Configuring Endpoint Policy Controller

Owned by
Tracy Yang (Unlicensed)
Apr 01, 2022
3 min read

Background

In a mobile office or wireless access networking environment, when access VLAN for the user is fixed, but the access port is not fixed, you can use AmpCon's Endpoint Policy Controller function to enable MAC and VLAN binding so that a specific access device can access the same VLAN no matter which switch port is used to access the network.

Endpoint Policy Controller feature requires the administrator to manually configure MAC VLAN entries on AmpCon Server, and enable the MAC VLAN feature of OVSDB on the switch.

Configuring AmpCon Server for Endpoint Policy Controller

Step 1        Select SDN Applications > Endpoint Policy Controller to enter the Endpoint Policy Controller configuration interface.

Step 2        Add the switch to AmpCon's SDN management.

   a) Click the icon on the page. In the pop-up page, you can see all the deployed switches.

   b) Click the "Add into SDN" button in the Operation column of the switch that you want to include in AmpCon SDN management. Then click Yes in the pop-up Are you sure? dialog box to add the switch to AmpCon's SDN management.

   

Step 3        Create a new MAC VLAN table entry.

   a) Click New Host, then add a new MAC VLAN entry in the pop-up "Create a New Host" window.

   

   The parameter descriptions are shown in the following table when configuring the New Host.

Parameter

Description

Host MAC

Specifies a host MAC.

Host IP

Specifies a host IP address.

Host Action

Specifies a VLAN for the host.

QoS

Specifies the QoS value of 802.1p priority, the value is an integer that ranges from 0 to 7, the default value is 0.

Host Name(Opt)

Optional. Specifies the host name.

b) Click "Create" button to save the new MAC VLAN binding entry.

At this time, the Status parameter value displays Off-line in the table.

When the host accesses the network through a switch port, the switch will report host MAC to the AmpCon Server. Based on the host MAC, AmpCon Server will send the configured MAC VLAN entry to the OVSDB server on the switch and assign the configured VLAN to the host. By this time the value of the Status parameter in the table item changes to On-line.

Step 4      (Optional) Modify VLAN information of the Host.

   a) Click the edit icon  of the MAC VLAN entry you want to modify, a "Host Configuration Editer" page will pop up.

   

  b) In the "Host Configuration Editer" page, you can modify the Host IP address, Host name, VLAN and QoS values.

  c) Click the "Save" button to save the configuration.

Step 5        (Optional) Delete the MAC VLAN entry of the Host.

   Click the delete icon  of the MAC VLAN entry you want to delete, then click Yes in the Are you sure? dialog box to confirm entry deletion.

  

Switch Configuration

On the access switch, there are two steps to configure.

1.   Configure VLANs and add interfaces to the VLANs.

set interface gigabit-ethernet ge-1/1/5 family ethernet-switching native-vlan-id 100
set interface gigabit-ethernet ge-1/1/5 family ethernet-switching port-mode "trunk"
set interface gigabit-ethernet ge-1/1/5 family ethernet-switching vlan members 20,99
set interface gigabit-ethernet ge-1/1/7 family ethernet-switching port-mode "trunk"
set interface gigabit-ethernet ge-1/1/7 family ethernet-switching vlan members 101-2000
set interface gigabit-ethernet ge-1/1/7 family ethernet-switching vlan members 20,99,100
set interface gigabit-ethernet ge-1/1/9 family ethernet-switching port-mode "trunk"
set vlans vlan-id 20,99,100
set vlans vlan-id 101-2000

2.   Enable MAC VLAN function.

set protocols ovsdb mac-vlan disable false



Copyright © 2024 Pica8 Inc. All Rights Reserved.