Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Configuring Enforcement Policies
Only one enforcement policy can be associated with each service. Enforcement policies can be added in one of two ways:
From the Configuration > Services page as part of the flow of the Add Service wizard.
From Configuration > Enforcement > Enforcement Policies.
Figure 1 Enforcement Policies Page
Adding an Enforcement Policy
1. To add a new enforcement policy from the page, navigate to Configuration > Enforcement > Enforcement Policies.
2. Click Add. The Add Enforcement Policy page opens to the tab:
Figure 2 Add Enforcement Policy > Enforcement Tab
3. Specify the > parameters as described in the following table:
4. In the Rules tab, click Add Rule to display the Rules Editor:
Figure 3 Add Enforcement Policy > Rules Editor
Button |
Action/Description |
Add Rule |
Click the action button to bring up the Rules Editor and add a new rule. |
Copy Rule |
Select the rule you want to copy, then click the action button. The copied rule is added to the existing list of rules. |
Move Up/ Move Down |
To change the order that rules are executed in the enforcement policy, select an enforcement policy rule, then click or as desired. |
Edit Rule |
Select the rule you want to edit, then click the action button. |
Remove Rule |
Select the rule you want to delete, then click the action button. |
5. Specify the > tab parameters as described in the following table:
Field |
Description |
Conditions/Enforcement Profiles |
Select conditions for this rule. For each condition, select a matching action (enforcement profile). A condition in an enforcement policy rule can contain attributes from the following namespaces: Tips:Role, Tips:Posture, and Date. The
value field for the Tips:Role attribute can be a role defined in
Policy Manager, or a role fetched from the authorization source.
|
Enforcement Profiles |
If the rule conditions match, attributes from the selected enforcement profiles are sent to the Network Access Device If a rule matches and there are multiple enforcement profiles, the enforcement profile disambiguation rules apply. Refer to Configuring Enforcement Profiles for a list of the default profiles. |
Binding SNMP Enforcement for Ingress Events
SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. enforcement profiles can be bound to an event-based enforcement policy, which enables Policy Manager to trigger SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. enforcement based on an Ingress event.
This section demonstrates how Policy Manager allows the binding of an SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. -based enforcement profile to an event-based enforcement policy.
Figure 4 SNMP-Based Enforcement Profile
The configuration shown in Figure 5 demonstrates the binding of an SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. -based enforcement to an event-based enforcement policy.
Figure 5 Binding an SNMP-Based Enforcement to an Event-Based Enforcement Policy