EMAIL SUPPORT
dclessons@dclessons.comLOCATION
AFLAB Network Control LAN Policies
LAB Network Control LAN Policies
Task:
- Create two Network Control policies.
- The first policy will be used for VMWare ESXi:
- Allow CDP traffic.
- Register MAC addresses for every VLAN where hosts or guests are assigned.
- Allow MAC addresses to be spoofed.
- Don't warn, but actually show that the link has failed if the upstream pinned link goes down.
- The second policy will be used for a bare metal Win2K8:
- Allow CDP traffic.
- Register MAC addresses only for the native VLAN.
- Do not allow MAC addresses to be spoofed.
- Don't warn, but actually show that the link has failed if the upstream pinned link goes down.
Solution:
Click the LAN tab, navigate to LAN >> Policies >> root, right-click | Network Control Policies, and click Create Network Control Policy.
For MAC Register Mode, select All Host Vlans. For action on Uplink Fail, select Link Down. For MAC Security - Forge, select Allow. (This allows spoofed MAC addresses, which is exactly what VMware must do because it represents many more guests behind its host hypervisor engine.) Click OK.
Comment
You are will be the first.
LEAVE A COMMENT
Please login here to comment.