This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Policy push (XMC -> switch) not working (correctly)

Policy push (XMC -> switch) not working (correctly)

Peer-JoachimK
New Contributor II

‎10-20-2021 05:41 AM

Hi,
we are currently setting up out new edge network. We want to use policy rules

to push clients into the correct vlans.

We also try to use it for AP. In this case we need one untagged vlan, and some tagged vlans (for the ssids).

We changed the policy within the XMC, but the policy is  NOT updated correctly. We also delete the policy on

the switch and  enforced the settings - same result. The old (wrong policy) is pushed.

Any idea ?
p.s. Yes we save everything ... 😉
XMC 8.5.5.32

Switch X5520 ExtremeXOS version 31.4.1.5 (fabric attach)

Bye,
  Peer

0 Kudos
3 REPLIES 3

Ryan_Yacobucci
Extreme Employee

‎10-26-2021 08:17 AM

Hello,

If you look at the policy in XMC does it have this enabled?

b2eaee1c8c4542e89eac011b059942f4.png
The auth override is the only thing different between those two policy lines and this will turn that on.

Thanks
-Ryan

0 Kudos

Peer-JoachimK
New Contributor II

‎10-25-2021 02:23 AM

Hi,

sorry for the delay. We are currently rebuilding the whole network infrastructure .....

When we run a verify we see the following message:

Domain Role [AP_Ruckus] Mismatch - The following config needs to be written: [VLAN Egress List Mismatch] to 10.128.X.X

When we delete the policy, the XMC is pushing the following rule:

configure policy profile 11 name "AP_Ruckus" access-list "AP_Ruckus" pvid-status "enable" pvid 13 egress-vlans 3,9,11,13,17,19 auth-override "enable" nsi 200013

but it should look like this (in the config *IT IS* configured like this...)

configure policy profile 11 name "AP_Ruckus" access-list "AP_Ruckus" pvid-status "enable" pvid 13 egress-vlans 3,9,11,17,19 nsi 200013

We saved the domain etc. pp. but nothing seems to work ...
0 Kudos

Brian_Anderson1
Contributor II

‎10-20-2021 08:53 AM

What does XMC say when you run a verify?  

Also, if you are using AP Aware feature with contain to vlan enabled, for some reason developers thought it was a good idea to make you do this:
https://extremeportal.force.com/ExtrArticleDetail?an=000078971

Not sure if that is your issue or not.

Also check to make sure your switch is in the correct policy domain.
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN