ExtremeSwitching (EXOS)

Expand all | Collapse all

Questions to EXOS access-lists

  • 1.  Questions to EXOS access-lists

    Posted 09-22-2017 12:37
    I am working with Extreme ACLs based on current EXOS Firmware - 16.2 or 21.1. i have some question during the daily business tasks with ACLs.

    If i do a changes on the .pol file, how can i do a reload of the new policy file - how let the changes go active?
    Currently i unconfigure these ACL from all ports and re-configure it again. I am looking for a smarter way.

    How can i get a policy/ACL on several switches equal if some changes are necessary? I play aroud with copy the files via WinSCP (later via Netsight scripts) but this has some strange effects. (For example if i overwrite an existing file). Any suggestions?

    I use an ACL for mirroring specific traffic to a port. One rule have "mirror;" as action-modifier. And then i "enable mirror to port x".
    That works fine - i have only one instance per switch to mirror.
    But what can i do if i want to have 2 or more independent ACL-based mirrors on the same switch? The ACL action "mirror" have no clue to a specific mirror instance. Are there a special trick - or is this a current EXOS limitation ?

    Thanks a lot for anybody who can help me to my questions.

    Regards,
    Matthias


  • 2.  RE: Questions to EXOS access-lists

    Posted 09-22-2017 13:02
    Hi Matthias,

    To reload the policy file, you can do 'refresh policy '.

    For the mirroring via ACL to multiple mirror instances, you can create the mirror instances with 'create mirror


  • 3.  RE: Questions to EXOS access-lists

    Posted 09-22-2017 13:02
    Thanks a lot for answering my questiosn so fast.


  • 4.  RE: Questions to EXOS access-lists

    Posted 09-22-2017 13:02
    Hi Brandon,

    in some older emails i found a tool from Extreme Networks, called "Extreme Networks Policy Manager" to manage ACLs.
    Do you know that tool ?
    If yes, is this official supported?
    Is it working with current 16.x and 2x.x EXOS Versions.

    Regards,
    Matthias


  • 5.  RE: Questions to EXOS access-lists

    Posted 09-22-2017 13:02
    Hi, Matthias! If I understand right - policy manager its part of NMS NetSight where you can map policy to many managing switches. Also (as workaround) you can copy 1 policy file to all switches and enable this policy file with script which run it at the same time. Thank you!


  • 6.  RE: Questions to EXOS access-lists

    Posted 09-22-2017 13:02
    Hi Alexandr,

    we have to be very careful with the name "policy" and "policy manager".

    Extreme Policies are the ACL (of Summit and BD) which i ask above. But they can currently not be distributed by Netsight Policy Manager.

    Extreme ONEPolicy are the legacy Enterasys Polcies which can be distributed by Netsight PM very easy and smooth. But ONEPolicies have very often HW Limits which avoid extensive ruleset and it is NOT able to get a logging for troubleshooting. This disadvantages are not given (at that level) with the original Extreme Policies = ACL - so i prefer them.

    I found the old Extreme Policy Manager (before Extreme and Enterasys Merger) which support my needs for smooth deployment of ACL rules to several switches.
    https://extremenetworks-ua.com/assets/files/EPM/Extreme-Networks-Policy-Manager.pdf

    But i have still the question - is this software working and supported with recent EXOS.

    Regards,
    Matthias


  • 7.  RE: Questions to EXOS access-lists

    Posted 09-22-2017 13:02
    Hello Matthias,
    Access List Manager has been removed from Extreme Management Center (Netsight) from 8.0x.

    https://community.extremenetworks.com/extreme/topics/cant-find-access-list-manager-editor-in-emc-8-0...

    Best regards,
    Bin


  • 8.  RE: Questions to EXOS access-lists

    Posted 09-22-2017 13:02
    Hi Ben,

    you for clarification.

    The ACL Manager you mean - which was part of legacy netsight java tools till V8.0 can only handle EOS (=Enterasys) VLAN ACLs or maybe Cisco ACLs.
    Not original Extreme ACLs (Policies).

    Regards,
    Matthias