Management of Policy Files in EXOS

Userlevel 1
Hi there,

Does anyone have any tips for managing .pol files on EXOS switches?

I notice that there used to be a piece of software called EPM, Extreme Policy Manager (no relation to Enterasys Netsight Policy Manager) which helped with the management and editing of files but it seems this is a legacy product now.

I am making extensive use of ACL's and UDP forwarding profiles and need the ability to manage these files on switches more effectively and am looking for some ideas.

In the Cisco/Enterasys world this was easy as the ACL is stored in the config file. I held them all offline in text files, edited locally on our PC's and automatically pushed them up to switches blowing away the ACL and pushing the new ACL in. Quick and dirty but makes sure everything stays neat and tidy, gets backed up along with the config and no chance of it getting accidentally un-bound to the interface/VLAN.

With EXOS this is more cumbersome as the file is only read on startup or refresh, i really don't want the guys editing them on switches with Vi as i know mistakes are going to be made and people are going to forget to back up or refresh them as well.

The EXOS web based editor is okay but we really want centralised management, not browsing to individual switches. I have also found the web based editor does not always sync changes to .pol files across all switches in the stack, causing a policy file refresh to fail. If i go in via the CLI, edit and save with no changes it is refreshes with no issues.

Because of all this I am seriously thinking about ditching local ACL files and using Management Centre (previously OneView / NetSight) and moving to do ACL's that way. We make extensive use of 802.1x and MAC auth anyway with NAC/Policy Manager so might just move to applying ACL's that route - enabling policy steals TCAM resource anyway 🙂.

That would only leave me with UDP forwarding policies to manage, still annoying but i could deal with it as changes would be infrequent, and any mistakes would have little impact.

Just wondered what some of you guys are doing, suggestions etc?


0 replies

Be the first to reply!