Policy Manager VLANs which can be used for access control are displayed in the Access Control Configuration window (available from the Policy Manager Edit menu). If you have enabled the Policy VLAN Islands feature, there are two VLANs folders in this window: Global VLANs and Policy VLAN Islands . Otherwise, only the Global VLANs folder is displayed. For more information on Policy VLAN Islands, see How to Create a Policy VLAN Island.
Policy Manager provides you with one Global Default
VLAN, which is available when you first start using Policy
Manager. You can create additional VLANs using the Create VLAN
option available when you right-click on the Global VLANs folder.
Once a VLAN is created, you can use it as follows:
- as the default access control for a role, using the role General Tab or Role Wizard
- as an access control action for a rule using the rule General tab or Rule Wizard
- as an access control action for an automated service, using the service General Tab or Service Wizard
- in a Policy VLAN Island, if that feature is enabled
You can view the roles and services associated with a VLAN by right-clicking on the VLAN in the left panel and selecting Role/Service Usage. You can also make role and service changes from the Role/Service Usage window.
See Create VLAN Window and Roles for additional information.
Instructions on:
Creating a VLAN
- Open the Access Control Configuration window (available from the Policy Manager Edit menu).
- Right click the Global VLANs folder and select Create VLAN from the menu.
- Fill out the Create VLAN Window to your specifications.
- To create the VLAN and close the Create VLAN window, click OK. To create a VLAN and leave the window open, click Apply.
- Enforce to write the new information to the devices.
Editing an Island VLAN ID
- Open the Access Control Configuration window (available from the Policy Manager Edit menu).
- Expand the Policy VLAN Islands folder, and select the Policy VLAN Island with which the island VLAN is associated.
- Select the VLANs tab in the right panel.
- Select the Island VLAN and click Edit Island VLAN ID.
- Enter the new VLAN ID and click OK.
- Enforce to write the new information to the devices.
Deleting a VLAN
Deleting a VLAN removes it and its associations with any roles and services from the Policy Manager database and from the devices.
| WARNING: | The delete operation will immediately remove the VLAN(s) from the devices in
the Network Elements tab and could result in serious consequences if the VLANs
are used outside the scope of Policy Manager. |
|---|
- Open the Access Control Configuration window (available from the Policy Manager Edit menu).
- Right click on the VLAN you wish to delete and select Deletefrom the menu. A confirmation window opens.
- Click Yes to delete the VLAN.
- Enforce to write the new information to the devices.
Turning Off Getting VLANs on Startup
When Policy Manager is launched, it automatically reads the VLANs from the devices. However, this can take some time when you have many VLANs and devices. If it is not required that Policy Manager and the devices be synchronized each time you launch Policy Manager, you can turn off the reading of VLANs at launch by deselecting the Get VLANs on Startup option in the Options Startup view (Tools > Options).
For information on related concepts:
For information on related windows:
