Extreme Networks Policy Manager (EPM) Supervisor Edition - User Guide Version 1.2 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 (408) 579-2800 http://www.extremenetworks.
AccessAdapt, Alpine, BlackDiamond, EPICenter, ESRP, Ethernet Everywhere, Extreme Enabled, Extreme Ethernet Everywhere, Extreme Networks, Extreme Standby Router Protocol, Extreme Turbodrive, Extreme Velocity, ExtremeWare, ExtremeWorks, ExtremeXOS, the Go Purple Extreme Solution, ScreenPlay, Sentriant, ServiceWatch, Summit, SummitStack, Unified Access Architecture, Unified Access RF Manager, UniStack, UniStack Stacking, the Extreme Networks logo, the Alpine logo, the BlackDiamond logo, the Extreme Turbodrive
Table of Contents Preface........................................................................................................................................... 7 Introduction ...............................................................................................................................7 Conventions................................................................................................................................7 Related Publications .........................................
Table of Contents Chapter 4: Creating Policies and Rules........................................................................................... 37 Introduction .............................................................................................................................37 Creating a New Policy................................................................................................................37 Creating a New Rule for a Policy...................................................
Table of Contents Match Condition Selection Panel ................................................................................................75 Appendix B: Troubleshooting ......................................................................................................... 77 Introduction .............................................................................................................................77 Connectivity Problems ..............................................................
Table of Contents 6 Extreme Networks Policy Manager (EPM) 1.
Preface This preface introduces this user guide, describes guide conventions, and lists other useful publications. Introduction This guide provides the required information to use the Extreme Networks Policy Manager (EPM) Supervisor Edition software.
Preface . Table 2: Text Conventions Convention Description Screen displays This typeface represents information as it appears on the screen. Screen displays bold This typeface indicates how you would type a particular command. The words “enter” and “type” When you see the word “enter” in this guide, you must type something, and then press the Return or Enter key. Do not press the Return or Enter key when an instruction simply says “type.” [Key] names Key names appear in text in one of two ways.
1 Overview Introduction This chapter describes the following sections: ● Description of the Extreme Networks Policy Manager on page 9 ● About This Manual on page 10 ● Editions of the EPM on page 10 Description of the Extreme Networks Policy Manager The Extreme Networks Policy Manager (EPM) is a client application for the configuration and management of Access Control Lists (ACLs) and Continuous Learning, Examination, Action and Reporting of Flows (CLEAR-Flow or CF) on EXOS-based Extreme Networks swi
Overview About This Manual This manual consists of six chapters, two appendixes and an index, arranged as shown in Table 3. Table 3: List of Chapters Chapter Description 1 - Overview Describes the Extreme Networks Policy Manager and the User Guide contents.
2 Installing The Extreme Networks Policy Manager Introduction This chapter describes the following sections: ● Hardware and Software Requirements on page 11 ● Switch Requirements on page 11 ● EPM Installation on page 13 Hardware and Software Requirements The EPM is a software application that is installed on a customer’s PC. Table 4 displays the minimum requirements for a single user.
Installing The Extreme Networks Policy Manager ● The switch must be running ExtremeXOS™ 11.4 or later. ● The EPM requires a Secure Shell (SSH) module installed and running on the switch to manage policy file transfer. The default state of SSH is “disabled”, so ensure that this application has been enabled using the enable ssh2 command. To load and run the SSH module on a switch, use the following commands: a Download image -xxx-ssh.
EPM Installation EPM Installation The EPM is installed from a network download and utilizes a user interface installation Wizard. Use the following procedure: 1 Download the EPM program files from Extreme Networks’ Software Downloads web page. 2 On Windows, double click the installation bundle executable icon. On Linux, run the installation script (.sh file) from an xterm window. The Setup Wizard window is launched as shown below.
Installing The Extreme Networks Policy Manager The Wizard then extracts and installs the files, and displays e Notification of the file installation, f The following Information window, and g The following finishing window. 4 Click Finish. The EPM is installed. 14 Extreme Networks Policy Manager (EPM) 1.
3 Viewing Policies and Rules Introduction This chapter provides a brief description of the different ways to view policies and rules in the Extreme Networks Policy Manager (EPM). The EPM functions in two modes—local and switch. In local mode, the user can work independently within an offline set of files to create, modify and verify policies and rules. The local files can also be used as a backup system for files running on a switch.
Viewing Policies and Rules The first time the EPM program is launched, the following message is displayed . 16 Extreme Networks Policy Manager (EPM) 1.
Opening the EPM 2 After reading, Close the box. The following IP Address Notice is displayed. This notice is displayed every time the EPM is opened until an IP address has been set. 3 Click OK. The EPM then notifies the user if it has found a TFTP server. Without one, the EPM can open and save local policies only. a If it finds a TFTP server, the following notice is displayed. Refer to “Configuring the EPM for use on a Switch” on page 18 to set the policy staging directory.
Viewing Policies and Rules Configuring the EPM for use on a Switch Before attempting to open a policy from a switch or save a policy to a switch, be certain that the following steps have been completed. ● The EPM has found a TFTP server. Check that the TFTP server is running on client and is listening on port 69. ● The user running the EPM has read/write/create permission to the TFTP server’s root directory. ● The file staging directory is pointing towards the TFTP server’s root directory.
Configuring the EPM for use on a Switch ● The file search directory is pointing towards the policy files as shown below. This is the default. Choose Tools > Properties > Set file search directory to check the file name in the file Open box. Extreme Networks Policy Manager (EPM) 1.
Viewing Policies and Rules Description of the Windows and Menus The EPM Desktop The program opens to the Rule Editor window. The two primary working windows are the Rule Editor window which is described on page 26 and the Rule Navigator window which is described on page 29. Some window elements are common to both the Rule Editor and the Rule Navigator windows. The following screen identifies those common elements.
Description of the Windows and Menus Menu Bar The Menu Bar consists of six standard menus—File, View, Policy, Rules, Tools and Help. Table 5 describes the elements of these menus. Table 5: EPM Standard Menus Menu Components Description File New Begins the process to create a new policy. Refer to “Creating a New Policy” on page 37. Open Opens an existing policy file. Switch Opens an existing policy file from a switch. Refer to “Opening a Policy File from a Switch” on page 31.
Viewing Policies and Rules Table 5: EPM Standard Menus (Continued) Menu Components Reorder rules by initial position Rules Description Places rules in their original position regardless of rank. Refer to “Organizing Rules” on page 49. Begins the process to create a new rule. New Rule Opens the Rule Wizard to create a new rule. Refer to “Creating a New Rule for a Policy” on page 37. Tools Global Variables... Opens a dialog box in which global variables can be set.
Description of the Windows and Menus Toolbar The Toolbar contains icons for the most common menu operations and are shown in Table 6.
Viewing Policies and Rules ● The Actions tab displays the actions log messages. All user actions are recorded for audit purposes. (The replay of actions is planned for a future release.) ● The Log tab displays common log messages. The common log contains any trace or error messages that inhibit or cause failure of EPM functions. For each of these three logs (Alerts, Actions and Log), there is a “Clear” button that removes the entries currently appearing on the screen.
Description of the Windows and Menus ● The Rule Activity tab displays activity data for a policy running on a switch. The EPM updates the data every 15 to 30 seconds. This log is shown only when the EPM is connected to a switch. For the Rule Activity log, there is a Refresh button that manually updates any modified activity. Status Bar The Status Bar displays the current activity of the EPM. When it is not executing a function it reads “Idle.
Viewing Policies and Rules Rule Editor Window When a policy is opened from either the local files or from a switch or when a new policy is created, the Rule Editor Window is displayed. The following screen shows the Rule Editor Window and the elements unique to this window.
Description of the Windows and Menus Tree Structure Panel The Tree Structure Panel displays the ACL and CLEAR-Flow (or CF) rules that are included within the selected policy. ACL rules are identified with a silver icon and CLEAR-Flow rules with a gold icon . Within this panel, the rules can be organized and displayed in three different ways. Use the three tabs that are located below the panel to organize and display the rules according to the following: Rules by class Displays the rules by their class.
Viewing Policies and Rules Another feature of this panel is a dropdown menu that is displayed when you right-click any rule in the list. The menu displays functions that are used primarily to edit and modify policies and rules. For details about this menu, refer to the chapter, “Modifying Policies and Rules” on page 43. Rule Properties Panel The Rule Properties Panel is made up of three boxes under two tabs. The three boxes display different elements of the selected rule. Rule Parameters Tab.
Description of the Windows and Menus Rule Navigator Window From the Rule Editor window, clicking the Rule Navigator tab displays the Rule Navigator window. The screen below shows the Rule Navigator Window and the elements unique to this window. Those elements include: ● Access Control List Rules (ACL) and ACL Rule Detail ● CLEAR-Flow Rules (CF) and CF Rule Detail The Access Control List (ACL) Rules panel displays the names of the ACL rules that are included in the policy that is open.
Viewing Policies and Rules Between the Access Control List rules panel and the CLEAR-Flow Rules panel are two icon arrows which toggle filters on and off. A toggle button that when clicked filters the CLEAR-Flow rules to show only those that are referenced by the selected ACL rule. In the CF Rule Detail panel, the reference is highlighted in yellow. Click the button a second time to toggle the filter off and again show all CLEAR-Flow rules.
Opening an Existing Policy Opening a Policy File from a Switch 1 Ensure that your TFTP server is open. 2 From the EPM menu, choose File > Open > Switch. An Operation Progress box is displayed followed by a Remote Switch Dialog box as shown below. 3 Enter the following information, completing all four fields. Leaving a field blank does not result in default behavior.
Viewing Policies and Rules When there is no problem with the connection, a Policy Selection box opens as shown below. 5 From the dropdown menu, choose the desired policy name and click OK. The Operation Progress box is displayed and is followed by a Load Notice box stating that the policy was successfully loaded. 6 Click OK. In the Tree Structure Panel, the IP address of the switch is displayed following the policy name.
Searching for Rules in a Policy Searching for Rules in a Policy The EPM includes the functionality to search a policy to find: 1) particular rules by name or 2) all rules that have certain parameters as selected by the user. These can be demonstrated using the rules shown in the following policy.
Viewing Policies and Rules Search by Parameter To search for one or more rules that have specified elements, use the following procedure: 1 From the menu choose Policy > Search or click the Search Policy icon box opens as shown below. . A Search Policy dialog 2 Click the boxes to indicate Search acl rules and/or Search CLEAR-Flow rules. 3 Click either the Match all of the following or the Match any of the following radio button. 4 Click the More command button.
Searching for Rules in a Policy 8 Continue modifying the search by adding More or Fewer criteria. 9 To remove any specific rules from the policy, select the rule and click the Delete command button. CAUTION The Delete command button removes a rule from the policy completely, not only in this action. 10 If desired, mark any rules using the “Mark” buttons. When the Search Policy window is closed, these marks are displayed in the main windows. 11 To remove the search results, click the Clear command button.
Viewing Policies and Rules Working Among the Windows and Panels When a particular policy or rule is selected in any of the windows or panels, it is automatically selected in all of the windows and panels. For example, in the screens below, the rule ACL_ICMP_REP was selected by the user from the Tree Structure Panel. The same selection appears automatically in all other rule viewing panels.
4 Creating Policies and Rules Introduction The Extreme Networks Policy Manager (EPM) is used by first creating a policy and then populating it with ACL and CLEAR-Flow rules. Policies and Rules can be created locally, tested and verified, and then pushed to a switch.
Creating Policies and Rules b From the Class Name dropdown menu, choose an existing class or type a new class name. NOTE If the new rule is being added to an existing policy, the dropdown menu contains selections of those class names that are currently in the policy. If it is being added to a new policy, there are no selections and a name must be added. Choose a name that will group all related rules. c Click the appropriate radio button to designate an ACL or CLEAR-Flow rule.
Saving a Policy Use the following procedure to add a new rule in a given position in the listing. For example, add a new # 005 after # 004. 1 In the Rule Editing and Viewing Panel, right-click anywhere in the # 004 row. A menu is displayed. 2 Choose Insert new rule (after). The Rule Wizard opens. 3 Follow Step 2 through Step 14 above. Saving a Policy Policies can be saved to a local file or to a switch. To save to a local file: 1 From the Menu Bar, choose File > Save As > Local. The Save box opens.
Creating Policies and Rules c Select an existing policy name from the dropdown menu. The name is then displayed in the text field. Use this when replacing an existing policy with an updated one. The EPM displays a warning when it is overriding an existing policy. d To save the name you have chosen to display in the Name text field, click OK. NOTE The “Launch activity manager after save” box above refers to the Policy Activity Manager dialog box which is described on page 50.
Importing and Exporting Rules into a Policy Importing and Exporting Rules into a Policy The same rule can be included in various different policies. The EPM provides the capability to import rules into the current policy from another policy or export them to another policy from the current policy. This section explains those procedures. Use the import function when rules are to be added from one policy to the rules in the current policy.
Creating Policies and Rules 5 Click Yes or No. The following Merge Results box is displayed. 6 Click OK. The Rule Mark Notice is displayed stating that Updated and inserted rules will be marked. (Refer to “Marking Rules” on page 44.) 7 Click OK. The new rule is displayed in all the rule viewing panels in rank order. 8 Save the policy. Exporting Rules Rules are exported from the currently open policy (the source) in two ways.
5 Modifying Policies and Rules Introduction The Extreme Networks Policy Manager (EPM) provides the capability to easily edit and modify existing policies and rules.
Modifying Policies and Rules Marking Rules The rules in the currently open policy can be marked either for reference purposes or to select specific rules for export. When a rule is marked, an icon is displayed in front of the rule name both in the Rule Editing and Viewing Panel and in the Rule Navigator window.
Modifying Rules 2 From the menu, choose Cut. The rule is deleted. Use the following procedure to delete more than one rule. 1 From either list, mark the rules that are to be deleted using the procedures on page 44. 2 Right-click one of the marked rules and choose Cut all marked. All marked rules are deleted. NOTE A policy must contain at least one rule. If the user attempts to delete all rules or the last rule from a policy, the changes will not be saved. NOTE The EPM does not support “undo.
Modifying Policies and Rules Changing Rule Parameters Rule parameters can be changed either during the rule creating process or after the rule is saved. ● During the rule creating process in the Rule Wizard, use the Back button to back up and make changes to previous parameters. ● To add, modify or delete parameters in a saved rule, use the following procedures: (These procedures modify an ACL rule.
Modifying Rules To assist in the selection of arguments for count, clicking the icon as shown above, displays a list of “rule packet counters.” NOTE The Enter arguments box provides different lists and reference options depending on which “match condition” or “action” has been selected, c Modify the parameters as needed and then click Save and Close. The parameter is changed. Deleting parameters from a rule.
Modifying Policies and Rules Managing Global and Policy Variables Global and policy variables can be added, modified, and deleted. Global variables are stored on the client that runs the EPM and can be used when creating policies that are stored locally and on a switch. Policy variables apply to an individual policy. The same procedure is used to manage either of the two types of variables. 1 From the menu, click either Tools > Global Variables... or Tools > Policy Variables...
Organizing Rules Organizing Rules Rules can be organized to function within a policy in two ways. As discussed earlier in the rule creation process (on page 38), the user can either determine the order in which the rules are to be read or call the EPM algorithm that assigns an efficient order based on the specificity of the rules. The existing rule order can then be changed in the following ways. ● Reassign rule ranks using the EPM algorithm by choosing Policy > Recalculate rule ranks from the menu.
Modifying Policies and Rules Managing Policy Activity After a policy is saved to the switch. it does not function until it is activated. The current activity status of the policy is shown in the Status Panel under the Rule Activity tab. Activating and Deactivating a Policy To activate the policy on either a port or a VLAN, use the following procedure: 1 From the menu, choose Policy > Activity.... A Policy Activity Manager dialog box is displayed as shown below.
Managing Policy Activity 4 Continue the process, selecting additional ports (egress or ingress) and VLANs as desired. All are displayed in the Policy Activity Manager dialog box. 5 When all desired ports and VLANs have been selected, click the now enabled Commit command button and when the process is completed, Close the box. Under the Rule Activity tab, the port and VLAN commitments are shown. To view all the policies that are currently committed to the ports or VLANs, use the following procedure.
Modifying Policies and Rules Disabling a Rule Rules are normally enabled with the policy. However, one or more individual rules within a policy can be disabled by using the following procedure: 1 In the Rule Editing and Viewing Panel or the Rule Navigator Window, right-click the rule to be disabled and from the resulting menu, choose Disable. The rule appears in red. 2 To re-enable the rule, repeat the process in Step 1, selecting Enable from the menu. 52 Extreme Networks Policy Manager (EPM) 1.
6 Running Extreme Networks Policy Manager Examples Introduction This chapter describes some of the functionality of the Extreme Networks Policy Manager (EPM) using two examples. The examples use two sample policies that are included with the EPM application. NOTE Each of the following two examples consists of a series of connected procedures. Each procedure begins in the state where the previous one ended. If a procedure is used out of the order that is displayed here, the results may be affected.
Running Extreme Networks Policy Manager Examples Save to a Switch 1 Before saving a policy to a switch, make certain that the configuration steps, as described on page 11 and on page 18 have been taken. 2 From the menu, choose File > Save As > Switch. 3 In the Remote Switch Dialog box, enter the required information. (For more detail, see "To Save to a Switch on page 39.") 4 When the Policy Entry dialog box opens, it prompts with the policy name that was used locally.
Example 1—Example_TCP_Threshold.pol 5 When the policy is saved, several changes occur: ● A notice is displayed confirming the save; ● The switch’s IP address is displayed in the Tree Structure Panel to the right of the policy name, replacing "localfile"; ● The Rule Activity tab is displayed in the Status Panel.
Running Extreme Networks Policy Manager Examples 3 Transfer port 16 from the Available list to the Selected box using the arrow command buttons. Click the Ingress radio button and then Save and Close. Port 16 is now displayed in the Active Ports field as shown below. 4 See the notation in red stating that "Recent changes have not been committed to the switch configuration!" Click the Commit command button. A Commit Confirmation box opens. 5 Click Yes.
Example 1—Example_TCP_Threshold.pol 8 Click the Show All command button again to show only the currently edited policy. 9 Close the dialog box. Modify Rule Parameters To modify any of the existing rule parameters, use the following procedure. For this example, in the CF_TCP_THRESHOLD rule, the argument of 100 packets for the "count" parameter is changed to 200 packets. 1 Open the policy "Example_TCP_Threshold.pol." 2 In the Rule Editing and Viewing Panel, select the rule, "CF_TCP_THRESHOLD.
Running Extreme Networks Policy Manager Examples 5 Replace "100" with "200" then click Save and Close. The change is displayed in the "Match Conditions" text panel and in the raw rule text of the other rule viewing panels. 6 From the menu, choose Policy > Refresh. The following Refresh Confirmation box is displayed. 7 Click Yes. An Operation Progress box is displayed followed by a Validation Notice stating that the "Policy has been refreshed.
Example 2—Example_TCP_UDP_Balance.pol 5 Click the Rules by class tab to see the relationship between the two classes and the three rules. Search for a Rule The EPM provides the ability to search through the rules in a large policy to find one or more that fit given criteria. Suppose there are one or more particularly useful and workable rules that the user would like to use again, perhaps with modifications, in a new policy.
Running Extreme Networks Policy Manager Examples In this example, the user is looking for a ACL rule with a "COUNTER" action to be referenced with a CLEAR-Flow rule. To find it, use the following procedure: 1 From the tool bar, click the "Search Policy" icon . The Search Policy dialog box opens. 2 Deselect the Search CLEAR-Flow rules check box and click the More command button. A search criteria row of three fields is displayed.
Example 2—Example_TCP_UDP_Balance.pol Incorporate into a Policy When the single rule that was found is to be added to an existing policy, the copy/paste function is probably most efficient. Use the following procedure. 1 Right-click the now selected rule and choose Copy from the resulting menu. Close the current (or source) policy and open the policy into which the rule is to be copied (target). Right-click an existing rule and choose the desired Paste command from the menu.
Running Extreme Networks Policy Manager Examples 62 Extreme Networks Policy Manager (EPM) 1.
A Help Messages Introduction This appendix includes Help messages and other reference material that appear in the Extreme Networks Policy Manager (EPM). These are cross-referenced in this manual from the procedure to which they apply. For additional description of this material, refer to the ExtremeXOS Concepts Guide and the ExtremeXOS Command Reference Guide.
Help Messages 64 sys_IcmplnErrors counterreference sys_IcmplnDestUnreachs counterreference sys_IcmplnTimeExcds counterreference sys_IcmplnParmProbs counterreference sys_IcmplnSrcQuenchs counterreference sys_IcmplnRedirects counterreference sys_IcmplnEchos counterreference sys_IcmplnEchoReps counterreference sys_IcmplnTimestamps counterreference sys_IcmplnTimestampReps counterreference sys_IcmplnAddrMasks counterreference sys_IcmplnAddrMaskReps counterreference sys_IcmpOutMsgs coun
Synonyms used for Rule Constants Synonyms used for Rule Constants Name Description Value Type qp1 QOC Profile Names qp1 qpxname qp2 QOC Profile Names qp2 qpxname qp3 QOC Profile Names qp3 qpxname qp4 QOC Profile Names qp4 qpxname qp5 QOC Profile Names qp5 qpxname qp6 QOC Profile Names qp6 qpxname qp7 QOC Profile Names qp7 qpxname qp8 QOC Profile Names qp8 qpxname add Mirror modes add mirrormode delete Mirror modes delete mirrormode DEBU Syslog Levels DEBU leve
Help Messages 66 bgp Service Ports 179 numberrange-port biff Service Ports 512 numberrange-port bootpc Service Ports 68 numberrange-port bootps Service Ports 67 numberrange-port cmd Service Ports 514 numberrange-port cvspserver Service Ports 2401 numberrange-port DHCP Service Ports 67 numberrange-port domain Service Ports 53 numberrange-port eklogin Service Ports 2105 numberrange-port ekshell Service Ports 2106 numberrange-port exec Service Ports 512 numberrange-
Synonyms used for Rule Constants smtp Service Ports 25 numberrange-port snmp Service Ports 161 numberrange-port snmptrap Service Ports 162 numberrange-port snpp Service Ports 444 numberrange-port socks Service Ports 1080 numberrange-port ssh Service Ports 22 numberrange-port sunrpc Service Ports 111 numberrange-port syslog Service Ports 514 numberrange-port facacs-ds Service Ports 65 numberrange-port talk Service Ports 517 numberrange-port telnet Service Ports 23
Help Messages ttl-eq-zero-during reassembly ICMP Codes 1 number-icmpcode ttl-eq-zero-during-transit ICMP Codes 0 number-icmpcode communication-prohibited-by-filtering ICMP Codes 13 number-icmpcode destination-host-prohibited ICMP Codes 10 number-icmpcode destination-host-unknown ICMP Codes 7 number-icmpcode destination-network-prohibited ICMP Codes 9 number-icmpcode destination-network-unknown ICMP Codes 6 number-icmpcode fragmentation-needed ICMP Codes 4 number-icmpcode hos
Match Condition Selection Panel Match Condition Selection Panel This panel allows you to select from a list of match conditions. A choice of several match conditions is available: ethernet-type: Ethernet packet type. In place of the numeric value, you can specify one of the following text synonyms (the field values are also listed): ETHER-P-IP (0x0800), ETHER-P-8021Q (0x8100), ETHER-P-IPV6 (0x86DD). ethernet-source-address Ethernet source MAC address.
Help Messages icmp-type: ICMP type field. Normally, you specify this match in conjunction with the protocol match statement.
Action Modifier Selection Panel sys_IpForwDatagrams - The number of input IP packets for which this entity was not their final IP destination, as a result of which an attempt was made to find a route to forward them to that final destination. sys_IpInUnknownProtos - The number of locally-addressed IP packets received successfully but discarded because of an unknown or unsupported protocol.
Help Messages sys_IcmpInDestUnreachs - The number of ICMP Destination Unreachable messages received. sys_IcmpInTimeExcds - The number of ICMP Time Exceeded messages received. sys_IcmpInParmProbs - The number of ICMP Parameter Problem messages received. sys_IcmpInSrcQuenchs - The number of ICMP Source Quench messages received. sys_IcmpInRedirects - The number of ICMP Redirect messages received. sys_IcmpInEchos - The number of ICMP Echo (request) messages received.
Action Modifier Selection Panel sys_IcmpInBadCode - The number of incoming ICMP packets with a bad code field value. sys_IcmpInTooShort - The number of incoming short ICMP packets. sys_IcmpInBadChksum - The number of incoming ICMP packets with bad checksums. sys_IcmpInRouterAdv - The number of incoming ICMP router advertisements. Router advertisements are used by IP hosts to discover addresses of neighboring routers.
Help Messages svid: Modifies the S-VID value. In the field, the value must be a positive integer number. traffic-queue: Places the traffic on the specified traffic-queue (Black Diamond 12804R only) uplinkport: Modifies the uplink port. In the first field, enter “tagged” or “untagged” or leave it empty for all traffic. In the second field, enter a single number or a list separated by commas. redirect: Used to redirect packets (BlackDiamond 10K and BlackDiamond 12804 Only).
True Action Selection Panel True Action Selection Panel This panel allows you to select from a list of actions for the compare TRUE condition. If the match conditions are evaluated TRUE, then the actions specified here are executed. permit Changes the existing ACL to permit. All packets that match the conditional statements of the specified ACL are allowed to pass to their destinations. deny Changes the existing ACL to deny.
Help Messages 76 count A CLEAR-Flow count expression compares a counter with the threshold value. Beginning in ExtremeXOS release 11.4, the value of and can be specified as floating point numbers. The count statement specifies how to compare a counter with its threshold. The is the name of an ACL counter referred to by an ACL rule entry and the is the value compared with the counter.
B Troubleshooting Introduction This appendix includes suggestions for dealing with problems that may occur when running the Extreme Networks Policy Manager (EPM).
Troubleshooting Local Client Runtime Problems When the EPM becomes unresponsive or does not launch, check the following: ● Verify that the client has at least 1 GB of memory. The EPM requires up to 512 MB of available memory but functions better with 1 GB. ● Terminate any other applications that may be consuming memory and restart the EPM. Verify that it executes correctly. ● Verify that the CPU is not “swamped” with other intensive processing tasks. Reduce the other tasks and restart the EPM.
Index Symbols E #, definition, 27 editing rule parameters, 46 rules, 43 EPM desktop, 20 launching, 15 modes, 15 opening, 15 eSupport Website link, 20 exporting rules, 42 Extreme Networks Policy Manager see EPM A Access Control List (ACL) Rules panel, 29 Access Control Lists see ACLs ACLs, 9 Action Modifier Selection Panel reference list, 70 Actions tab, 24 activate a policy example, 55 procedure, 50 activated policy, changing, 47 adding, 44 global and policy variables, 48 rule parameters, 46 rules, 44 A
Index N name, definition, 27 NAT IP address, setting, 18 O opening a policy, 30 opening the EPM, 15 organizing rules, 49 P parsing, 32 policies activate, 50 creating, 37 deactivate, 51 deleting, 49 invalid, 32 parsing, 32 validating, 40 Policy Information tab, 24 Policy Validation Exception box, 40 policy variables, 48 policy, opening locally, 30 switch, 31 Predefined CLEAR-Flow System Counters reference list, 63 R rank see rule rank reclassifying a rule, 45 refresh description, 21, 47 example, 58 relat
Index Synonyms used for Rule Constants reference list, 65 T TCNT, definition, 27 text conventions, 7 TFTP server, 12 toolbar icons, 23 Tree Structure Panel, 27 Trigger Count see TCNT Trivial File Transfer Protocol see TFTP troubleshooting, 77 Type Selection Panel reference, 68 type, definition, 27 V validate a policy, 40 variables global, 48 policy, 48 Extreme Networks Policy Manager (EPM) 1.
Index 82 Extreme Networks Policy Manager (EPM) 1.
