LAB Network Control LAN Policies

LAB Network Control LAN Policies

Task:

• Create two Network Control policies.
• The first policy will be used for VMWare ESXi:
  • Allow CDP traffic.
  • Register MAC addresses for every VLAN where hosts or guests are assigned.
  • Allow MAC addresses to be spoofed.
  • Don't warn, but actually show that the link has failed if the upstream pinned link goes down.
• The second policy will be used for a bare metal Win2K8:
  • Allow CDP traffic.
  • Register MAC addresses only for the native VLAN.
  • Do not allow MAC addresses to be spoofed.
  • Don't warn, but actually show that the link has failed if the upstream pinned link goes down.

Solution:

Click the LAN tab, navigate to LAN >> Policies >> root, right-click | Network Control Policies, and click Create Network Control Policy.

For MAC Register Mode, select All Host Vlans. For action on Uplink Fail, select Link Down. For MAC Security - Forge, select Allow. (This allows spoofed MAC addresses, which is exactly what VMware must do because it represents many more guests behind its host hypervisor engine.) Click OK.