Thanks Markus. I should have been more clear. We currently use Netsight. I am familiar with Policy Manager. We use policies to set COS up for phones and for blocking certain services on end user ports. I'd like to find a way to do this using Policy Manager. Also, VLANs are currently staticly set on the edge. We'd like them to be completely dynamic based on AD group membership (or the lack thereof.)
On Thu, Dec 15, 2011 at 12:24 PM, Nispel, Markus < [email protected]> wrote: > Hi Scott**** > > ** ** > > You can use Policy and RADIUS attributes to return that – as part of the > policy you can modify the PVID incluing the egress as well as the VLAN > egress separately for untagged and tagged traffic (like a dynamic 1Q > trunk). You can use the decorated filter ID to return the policy or map > RFC3580 tunnel attributes back as well. What product do you use?**** > > ** ** > > Details can be found in the feature guide for policy: > https://extranet.enterasys.com/downloads/Pages/dms.ashx?download=96274944-52fa-4cc1-9bba-0744d5989703while > it is highly recommended to use the policy manager as part of the > Netsight Suite. For authentication > https://extranet.enterasys.com/downloads/Pages/dms.ashx?download=cf5b6f90-13a1-4253-add1-5d2a7a0cbb23 > **** > > ** ** > > CLI commands of interest to create the policy phoneFS with pvid 11:**** > > ** ** > > Fixed Switch(rw)->set policy profile 3 name phoneFS pvid-status enable > pvid 11 cos-status enable cos 10 – here there are also the options for > separate egress control**** > > ** ** > > Radius & authentication turned on and returning as the filter id “ > Enterasys:version=1:policy=*phoneFS”***** > > ** ** > > Does the job. Turn on auth & RADIUS**** > > ** ** > > System(rw)->*set multiauth mode multi* > > System(rw)->*set multiauth port mode force-auth ge.1.5-7* > > * * > > *For MAC auth* > > * * > > System(rw)->*set macauthentication enable* > > System(rw)->*set macauthentication password enterasys* > > System(rw)->*set macauthentication port enable ge.1.5-7* > > ** ** > > RADIUS**** > > ** ** > > System(rw)->*set radius server 1 10.20.10.01* > > System(rw)->*set radius enable* > > * * > > ** ** > > If you need AD support and RADIUS services then you could also use our NAC > solution for that.**** > > ** ** > > Hope this helps**** > > Markus**** > > ** ** > > *From:* [email protected] [mailto:[email protected]] *On Behalf Of > *VanArtsdalen, > Scott > *Sent:* Donnerstag, 15. Dezember 2011 19:26 > *To:* Enterasys Customer Mailing List > *Subject:* [enterasys] Setting VLAN egress based on AD group membership*** > * > > ** ** > > Can someone point me to a good resource on setting VLAN egress on a port > based on membership in a given group in Active Directory? > Any whitepapers out there or a place one one of the manuals I should check? > **** > > ** ** > > Michael, you have anything that would help? :-)**** > > - --To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] **** > > > - --To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] > > --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
