About issues with the switch policy, associated conditions, and actions
|Article:HOWTO81753|||||Created: 2012-10-25|||||Updated: 2014-09-21|||||Article URL http://www.symantec.com/docs/HOWTO81753|
When configuring switch policies, note the following:
The Switch Action table must contain at least one entry.
If you do not select an action for a particular combination of results, the default action, Open Port, is performed.
To specify a default action for any possible combination of results, select Ignore Result for all three results.
When you add the actions to the table, you can edit any cell by clicking on the right corner of a column and row to display a drop-down list.
Some switches, such as the Cisco switch, have a guest VLAN feature. The guest VLAN is normally intended to be used if user authentication fails. In other words, if user authentication fails, the switch connects the client to the guest VLAN automatically.
If you use the LAN Enforcer for VLAN switching, it is recommended that you do not use the reserved guest VLAN when setting up VLANs and actions on the LAN Enforcer. Otherwise the 802.1x supplicant may respond as though user authentication failed.
If you deploy clients and are not ready to implement the full capabilities of the LAN Enforcer, you can specify an action of allowing access to the internal network that is based on the condition Ignore Result for the Host Integrity check and Policy Check. If you want to disregard the user authentication results and allow network access regardless of the results, you can do so with the condition Ignore Result for User Authentication results.
Article URL http://www.symantec.com/docs/HOWTO81753