cancel
Showing results for 
Search instead for 
Did you mean: 

Questions to EXOS access-lists

Questions to EXOS access-lists

M_Nees
Contributor III
I am working with Extreme ACLs based on current EXOS Firmware - 16.2 or 21.1. i have some question during the daily business tasks with ACLs.

If i do a changes on the .pol file, how can i do a reload of the new policy file - how let the changes go active?
Currently i unconfigure these ACL from all ports and re-configure it again. I am looking for a smarter way.

How can i get a policy/ACL on several switches equal if some changes are necessary? I play aroud with copy the files via WinSCP (later via Netsight scripts) but this has some strange effects. (For example if i overwrite an existing file). Any suggestions?

I use an ACL for mirroring specific traffic to a port. One rule have "mirror;" as action-modifier. And then i "enable mirror to port x".
That works fine - i have only one instance per switch to mirror.
But what can i do if i want to have 2 or more independent ACL-based mirrors on the same switch? The ACL action "mirror" have no clue to a specific mirror instance. Are there a special trick - or is this a current EXOS limitation ?

Thanks a lot for anybody who can help me to my questions.

Regards,
Matthias
7 REPLIES 7

BrandonC
Extreme Employee
Hi Matthias,

To reload the policy file, you can do 'refresh policy '.

For the mirroring via ACL to multiple mirror instances, you can create the mirror instances with 'create mirror ', then use 'mirror ' in the policy file to mirror to a specific instance.

Regarding syncing policy files between switches, I don't have a great answer for that one. SCP/tftp would probably be the easiest solution. I would suggest opening up a GTAC case regarding the strange effects you see with copying via WinSCP so we can further investigate that.

Hi Ben,

you for clarification.

The ACL Manager you mean - which was part of legacy netsight java tools till V8.0 can only handle EOS (=Enterasys) VLAN ACLs or maybe Cisco ACLs.
Not original Extreme ACLs (Policies).

Regards,
Matthias

Bin
Extreme Employee
Hello Matthias,
Access List Manager has been removed from Extreme Management Center (Netsight) from 8.0x.

https://community.extremenetworks.com/extreme/topics/cant-find-access-list-manager-editor-in-emc-8-0...

Best regards,
Bin

Hi Alexandr,

we have to be very careful with the name "policy" and "policy manager".

Extreme Policies are the ACL (of Summit and BD) which i ask above. But they can currently not be distributed by Netsight Policy Manager.

Extreme ONEPolicy are the legacy Enterasys Polcies which can be distributed by Netsight PM very easy and smooth. But ONEPolicies have very often HW Limits which avoid extensive ruleset and it is NOT able to get a logging for troubleshooting. This disadvantages are not given (at that level) with the original Extreme Policies = ACL - so i prefer them.

I found the old Extreme Policy Manager (before Extreme and Enterasys Merger) which support my needs for smooth deployment of ACL rules to several switches.
https://extremenetworks-ua.com/assets/files/EPM/Extreme-Networks-Policy-Manager.pdf

But i have still the question - is this software working and supported with recent EXOS.

Regards,
Matthias
GTM-P2G8KFN