Hi, you can remove VLAN 1 from a port's egress list:
clear vlan egress 1 <port-string> Regards, Erik -- Dipl.-Inform. Erik Auerswald U:http://www.fg-networking.de/ E:[email protected] T:+49-631-4149988-0 M:+49-176-64228513 Gesellschaft für Fundamental Generic Networking mbH Geschäftsführung: Volker Bauer, Jörg Mayer Gerichtsstand: Amtsgericht Kaiserslautern - HRB: 3630 On Tue, 27 Mar 2012 16:02:28 +0000 Patrick Printz <[email protected]> wrote: >Jens, > >I am not sure if there is a way to remove vlan 1 from the >port, but you could forbid vlan 1 based on the role. The >better option though might be to contain the traffic to >vlan 100? On the General tab for the role, you could try >setting the Access control to Contain to VLAN. See if that >helps. > >Patrick Printz >Network Infrastructure > >Quinsigamond Community College >670 West Boylston Street >Worcester, MA 01606-2092 >w. 508-854-7517 >c. 508-726-9529 > > >"If a man is called a street sweeper, he should sweep >streets even as Michelangelo painted, or Beethoven >composed music, or Shakespeare wrote poetry. He should >sweep streets so well that all the hosts of heaven and >Earth will pause to say, Here lived a great street sweeper >who did his job well." >~Martin Luther King, Jr. > > >-----Original Message----- >From: Podbiera, Jens [mailto:[email protected]] >Sent: Tuesday, March 27, 2012 10:20 AM >To: Enterasys Customer Mailing List >Subject: [enterasys] setting up vlan to policy > >Hey guys, > >need a little bit assistance to configure vlan to policy. >Can´t found any tutorials on extranet to setup this >feature. >Has any one a manual? > >I take the follow steps: > >[Policy Manager] >1. create a role and setup the tab "Vlan Egress with Vlan >100" > >[NAC] >1. create a rule "Rule Name" -> Authentication is MAC and >End-System is in "End-System-Group" + New Nac Profile 2. >Nac Profile with created Accept Policy (with Vlan 100) > >After the enforce and authentication, the port has two >vlans, Vlan 100 an default vlan. >Thats my problem, i want only the 100 Vlan on this port >not the default vlan. > >If i setup the port manualy to a other vlan (400), i have >the same problem. >My Vlan 100 will added to the primary vlan on the port. > >Whats my mistake? > >Short Example: > >VLAN: 1 NAME: DEFAULT VLAN > VLAN Type: Default > Egress Ports >ge.1.4[Test Notebook], ge.1.48 [Uplink] > Forbidden Egress Ports >None. > Untagged ports >ge.1.4[Test Notebook], ge.1.48[Uplink] > >VLAN: 100 NAME: xXXx > VLAN Type: Permanent > Egress Ports >ge.1.4[Test Notebook], ge.1.48 [Uplink] > Forbidden Egress Ports >None. > Untagged ports >ge.1.4[Test Notebook] > >Example 2: >VLAN: 100 NAME: xXXx > VLAN Type: Permanent > Egress Ports >ge.1.4[Test Notebook], ge.1.48 [Uplink] > Forbidden Egress Ports >None. > Untagged ports >ge.1.4[Test Notebook] > >VLAN: 400 NAME: xxxxx > VLAN Type: Permanent > Egress Ports >ge.1.14 > Forbidden Egress Ports >None. > Untagged ports >ge.1.14 > > >Regards > >Jens > >--- >To unsubscribe from enterasys, send email to >[email protected] with the body: unsubscribe enterasys >[email protected] > >--- >To unsubscribe from enterasys, send email to >[email protected] with the body: unsubscribe enterasys >[email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
