locked
NPS Policy (group of items) RRS feed

  • Question

  • I have a few switches that I've identified cannot support per-user ACL enforcements, and all support VLAN enforcement.

    However, the use of per-user ACLs are nice as I don't have to worry about switching vlans, and IP addresses, I can just dynamically assign ACLs as needed. 

    My problem is if I create a policy such as the following it works:

    non compliant policy
    (matches non compliant SHV)
    (from switch x.x.x.10)

    If I use the following for a list of switches they all fail:

    non compliant policy
    (matches non compliant shv)
    (from switch x.x.x.10)
    (from switch x.x.x.11)
    (from switch x.x.x.12)

    What I'm trying to do is create the following policies:
    One would do a list of switches using ACL enforcement
    One would do a list of switches using VLAN enforcement

    Thanks,
    Derek 
    Derek
    Tuesday, August 12, 2008 10:59 PM

Answers

  • Hi Derek,

    It should work to create one policy for each switch. Is it required that you include all switches in a single policy? If so, then I believe you can use pattern matching syntax and a condition such as RADIUS Client\Client friendly name.

    -Greg
    Friday, September 19, 2008 12:53 AM

All replies

  • Hi Derek,

    It should work to create one policy for each switch. Is it required that you include all switches in a single policy? If so, then I believe you can use pattern matching syntax and a condition such as RADIUS Client\Client friendly name.

    -Greg
    Friday, September 19, 2008 12:53 AM
  • Thanks Greg, I used the field for the IPV4 address of the switch in a policy, and used the regex for this, so i can enter more than one on the line, this worked.

    so i have two policies...802.1x compliant acls, 802.1x compliant vlans, and in the policy i check the ip of the switch sending the data.

    Derek
    Wednesday, January 7, 2009 11:15 PM