Specifications
128 ExtremeWare XOS 10.1 Concepts Guide
Security
permit;
}
}
entry deny_rest {
if {
}
then {
deny;
}
}
Using Policies
Once the policy file is on the switch, it can be checked to see if it is syntactically correct. Use the
following command to check the policy syntax:
check policy <policy-name>
To apply a policy, use the command appropriate to the client. Some examples include:
configure bgp import-policy [<policy-name> | none]
configure bgp neighbor [<remoteaddr> | all] {address-family [ipv4-unicast |
ipv4-multicast]} route-policy [in | out] [none | <policy>]
configure bgp peer-group <peer-group-name> route-policy [in | out] [none | <policy>]
configure ospf area <area-identifier> external-filter [<policy-map> |none]
configure ospf area <area-identifier> interarea-filter [<policy-map> | none]
configure rip import-policy [<policy-name> | none]
configure rip vlan [<vlan-name> | all] route policy [in | out] [<policy-name> | none]
configure rip [vlan <vlan-name> | all] trusted-gateway [<policy-name> | none]
To remove a policy, use the none option.
Refreshing Policies
When a policy file is changed (adding, deleting an entry, adding/deleting/modifying a statement etc.),
the new file can be downloaded to the switch and the user must refresh the policy so that the latest
copy of policy will be used.
When the policy is refreshed, the policy file is read, processed, and stored in the server database. Use
the following command to refresh the policy:
refresh policy <policy-name>
Management Access Security
Management access security features control access to the management functions available on the
switch. These features help insure that any configuration changes to the switch can only be done by
authorized users. In this category are the following features:
• Authenticating Users Using RADIUS or TACACS+