. If you are not the intended recipient of this email, you are not an authorized person. If the reader of this message is not the intended recipient, please delete it and notify its original sender immediately. CMS, Inc. and its affiliates do not assume any liability for damages resulting from emails that have been sent or altered without their consent. Moreover, CMS, Inc. has taken precautions to safeguard its email communications, but cannot assure that such is the case and disclaim any responsibility attributable thereof. --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
