Using VLAN trunking with the Symantec Gateway Enforcer

Article:TECH92071  |  Created: 2009-01-28  |  Updated: 2011-12-28  |  Article URL http://www.symantec.com/docs/TECH92071
Article Type
Technical Solution


Issue



Using VLAN trunking with the Symantec Gateway Enforcer in Symantec Network Access Control (SNAC) 11.0 or 12.1

 


Solution



In release 11.0 MR3 and later of Symantec Network Access Control the Symantec Gateway Enforcer appliance software supports 802.1q trunking of VLANs.
This feature is useful for connecting a Gateway Enforcer appliance to two trunk ports on different switches, and letting the Enforcer challenge traffic belonging to certain VLANs only, while letting traffic for other VLANs passing though unchallenged.

The SNAC appliance administrator can specify the list of VLANs for enforcement. When using the trunking functionality is it also required to tell the Enforcer on which VLANs the SEPM management server and any failover appliances can be found.

In the Gateway Enforcer CLI the trunking features can be modified under configure advanced

The trunking command uses the following syntax:

trunking enable | disable | chall-vlist <vlan-list> | fail-vid <vlan-id> | mgmt-vid <vlan-id> | native-vid <vlan-id>

where:

 

chall-vlist Specify the list of VLANs that Gateway Enforcer should challenge.
Format: n[-n][,n[-n]]... n:<1-4096>  e.g. 1,2,3-6,8,10-15
disable Disable trunking feature
enable Enable trunking feature
fail-vid Specify where Gateway Enforcer should send out or receive failover packets
mgmt-vid Specify the management VLAN id
native-vid Specify the VLAN id of non-tagged packets


The trunking feature is disabled by default.

 



Legacy ID



2009012813225248


Article URL http://www.symantec.com/docs/TECH92071


Terms of use for this information are found in Legal Notices