The Symantec LAN Enforcer appliance is part of the Symantec Network Access Control (SNAC) suite. The device can be used with 802.1x enabled switches and access points to open, close, or redirect ports to a particular vlan based on Host Integrity checks performed on the endpoint.
This article provides the Cisco IOS commands necessary for configuring a (newly-reset/plain-configuration) Cisco Catalyst switch for use with the Symantec LAN Enforcer. The commands are applicable for models including the 2950, 2960 and 3750.
Show the current (running) configuration:
(from the plain ">" prompt, first use the "enable" command to switch to a "#" prompt)
The above configuration will work with the Lan Enforcer in both Basic and Transparent mode (with/without optional RADIUS user authentication). Changing from a Transparent to a Basic setup does not require re-configuration on the switch side.
The below commands are optional, for configuring a quarantine vlan.
Optionally a guest vlan can be configured for each port, where a machine without a supplicant would be assigned.
The below is an optional command for recent switch models only, for assigning a particular vlan in case the link between the switch and LAN Enforcer is broken.
The below commands are useful for showing information on port status and vlan assignment.