Using VLAN trunking with the Symantec Gateway Enforcer
| Article:TECH92071 | | | Created: 2009-01-28 | | | Updated: 2011-12-28 | | | Article URL http://www.symantec.com/docs/TECH92071 |
Problem
Using VLAN trunking with the Symantec Gateway Enforcer in Symantec Network Access Control (SNAC) 11.0 or 12.1
Solution
In release 11.0 MR3 and later of Symantec Network Access Control the Symantec Gateway Enforcer appliance software supports 802.1q trunking of VLANs.
This feature is useful for connecting a Gateway Enforcer appliance to two trunk ports on different switches, and letting the Enforcer challenge traffic belonging to certain VLANs only, while letting traffic for other VLANs passing though unchallenged.
The SNAC appliance administrator can specify the list of VLANs for enforcement. When using the trunking functionality is it also required to tell the Enforcer on which VLANs the SEPM management server and any failover appliances can be found.
In the Gateway Enforcer CLI the trunking features can be modified under configure advanced
The trunking command uses the following syntax:
trunking enable | disable | chall-vlist <vlan-list> | fail-vid <vlan-id> | mgmt-vid <vlan-id>
where:
| chall-vlist | Specify the list of VLANs that Gateway Enforcer should challenge. Format: n[-n][,n[-n]]... n:<1-4096> e.g. 1,2,3-6,8,10-15 |
| disable | Disable trunking feature |
| enable | Enable trunking feature |
| fail-vid | Specify where Gateway Enforcer should send out or receive failover packets |
| mgmt-vid | Specify the management VLAN id |
| native-vid | Specify the VLAN id of non-tagged packets |
The trunking feature is disabled by default.
|
|
Legacy ID
2009012813225248
Article URL http://www.symantec.com/docs/TECH92071
Terms of use for this information are found in Legal Notices
Thank you.