Interoperability with other switch features

The following rules can help avoid conflicts when BYOD-redirect has been deployed on a switch with other features:

  1. MAFR and BYOD-redirect are mutually exclusive – MAFR and BYOD-redirect solve similar problems.

  2. DNS sentinel and BYOD-redirect – When a DNS sentinel is enabled, the switch tunnels packets to the controller. Packets are re-injected to the switch only if the controller classifies DNS packets as permitted. When BYOD-redirect is enabled, the user should configure an ACL rule to pass through DNS packets to the switch. If SDN controller policy classifies a DNS packet originating from a client as drop, then BYOD-redirect does not work.

  3. IP sentinel and BYOD-redirect – When IP sentinel is enabled for the IP flows configured by the SDN controller, the switch tunnels the IP packets to the controller. The IP packets are re-injected to the switch only if the controller classifies the IP traffic as not malicious. If the SDN controller policy classifies the client’s IP traffic as malicious, then BYOD-redirect fails.

  4. OpenFlow and BYOD-redirect – If an OpenFlow instance is enabled on a VLAN, then all traffic is given to the OpenFlow packet processing task. BYOD-redirect requires intercepting IP (HTTP) packets. If BYOD-redirect inter-operates with OpenFlow, traffic should be copied to both OpenFlow and BYOD-redirect; otherwise, the switch cannot enable BYOD-redirect and OpenFlow on the same VLAN.

  5. Other TCAM rules – If any other user has configured TCAM rules that override TCAM entries installed for BYOD-redirect, BYOD-redirect does not work.