EXOS 16.1 Releases with New Hardware and Role-based Policy Support!

  • 5
  • Announcement
  • Updated 3 years ago
  • (Edited)
We are pleased to announce that our secure, role-based policy management technology is now available for the newly launched Summit® X450-G2 family of fixed switches and some other select previously released Summit switches. This marks the integration of proven policy and security management technology into the ExtremeXOS® operating system, allowing customers the flexibility to define and manage end-to-end policy in mixed Extreme Networks' wired and wireless environments, including those with IdentiFiTM Access Points, the A, B, C, K and S-Series switches and the Summit line of switches.

New Hardware Supported in ExtremeXOS 16.1:
  • BDXB-40G12X-XL I/O, BDXA-G48T, and BDXA-G48X modules for the BlackDiamond X8 series switches
  • Summit X450-G2 series switches: 24t-10GE4, 24p-10GE4, 48t-10GE4, 48p-10GE4, 24t-GE4, 24p-GE4, 48t-GE4, 48p-GE4
New and Corrected Features in ExtremeXOS 16.1:
  • RADIUS Authentication and Authorization Enhancements
  • ONEPolicy
  • Access Control List (ACL) Library Enhancements
  • Class of Service (CoS) Enhancements
  • Command Usability Enhancements
  • Access Control List (ACL) Two-Stage Policy
  • Various Security Enhancements
  • Generalized Precision Time Protocol (gPTP) Enhancement
  • Extreme Loop Recovery Protocol (ELRP) Port Shutdown
  • Increase of Protocol-Independent Multicast (PIM) Control Packets
  • OpenFlow Updated Match Conditions and Actions
  • Alternate Stacking Supported on 1G Variant of Summit X460-G2 Series Switches
  • Two-Way Active Measurement Protocol (TWAMP) Light
  • Flow Redirects (Policy-Based Routes) Limits Increase
  • Single Virtual Group for User Access Control Lists (ACLs)
  • 40Gbps LR4 Parallel Single-Mode (PSM) Quad Small Form-Factor Pluggable (QSFP) Optical Transceivers
Additional details on these features can be found in the documentation listed below.
In anticipation of a few questions, we've proactively published a few articles to GTAC Knowledge to coincide with this release.
Official Press Release: http://investor.extremenetworks.com/releasedetail.cfm?ReleaseID=919071

If you've got any questions, feel free to post them here.
Photo of Drew C.

Drew C., Community Manager

  • 40,858 Points 20k badge 2x thumb
  • Excited

Posted 3 years ago

  • 5
Photo of Ryan Mathews

Ryan Mathews, Alum

  • 8,988 Points 5k badge 2x thumb
Wow!  This is brilliant....the team even have some proactive knowledge shared here.

Really good stuff Drew.  Thank you!
Photo of Daniel Valera

Daniel Valera

  • 734 Points 500 badge 2x thumb
this relase supported SW summit x250, x440 and BD8810?
Photo of Drew C.

Drew C., Community Manager

  • 40,694 Points 20k badge 2x thumb
Hi Daniel,
Please refer to the Hardware/Software Compatibility Matrix for detailed information on this.
Photo of Daniel Valera

Daniel Valera

  • 734 Points 500 badge 2x thumb
Thanks Drew, but i think the list is not  updated
Photo of Drew C.

Drew C., Community Manager

  • 40,694 Points 20k badge 2x thumb
Hi Daniel - I just checked and the new products requiring 16.1 are listed.
Support for the X250 ends in 15.4.x (meaning the last supported EXOS version is 15.3.x).  X440 is still supported and that column is blank in the matrix.
The BD8800 series modules have various Last Supported versions, which is where you'll need to refer to the guide.
What models would you like more information on?
Photo of Daniel Valera

Daniel Valera

  • 734 Points 500 badge 2x thumb
Thanks Drew
Photo of Christoph

Christoph

  • 1,862 Points 1k badge 2x thumb
It's great, that the policy feature is now available for EXOS!
In the release note of summit X450-g2 it's policy capabilities are listed, but not in the ones for X460-G2 nor the other new switches.

Do you have an overview or a kind of matrix which shows policy capabilities of all supported models?
(Edited)
Photo of Drew C.

Drew C., Community Manager

  • 40,694 Points 20k badge 2x thumb
HI Christoph,
The EXOS 16.1 Release Notes state that ONEPolicy is supported on the following platforms:
  • X450-G2
  • X460-G2
  • X670-G2
  • X770
Photo of Christoph

Christoph

  • 1,862 Points 1k badge 2x thumb
Hello Drew

thanks for your answer.
Because I have no serial number of a summit switch I was not able to access the release notes.
I'm also interested in a few more details for the systems you mentioned:
  • Which classification rules are supported?
  • How many rules?
  • How many users per port/chassis/stack?
  • Will policies have any impact on other functionalities?
Regards
Christoph
Photo of Drew C.

Drew C., Community Manager

  • 40,694 Points 20k badge 2x thumb
Hi Christoph,
Check your email ;)

Here's the ONEPolicy description from the RN.  Hopefully it will answer your questions.
ONEPolicy provides for the configuration of role-based profiles for securing and provisioning network resources based upon the role the user or device plays within the enterprise. By first defining the user or device role, network resources can be tailored to a specific user, system, service, or port-based context by configuring and assigning rules to the policy role. A policy role can be configured for any combination of Class of Service, VLAN assignment, classification rule precedence, logging, accounting, or default behavior based upon L2, L3, and L4 packet fields. Hybrid authentication allows either policy or dynamic VLAN assignment, or both, to be applied through RADIUS authorization.
Limitations
  • Stacking of dissimilar models is not supported.
  • Only 'macdest', 'macsource', or 'port' policy rules can be applied to QinQ (that is, double-tagged) packets received on an untagged VMAN port.
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,676 Points 10k badge 2x thumb
Hi Daniel,


x250 are not supported after 15.3, so no.
x440, yes.
BD8K : that depends on your modules. Some old modules are not supported since previous release, and 16.1 will not change that.

16.1 doesn't bring new hardware end of support.
Photo of Daniel Valera

Daniel Valera

  • 734 Points 500 badge 2x thumb
Thanks Stephane
Photo of Jarek Sobieszek

Jarek Sobieszek

  • 174 Points 100 badge 2x thumb
The device with EXOS 16.1 and NetSight 6.2 doesn't support policy . I have checked this !!!
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,676 Points 10k badge 2x thumb
Hi Jarek,

In order to have Policy support, you need:

NetSight 6.2.0.221 or above
EXOS 16.1.1 or above
A supported Summit platform (as of 16.1: x450G2, x460G2, x670G2, x770)

Best Regards,
Stephane
Photo of Jarek Sobieszek

Jarek Sobieszek

  • 174 Points 100 badge 2x thumb
Do you tested it ? . When I have added to policy manager summit switch and enable 802.1x/MAC authentication on switch and on port. The NAC doesn't see end system. I must prepare special config on switch ?
Photo of Drew C.

Drew C., Community Manager

  • 40,694 Points 20k badge 2x thumb
Let's discuss the problem in a new thread.

Please reference the new conversation here: Unable to get Policy to work in EXOS 16.1