50 Minuteman Rd.
Andover, MA 01810
(978) 684-1000

CUSTOMER RELEASE NOTES

Enterasys NetSight^TM Atlas Policy Manager
Version 1.8
December, 2004

INTRODUCTION:

When updates have been obtained using the NetSight Atlas Web Update feature, the Addendum section at the end of these release notes will contain the updated release information.

The most recent version of these release notes can also be found on the NetSight Documentation web page: http://www.enterasys.com/support/manuals/netsight.html.

	NOTE:	When this topic is opened from the CD-ROM, the links from this topic to other help topics will not work. Links within the topic will work and once you've installed Policy Manager, you can launch the help system and access help for all topics.

Enterasys NetSight Atlas Policy Manager is a tool that simplifies the configuration of policies on networks, and deploys the policies on multiple devices throughout the switch fabric. It may be used for any device that supports the Enterasys Networks Policy Profile MIB. Web-based authentication is available on devices with firmware that supports the Enterasys Networks PWA MIB and the Enterasys Networks RADIUS Auth Client Encrypt MIB or the Enterasys Networks RADIUS Client MIB. 802.1X authentication is available on devices with firmware that supports the EAP MIB and the Enterasys Networks RADIUS Auth Client Encrypt MIB or the Enterasys Networks RADIUS Client MIB.

With Policy Manager, you can create policy profiles, called roles, that are assigned to the ports in your network. These roles provide four key policy features: traffic containment, traffic filtering, traffic security, and traffic prioritization. When authentication is enabled, users identify themselves to the network and are given customized access capabilities based on what role they serve in the organization.

Using the Policy Manager wizards and configuration tools, you can create multiple roles tailored to your specific needs, and set a default role for all or some of your network devices and ports. Basic Policy Manager operations include creating, editing, and deleting roles. You can also view role configuration on a per device and per port basis. In addition, Policy Manager allows you to verify that the roles enforced on your network device match the roles currently configured in the application. Policy Manager supports a maximum of 1,000 devices (25,000 ports) and 50 roles, and can process a maximum of 250 unique classification rules with a maximum of 50 classification rules per role.

Policy Manager requires a list of network devices, which can be created using a text editor. Network devices can also be imported by connecting directly to NetSight Atlas Console version 1.1 or newer. There are special utility programs available that will create a device list for you based on your HP OpenView^®, NetSight Switch and Topology Manager, or NetSight Element Manager device database. Contact Support for more information.

It is recommended that you thoroughly review these release notes prior to installing or upgrading this product.

SOFTWARE CHANGES AND ENHANCEMENTS:

Software Changes

The following restrictions and limitations have been fixed in this release of NetSight Atlas Policy Manager:

General
Deleting a device that is "Not Reachable," then using the Device Configuration Wizard to configure any of your devices, no longer causes the device to reappear in the Network Elements tree.
The ToS/DSCP Rewrite feature is now supported on Matrix N-Series Gold and Platinum devices running firmware version 5.01.xx.
(Matrix N-Series devices that support multiple authentication types per device.) If a user has authenticated using two or more authentication types, an active entry for each authentication type is no longer displayed in the Port Usage tab for that user. Now, only one session will be displayed as active (blue) in the Port Usage tab.
The Event Log Clean-up now functions for both the Log Directory Size Restriction and Event Log File Aging options even if the "Notify User Before Removing Logs" checkbox is deselected in the Event Log view of the Options window.
In the device-level MAC Locking tab, setting the option "Move all dynamic MACs with a Locking Cause of 'First Arrival' to a statically locked MAC" no longer fails with the following error message: "Unable to move all dynamic MAC addresses to static. See Event Log for details."

Software Enhancements

The following enhancements have been added to this release of Policy Manager:

Expanded Class of Service Support. Policy Manager now supports two modes of class of service, with each mode providing a different rate limit functionality: Priority-Based Rate Limits and Role-Based Rate Limits. In addition, the Role-Based Rate Limits mode includes the ability to configure transmit queues.
DNS Configuration for the Matrix E1. You can now configure your DNS domain name and server addresses to support the Enhanced Login Mode on Matrix E1 devices supporting this in firmware.
Multi-User 802.1X for Matrix N-Series Devices. Matrix N-Series Gold and Platinum devices now support multi-user 802.1X authentication.
Network Resource Enhancements. Policy Manager now provides a Network Resources Wizard that leads you through all the steps required to create a network resource group and an Automated service with which to associate it. The wizard also lets you apply the Automated service to a role.
Single-User and Multi-User Authentication Support. Policy Manager now supports multi-user authentication for devices that support multiple authentication types and multiple users per port, and single-user authentication for devices that support only one or two authentication types and single users per port.
Launch in Tab Option. This new options lets you specify which left-panel tab is displayed when you launch Policy Manager.
Enhanced Rule Accounting. New rule accounting features for Matrix N-Series devices:
- Auto-Clear Functionality - Enable auto-clear operations and specify the ports that the clear operations will be performed on. These auto-clear operations determine when to clear the specified ports from a rule's Rule Usage tab:
  - Clear Rule Usage on Port Link-Status Change
  - Clear Rule Usage Port Role Change
  - Clear Rule Usage on Interval
- Rule Usage Tabs at Device and Port Level - A new device-level Rule Usage tab displays port information for all the rules that have been used for a selected device, and a new port-level Rule Usage tab displays all the rules that have been used on a selected port and the role they are associated with.
TCI Overwrite at Port Level. You can now enable or disable TCI Overwrite functionality for an individual port.
MAC to Role Mapping for Matrix N-Series Platinum Devices. Provides a way to assign a role to an end station based on its source MAC address. This allows you to create a specific role for a group of end stations (such as IP phones), and assign it to them based on their MAC address and a MAC mask. A role assigned through MAC to Role mapping takes precedence over an authenticated role or a default role.
IP to Role Mapping for Matrix N-Series Platinum Devices. Provides a way to assign a role to an end station based on its IP address. In networks that haven't deployed authentication, this would allow you to map an individual IP address such as an administrator's laptop, to a specific role. A role assigned through IP to Role mapping takes precedence over an authenticated role or a default role.
Disable Traffic Classification Types for Matrix N-Series Platinum Devices. You can now disable specific classification rule types on an individual port as a way to disable policy-assignment rules used in VLAN to Role Mapping, IP to Role Mapping, MAC to Role Mapping, and Role Override. For example, you could disable the VLAN ID traffic classification type which would disable Tagged Packet VLAN to Role Mapping on the port. You could also disable all traffic classification types, which would effectively turn off policy on the port.
MAC Address Selection for MAC-based Rules. When creating a MAC-based rule, a new Select MAC Address window lets you quickly select a MAC address from a list of addresses read from a specified device or port.
Enhanced Audit Trail. Additional events were added to the Event Log to provide better auditing specifically in the areas of RADIUS configuration and authentication settings.
Support for Red Hat Enterprise Linux WS v3. Policy Manager can now be installed on the Red Hat Enterprise Linux WS v3 platform.
Support for Matrix C2. Policy Manager now supports Matrix C2 devices which now support policy features.
Save of .pmd file. Now, saving your .pmd file also automatically saves your policy information to a human-readable format (.cvs file).
Invalid Role Action for Matrix N-Series and RoamAbout R2 devices. Lets you specify what happens to a user that gets an unknown or invalid role.

SYSTEM REQUIREMENTS:

Supported Platforms

The system requirements for operating Policy Manager are listed here:

Windows^® 2000 w/ Service Pack 4, Windows XP^® w/ Service Pack 1, and Windows Server™ 2003 (qualified on the English version of the operating systems)
- Recommended P4, 2.4GHz, 1GB RAM
- Free Disk Space - 600MB

Solaris^® 2.7, 2.8, and 2.9 (with latest operating system patches installed)
- Recommended Sun^® Ultra 30/60 (or equivalent), 900MHz, 1GB RAM
- Free Disk Space - 600MB

Linux Red Hat Version 9 and Linux Enterprise v3 ES
- Recommended P4, 2.4GHz, 1GB RAM
- Free Disk Space - 600MB

UNIX^® Operating System Patches

Before installing Policy Manager on the UNIX platform, be sure to install the latest patches for your operating system. You can download the most recent operating system patches from www.sunsolve.sun.com.

PRODUCT FIRMWARE SUPPORT:

Table 1 lists the devices and firmware versions supported by this release of Policy Manager. Table 2 lists the feature sets supported by Policy Manager and the supported firmware. Table 3 lists the VLAN and Priority Classification Rule Support for the supported devices.

Table 1: Devices/Firmware Versions Supported

Device Type	Firmware Version
Matrix C1	1.01.xx 2.00.xx
Matrix C2	1.0 2.0.48
Matrix E1 (1H582-51, 1G582-09)	1.00.xx 2.00.xx 2.01.xx 2.02.xx 2.03.xx 2.04.xx 2.05.xx 3.00.xx 3.01.xx 3.02.xx 3.03.xx
Matrix E5	03.00.xx
Matrix E6/E7	5.00.48 5.00.49 5.01.33 5.02.02 5.03.xx 5.04.xx 5.05.xx 5.06.xx 5.07.xx 5.08.xx
Matrix N3/N5/N7/NSA Platinum	1.07.xx 1.50.xx 2.00.xx 3.00.xx 4.xx.xx 5.01.xx
Matrix N3/N5/N7 Gold	3.10.xx 4.xx.xx 5.01.xx
Matrix V2	2.5.x
RoamAbout R2	2.00.xx 3.01.xx 4.00.xx 4.01.xx 5.04.xx
RoamAbout AP3000	V2.0.6

Table 2: Policy Manager/Firmware Feature Support

Matrix C1
Functionality		1.01.xx	2.00.xx
Policy Support		X	X
802.1X Authentication		X	X
MAC Authentication		-	-
MAC+802.1X Authentication		-	-
Web-based Authentication		-	-
RADIUS Support		X	X
MAC Locking	Dynamic	-	X
MAC Locking	Static	-	X
VLAN Support		<1-4094> 1024 max	<1-4094> 4094 max
Priority (Class of Service)		X	X
Classification Rules	VLAN	X See Table 3	X See Table 3
Classification Rules	Priority	X See Table 3	X See Table 3
Policy-based VLAN Egress		X	X
Rate Limiting		X Priority-Based (8 rate limits) Outbound Only	X Priority-Based (8 rate limits) Outbound Only
Dynamic Egress		-	X
Drop VLAN Tagged Frame		X	X
GVRP		X	X
ToS/DSCP Rewrite		-	-

Matrix C2

Functionality 1.0 2.0.48

Policy Support - X

802.1X Authentication X X¹

MAC Authentication - X¹

MAC+802.1X Authentication - -

Web-based Authentication - X¹

RADIUS Support X X

MAC Locking Dynamic - X

Static - -

VLAN Support <1-4094>
1024 max <1-4093>
1024 max

Priority
(Class of Service) - X

Classification
Rules VLAN - X
See Table 3

Priority - X
See Table 3

Policy-based VLAN Egress - X

Rate Limiting - X²
Priority-Based
(GE 8 rate limits)
(FE 2 rate limits)
Inbound Only

Dynamic Egress - -

Drop VLAN Tagged Frame - -

GVRP X X

ToS/DSCP Rewrite - -

Matrix C2
Functionality	1.0	2.0.48
Policy Support	-	X
802.1X Authentication	X	X¹
MAC Authentication	-	X¹
MAC+802.1X Authentication	-	-
Web-based Authentication	-	X¹
RADIUS Support	X	X
MAC Locking	Dynamic	-	X
Static	-	-
VLAN Support	<1-4094> 1024 max	<1-4093> 1024 max
Priority (Class of Service)	-	X
Classification Rules	VLAN	-	X See Table 3
Priority	-	X See Table 3
Policy-based VLAN Egress	-	X
Rate Limiting	-	X² Priority-Based (GE 8 rate limits) (FE 2 rate limits) Inbound Only
Dynamic Egress	-	-
Drop VLAN Tagged Frame	-	-
GVRP	X	X
ToS/DSCP Rewrite	-	-

¹All three types of authentication can be enabled at the device-level but not at the port-level.
²GE ports - 8 rate limits; FE ports - 2 rate limits (0,1,2,3 and 4,5,6,7). Inbound Only.

Matrix E1 Firmware Version

Functionality 1.00.xx 2.00.xx 2.01.xx 2.02.xx
2.03.xx
2.04.xx
2.05.xx 3.00.xx
3.01.xx 3.02.xx
3.03.xx

Policy Support X X X X X X

802.1X Authentication - - X X X X

MAC Authentication - - - X X X

MAC+802.1X Authentication - - - X X X

Web-based Authentication - - - - X X

Enhanced Login Mode - - - - X X

Redirect Time - - - - - X

Guest Networking - - - - X X

RADIUS Support X X X X X X

RADIUS Accounting - - - - SNMPv3 Only SNMPv3 Only

CEP (Convergence End Point)¹ - - - - - X

MAC Locking Dynamic - - X X X X

Static - - X X X X

VLAN Support <1-3073>
3073 max <1-4094>
4094 max <1-4094>
4094 max <1-4094>
4094 max <1-4094>
4094 max <1-4094>
4094 max

Priority
(Class of Service) X X X X X X

Classification
Rules VLAN X
See Table 3 X
See Table 3 X
See Table 3 X
See Table 3 X
See Table 3 X
See Table 3

Priority X
See Table 3 X
See Table 3 X
See Table 3 X
See Table 3 X
See Table 3 X
See Table 3

Policy-based VLAN Egress - - - - - -

Rate Limiting - - X
Priority-Based
(8 rate limits)
Inbound Only X
Priority-Based
(8 rate limits)
Inbound Only X
Priority-Based
(8 rate limits)
Inbound Only
Min = 200 Kb/s
Max = 1 Gb/s X
Priority-Based
(8 rate limits)
Inbound Only
Min = 200 Kb/s
Max = 1 Gb/s

Dynamic Egress X X X X X X

Drop VLAN Tagged Frame - - - - - -

GVRP X X X X X X

ToS/DSCP Rewrite X X X X X X

Matrix E1	Firmware Version
Functionality	1.00.xx	2.00.xx	2.01.xx	2.02.xx 2.03.xx 2.04.xx 2.05.xx	3.00.xx 3.01.xx	3.02.xx 3.03.xx
Policy Support	X	X	X	X	X	X
802.1X Authentication	-	-	X	X	X	X
MAC Authentication	-	-	-	X	X	X
MAC+802.1X Authentication	-	-	-	X	X	X
Web-based Authentication	-	-	-	-	X	X
Enhanced Login Mode	-	-	-	-	X	X
Redirect Time	-	-	-	-	-	X
Guest Networking	-	-	-	-	X	X
RADIUS Support	X	X	X	X	X	X
RADIUS Accounting	-	-	-	-	SNMPv3 Only	SNMPv3 Only
CEP (Convergence End Point)¹	-	-	-	-	-	X
MAC Locking	Dynamic	-	-	X	X	X	X
Static	-	-	X	X	X	X
VLAN Support	<1-3073> 3073 max	<1-4094> 4094 max	<1-4094> 4094 max	<1-4094> 4094 max	<1-4094> 4094 max	<1-4094> 4094 max
Priority (Class of Service)	X	X	X	X	X	X
Classification Rules	VLAN	X See Table 3	X See Table 3	X See Table 3	X See Table 3	X See Table 3	X See Table 3
Priority	X See Table 3	X See Table 3	X See Table 3	X See Table 3	X See Table 3	X See Table 3
Policy-based VLAN Egress	-	-	-	-	-	-
Rate Limiting	-	-	X Priority-Based (8 rate limits) Inbound Only	X Priority-Based (8 rate limits) Inbound Only	X Priority-Based (8 rate limits) Inbound Only Min = 200 Kb/s Max = 1 Gb/s	X Priority-Based (8 rate limits) Inbound Only Min = 200 Kb/s Max = 1 Gb/s
Dynamic Egress	X	X	X	X	X	X
Drop VLAN Tagged Frame	-	-	-	-	-	-
GVRP	X	X	X	X	X	X
ToS/DSCP Rewrite	X	X	X	X	X	X

¹CEP is not supported if Web Authentication is enabled.

Matrix E5

Functionality

Policy Support X

802.1X Authentication X

MAC Authentication -

MAC+802.1X Authentication -

Web-based Authentication -

RADIUS Support X

MAC Locking Dynamic -

Static -

VLAN Support <1-2048>
1024 max

Priority
(Class of Service) -

Classification
Rules VLAN -

Priority -

Policy-based VLAN Egress -

Rate Limiting -

Dynamic Egress -

Drop VLAN Tagged Frame -

GVRP -

ToS/DSCP Rewrite -

Matrix E5
Functionality
Policy Support	X
802.1X Authentication	X
MAC Authentication	-
MAC+802.1X Authentication	-
Web-based Authentication	-
RADIUS Support	X
MAC Locking	Dynamic	-
Static	-
VLAN Support	<1-2048> 1024 max
Priority (Class of Service)	-
Classification Rules	VLAN	-
Priority	-
Policy-based VLAN Egress	-
Rate Limiting	-
Dynamic Egress	-
Drop VLAN Tagged Frame	-
GVRP	-
ToS/DSCP Rewrite	-

Matrix E6/E7 Firmware Version

Functionality 5.00.xx 5.01.xx 5.02.xx 5.03.xx 5.04.xx 5.05.xx
5.06.xx
5.07.xx
5.08.xx

Policy Support X X X X X X

802.1X Authentication - - X X X X

MAC Authentication - - - - X X

MAC+802.1X Authentication - - - - X X

Web-based Authentication - X X X X X

RADIUS Support - X X X X X

MAC Locking Dynamic - - - - X X

Static - - - - - X

VLAN Support <1-4094>
1024 max <1-4094>
1024 max <1-4094>
1024 max <1-4094>
1024 max <1-4094>
1024 max <1-4094>
1024 max

Priority
(Class of Service) X X X X X X

Classification
Rules VLAN X
See Table 3 X
See Table 3 X
See Table 3 X
See Table 3 X
See Table 3 X
See Table 3

Priority X
See Table 3 X
See Table 3 X
See Table 3 X
See Table 3 X
See Table 3 X
See Table 3

Policy-based VLAN Egress - - - - - -

Rate Limiting X
Priority-Based
(4 rate limits)
In/Outbound X
Priority-Based
(4 rate limits)
In/Outbound X
Priority-Based
(4 rate limits)
In/Outbound X
Priority-Based
(4 rate limits)
In/Outbound X
Priority-Based
(6 rate limits)
In/Outbound X
Priority-Based
(6 rate limits)
In/Outbound
Min = 96 Kb/s
Max = 7 Gb/s

Dynamic Egress X X X X X X

Drop VLAN Tagged Frame - X X X X X

GVRP X X X X X X

ToS/DSCP Rewrite X X X X X X

Matrix E6/E7	Firmware Version
Functionality	5.00.xx	5.01.xx	5.02.xx	5.03.xx	5.04.xx	5.05.xx 5.06.xx 5.07.xx 5.08.xx
Policy Support	X	X	X	X	X	X
802.1X Authentication	-	-	X	X	X	X
MAC Authentication	-	-	-	-	X	X
MAC+802.1X Authentication	-	-	-	-	X	X
Web-based Authentication	-	X	X	X	X	X
RADIUS Support	-	X	X	X	X	X
MAC Locking	Dynamic	-	-	-	-	X	X
Static	-	-	-	-	-	X
VLAN Support	<1-4094> 1024 max	<1-4094> 1024 max	<1-4094> 1024 max	<1-4094> 1024 max	<1-4094> 1024 max	<1-4094> 1024 max
Priority (Class of Service)	X	X	X	X	X	X
Classification Rules	VLAN	X See Table 3	X See Table 3	X See Table 3	X See Table 3	X See Table 3	X See Table 3
Priority	X See Table 3	X See Table 3	X See Table 3	X See Table 3	X See Table 3	X See Table 3
Policy-based VLAN Egress	-	-	-	-	-	-
Rate Limiting	X Priority-Based (4 rate limits) In/Outbound	X Priority-Based (4 rate limits) In/Outbound	X Priority-Based (4 rate limits) In/Outbound	X Priority-Based (4 rate limits) In/Outbound	X Priority-Based (6 rate limits) In/Outbound	X Priority-Based (6 rate limits) In/Outbound Min = 96 Kb/s Max = 7 Gb/s
Dynamic Egress	X	X	X	X	X	X
Drop VLAN Tagged Frame	-	X	X	X	X	X
GVRP	X	X	X	X	X	X
ToS/DSCP Rewrite	X	X	X	X	X	X

Matrix N-Series Platinum Firmware Version

Functionality 1.07.xx 1.50.xx 2.00.xx 3.00.xx 4.00.xx 5.01.xx
Policy Support X X X X X X

Multi-Authentication Types - - - - X X

Multi-Users per Port - - - - X¹ X

802.1X Authentication - X X X X X

MAC Authentication - - - - X X

Web-based Authentication - - - - X X

Enhanced Login Mode - - - - X X

Redirect Time - - - - X X

Guest Networking - - - - X X

RADIUS Support X X X X X X

RADIUS Accounting - - - - - X

MAC Locking Dynamic - - - X X X

Static - - - X X X

VLAN Support <1-4094>
1024 max <1-4094>
1024 max <1-4094>
1024 max <1-4094>
1024 max <1-4094>
1024 max <1-4094>
1024 max

Priority
(Class of Service) X X X X X X

Classification
Rules VLAN X
See Table 3 X
See Table 3 X
See Table 3 X
See Table 3 X
See Table 3 X
See Table 3

Priority X
See Table 3 X
See Table 3 X
See Table 3 X
See Table 3 X
See Table 3 X
See Table 3

Policy-based VLAN Egress X X X X X X

VLAN to Role Mapping - - - - X X

IP to Role Mapping - - - - - X

MAC to Role Mapping - - - - - X

Rule Accounting - - - - X X

Rate Limiting² X
Priority-Based
(16 rate limits)
In/Outbound X
Priority-Based
(16 rate limits)
In/Outbound X
Priority-Based
(16 rate limits)
In/Outbound X
Priority-Based
(16 rate limits)
In/Outbound X
Priority-Based
(16 rate limits)
In/Outbound
Min = 512 Kb/s
Max = None X
Priority-Based
or Role-Based

Dynamic Egress X X X X X X

Drop VLAN Tagged Frame X X X X X X

GVRP X X X X X X

ToS/DSCP Rewrite - - - - - X

Matrix N-Series Platinum	Firmware Version
Functionality	1.07.xx	1.50.xx	2.00.xx	3.00.xx	4.00.xx	5.01.xx
Policy Support	X	X	X	X	X	X
Multi-Authentication Types	-	-	-	-	X	X
Multi-Users per Port	-	-	-	-	X¹	X
802.1X Authentication	-	X	X	X	X	X
MAC Authentication	-	-	-	-	X	X
Web-based Authentication	-	-	-	-	X	X
Enhanced Login Mode	-	-	-	-	X	X
Redirect Time	-	-	-	-	X	X
Guest Networking	-	-	-	-	X	X
RADIUS Support	X	X	X	X	X	X
RADIUS Accounting	-	-	-	-	-	X
MAC Locking	Dynamic	-	-	-	X	X	X
Static	-	-	-	X	X	X
VLAN Support	<1-4094> 1024 max	<1-4094> 1024 max	<1-4094> 1024 max	<1-4094> 1024 max	<1-4094> 1024 max	<1-4094> 1024 max
Priority (Class of Service)	X	X	X	X	X	X
Classification Rules	VLAN	X See Table 3	X See Table 3	X See Table 3	X See Table 3	X See Table 3	X See Table 3
Priority	X See Table 3	X See Table 3	X See Table 3	X See Table 3	X See Table 3	X See Table 3
Policy-based VLAN Egress	X	X	X	X	X	X
VLAN to Role Mapping	-	-	-	-	X	X
IP to Role Mapping	-	-	-	-	-	X
MAC to Role Mapping	-	-	-	-	-	X
Rule Accounting	-	-	-	-	X	X
Rate Limiting²	X Priority-Based (16 rate limits) In/Outbound	X Priority-Based (16 rate limits) In/Outbound	X Priority-Based (16 rate limits) In/Outbound	X Priority-Based (16 rate limits) In/Outbound	X Priority-Based (16 rate limits) In/Outbound Min = 512 Kb/s Max = None	X Priority-Based or Role-Based
Dynamic Egress	X	X	X	X	X	X
Drop VLAN Tagged Frame	X	X	X	X	X	X
GVRP	X	X	X	X	X	X
ToS/DSCP Rewrite	-	-	-	-	-	X

¹Only one user per port can authenticate via 802.1X authentication. For Web-based and MAC authentication, Gigabit Ethernet supports 128 users per port and Fast Ethernet supports 8 users per port.
²There are important differences in priority-based rate limit behavior on N-Series Platinum devices. For more information, see Priority-Based Rate Limiting on N-Series Platinum Devices.

Matrix N-Series Gold Firmware Version

Functionality 3.10.xx 4.00.xx 5.01.xx
Policy Support X X X

Multi-Authentication Types - X X

Multi-Users per Port - X¹ X

802.1X Authentication X X X

MAC Authentication - X X

Web-based Authentication - X X

Enhanced Login Mode - X X

Redirect Time - X X

Guest Networking - X X

RADIUS Support X X X

RADIUS Accounting - - X

MAC Locking Dynamic X X X

Static X X X

VLAN Support <1-4094>
1024 max <1-4094>
1024 max <1-4094>
1024 max

Priority
(Class of Service) X X X

Classification
Rules VLAN X
See Table 3 X
See Table 3 X
See Table 3

Priority X
See Table 3 X
See Table 3 X
See Table 3

Policy-based VLAN Egress X X X

Rate Limiting X
Priority-Based
(8 rate limits)
Inbound Only X
Priority-Based
(8 rate limits)
Inbound Only
Min = 1 Mb/s
Max = None X
Priority-Based
or Role-Based
(8 rate limits)
Inbound Only
Min = 1 Mb/s
Max = None

Dynamic Egress X X X

Drop VLAN Tagged Frame X X X

GVRP X X X

ToS/DSCP Rewrite - - X

Matrix N-Series Gold	Firmware Version
Functionality	3.10.xx	4.00.xx	5.01.xx
Policy Support	X	X	X
Multi-Authentication Types	-	X	X
Multi-Users per Port	-	X¹	X
802.1X Authentication	X	X	X
MAC Authentication	-	X	X
Web-based Authentication	-	X	X
Enhanced Login Mode	-	X	X
Redirect Time	-	X	X
Guest Networking	-	X	X
RADIUS Support	X	X	X
RADIUS Accounting	-	-	X
MAC Locking	Dynamic	X	X	X
Static	X	X	X
VLAN Support	<1-4094> 1024 max	<1-4094> 1024 max	<1-4094> 1024 max
Priority (Class of Service)	X	X	X
Classification Rules	VLAN	X See Table 3	X See Table 3	X See Table 3
Priority	X See Table 3	X See Table 3	X See Table 3
Policy-based VLAN Egress	X	X	X
Rate Limiting	X Priority-Based (8 rate limits) Inbound Only	X Priority-Based (8 rate limits) Inbound Only Min = 1 Mb/s Max = None	X Priority-Based or Role-Based (8 rate limits) Inbound Only Min = 1 Mb/s Max = None
Dynamic Egress	X	X	X
Drop VLAN Tagged Frame	X	X	X
GVRP	X	X	X
ToS/DSCP Rewrite	-	-	X

¹Only one user per port can authenticate via 802.1X authentication. Web-based and MAC authentication support 2 users per port.

Matrix V2 Firmware Version

Functionality 2.5.x

Policy Support -

802.1X Authentication X

MAC Auth -

MAC+802.1X Authentication -

Web-based Authentication -

RADIUS Support X

MAC Locking Dynamic -

Static -

VLAN Support -

Priority
(Class of Service) -

Classification
Rules VLAN -

Priority -

Policy-based VLAN Egress -

Dynamic Egress -

Rate Limiting -

Drop VLAN Tagged Frame -

GVRP -

ToS/DSCP Rewrite -

Matrix V2	Firmware Version
Functionality	2.5.x
Policy Support	-
802.1X Authentication	X
MAC Auth	-
MAC+802.1X Authentication	-
Web-based Authentication	-
RADIUS Support	X
MAC Locking	Dynamic	-
Static	-
VLAN Support	-
Priority (Class of Service)	-
Classification Rules	VLAN	-
Priority	-
Policy-based VLAN Egress	-
Dynamic Egress	-
Rate Limiting	-
Drop VLAN Tagged Frame	-
GVRP	-
ToS/DSCP Rewrite	-

RoamAbout R2 Firmware Version

Functionality 2.00.xx 3.00.xx 4.00.xx
4.01.xx 5.04.xx

Policy Support - X X X

802.1X Authentication X X X X

MAC Authentication - - - X

MAC+802.1X Authentication - - - X

Web-based Authentication - - - -

RADIUS Support - - X X

MAC Locking Dynamic - - - -

Static - - - -

VLAN Support - Permit/Deny Traffic Only Permit/Deny Traffic Only Permit/Deny Traffic Only

Priority
(Class of Service) - - - -

Classification
Rules VLAN - X
See Table 3 X
See Table 3 X
See Table 3

Priority - - - -

Policy-based VLAN Egress - - - -

Rate Limiting - - - -

Dynamic Egress - - - -

Drop VLAN Tagged Frame - - - -

GVRP - - - -

ToS/DSCP Rewrite - - - -

RoamAbout R2	Firmware Version
Functionality	2.00.xx	3.00.xx	4.00.xx 4.01.xx	5.04.xx
Policy Support	-	X	X	X
802.1X Authentication	X	X	X	X
MAC Authentication	-	-	-	X
MAC+802.1X Authentication	-	-	-	X
Web-based Authentication	-	-	-	-
RADIUS Support	-	-	X	X
MAC Locking	Dynamic	-	-	-	-
Static	-	-	-	-
VLAN Support	-	Permit/Deny Traffic Only	Permit/Deny Traffic Only	Permit/Deny Traffic Only
Priority (Class of Service)	-	-	-	-
Classification Rules	VLAN	-	X See Table 3	X See Table 3	X See Table 3
Priority	-	-	-	-
Policy-based VLAN Egress	-	-	-	-
Rate Limiting	-	-	-	-
Dynamic Egress	-	-	-	-
Drop VLAN Tagged Frame	-	-	-	-
GVRP	-	-	-	-
ToS/DSCP Rewrite	-	-	-	-

RoamAbout AP3000 Firmware Version

Functionality V2.0.6

Policy Support -

802.1X Authentication X

MAC Auth -

MAC+802.1X Authentication -

Web-based Authentication -

RADIUS Support X

MAC Locking Dynamic -

Static -

VLAN Support -

Priority
(Class of Service) -

Classification
Rules VLAN -

Priority -

Policy-based VLAN Egress -

Dynamic Egress -

Rate Limiting -

Drop VLAN Tagged Frame -

GVRP -

ToS/DSCP Rewrite -

RoamAbout AP3000	Firmware Version
Functionality	V2.0.6
Policy Support	-
802.1X Authentication	X
MAC Auth	-
MAC+802.1X Authentication	-
Web-based Authentication	-
RADIUS Support	X
MAC Locking	Dynamic	-
Static	-
VLAN Support	-
Priority (Class of Service)	-
Classification Rules	VLAN	-
Priority	-
Policy-based VLAN Egress	-
Dynamic Egress	-
Rate Limiting	-
Drop VLAN Tagged Frame	-
GVRP	-
ToS/DSCP Rewrite	-

Table 3: VLAN/Priority Classification Rule Support Table

		C1		C2
		VLAN	Priority	VLAN	Priority
Layer 2	Ethertype	VLAN max 8 rules per role Deny and Priority combined max 1000		YES¹	YES
	DSAP/SSAP			NO	NO
	MAC Address Source	NO	NO	Permit/Deny Only	YES
	MAC Address Destination	NO	NO	Permit/Deny Only	YES
	MAC Address Bilateral	NO	NO	Permit/Deny Only	YES
Layer 3	IP Type of Service	Deny and Priority combined max 1000		Permit/Deny Only	YES
	IP Protocol Type	Deny and Priority combined max 8 rules per role		Permit/Deny Only	YES
	IP Address Source	NO	NO	Permit/Deny Only	YES
	IP Address Destination	NO	NO	Permit/Deny Only	YES
	IP Address Bilateral	NO	NO	Permit/Deny Only	YES
	IP Socket Source	NO	NO	Permit/Deny Only	YES
	IP Socket Destination	NO	NO	Permit/Deny Only	YES
	IP Socket Bilateral	NO	NO	Permit/Deny Only	YES
	IP Fragment	NO	NO	NO	NO
	IPX Class of Service	NO	NO	NO	NO
	IPX Packet Type	NO	NO	NO	NO
	IPX Network Source	NO	NO	NO	NO
	IPX Network Destination	NO	NO	NO	NO
	IPX Network Bilateral	NO	NO	NO	NO
	IPX Socket Source	NO	NO	NO	NO
	IPX Socket Destination	NO	NO	NO	NO
	IPX Socket Bilateral	NO	NO	NO	NO
	ICMP	NO	NO	Permit/Deny Only	YES
	VLAN	NO	NO	Permit/Deny Only	YES
	Priority	NO	NO	NO	NO
Layer 4	IP UDP Port Source	Deny and Priority combined max 8 rules per role		Permit/Deny Only	YES
	IP UDP Port Destination	Deny and Priority combined max 8 rules per role		Permit/Deny Only	YES
	IP UDP Port Bilateral	NO	NO	Permit/Deny Only	YES
	IP TCP Port Source	Deny and Priority combined max 8 rules per role		Permit/Deny Only	YES
	IP TCP Port Destination	Deny and Priority combined max 8 rules per role		Permit/Deny Only	YES
	IP TCP Port Bilateral	NO	NO	Permit/Deny Only	YES
	IP UDP Port Src Range	NO	NO	Permit/Deny Only	YES
	IP UDP Port Des Range	NO	NO	Permit/Deny Only	YES
	IP UDP Port Bi Range	NO	NO	Permit/Deny Only	YES
	IP TCP Port Src Range	NO	NO	Permit/Deny Only	YES
	IP TCP Port Des Range	NO	NO	Permit/Deny Only	YES
	IP TCP Port Bi Range	NO	NO	Permit/Deny Only	YES

¹VLAN Support varies depending on versions. See your firmware release notes for more information.

E1 (WS & GWS) E5 E6/E7

VLAN Priority VLAN Priority VLAN Priority

Layer 2