Configuration Guidelines - Alcatel-Lucent OmniSwitch 9900 Series Network Configuration Manual

Configuring Application Monitoring and Enforcement

Configuration Guidelines

Review the guidelines in this section before configuring AppMon on the OmniSwitch.
•
AppMon works on an application level and not on individual application events/operations. On
configuring an application, all associated events are considered for application monitoring and
enforcement.
•
Supports only IP traffic (TCP or UDP).
•
AppMon must not be configured on user ports and uplink ports at the same time.
•
AppMon does not support link aggregate interface. AppMon is supported at individual port level only.
Also, port will not be allowed to be configured in the link aggregate if AppMon is enabled on the port.
•
AppMon configuration is not allowed on Virtual Fabric Link, ERP, VLAN stacking, SPB, or port
mirroring ports.
•
Does not support tunneled traffic, encrypted traffic, and fragmented traffic (supported only if initial
fragmented packet contains the signature).
•
Software policy lookup considers AppMon enforcement specific policies for a given application name
only when it is part of an active application list. In case of policy configured both for application and
application group where same application is part, policy will be selected based on what is configured in
the active application list. Active application list allows only one application at a time, either directly
added in the application list or added through an application group.
•
Application enforcement cannot be provided to IP flows which moves between NIs (due to link
aggregate, STP block scenario, or L3 ECMP group configuration).
•
If an AppMon flow is detected on a UNP port, then AppMon UNP policy list is applied to the flow. If
UNP policy list is not configured, then default QoS policy list is applied. For non-UNP ports, default
QoS policy list is applied. The
applications used by the UNP user. For example:
-> show unp user details
Port: 4/1/6
MAC-Address: 00:80:9f:a0:65:94
Access Timestamp
User Name
IP-Address
Vlan
Authentication Type
Authentication Status
Authentication Failure Reason
Authentication Retry Count
Authentication Server IP Used
Authentication Server Used
Server Reply-Message
Profile
Profile Source
Profile From Auth Server
Classification Profile Rule
Role
Role Source
User Role Rule
Restricted Access
Location Policy Status
Time Policy Status
OmniSwitch AOS Release 8 Network Configuration Guide
show unp user details command displays the list of enforcement
= 02/18/2014 04:42:33,
= 00:80:9f:a0:65:94,
= 25.1.1.25,
= 25,
= Mac,
= Authenticated,
= -,
= 0,
= 135.254.163.143,
= cppm,
= -,
= UNP-device,
= Auth - Pass - Server UNP,
= UNP-device,
= -,
= pl3,
= L2-Profile,
= -,
= No,
= -,
= -,
December 2017
Configuring AppMon
page 29-11