This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Policy Manager XMC

Policy Manager XMC

Giuseppe_Montan
Contributor

‎02-20-2020 10:38 AM

Good Morning, a Customer ask if is possible to use XMC Policy Manager without NAC and radius.

At the moment is necessary check the OUI and put on a correct VLAN.

I configured X440 in CLI and it works, now we want to do the same with XMC.

 

Thanks

Giuseppe

0 Kudos
5 REPLIES 5

Zdeněk_Pala
Extreme Employee

‎03-09-2020 07:44 AM

Hi,

With policy, you can assign the policy to vlan, port.

With policy, you can assign the policy to a subnet on N/S/K/PV-FC series only, not currently on EXOS.

 

In current policy implementation, you can not combine source and destination in the same filtering rule.

 

The future features and roadmap can not be discussed in public, contact a local representative for details.

Regards Zdeněk Pala
0 Kudos

Rahman_Duran
Contributor

‎03-09-2020 05:09 AM

 

Hi,

 

I know they are different tools but can I do what I am trying to do with Policy instead of ACLs? Can “Policy” resctrict which IP subnets access to a whole VLAN?

 

“Short answer is: You will not create ACLs with Policy Manager in XMC 8.4 and older.”. Does this mean there will be changes in XMC 8.5 🙂

 

Regards,

Rahman

0 Kudos

Zdeněk_Pala
Extreme Employee

‎03-06-2020 03:13 PM

Hi,

Policy and ACLs are two different tools, used differently.

Short answer is: You will not create ACLs with Policy Manager in XMC 8.4 and older.

 

Regards Zdeněk Pala
0 Kudos

Rahman_Duran
Contributor

‎03-05-2020 11:40 AM

Hi,

 

Can we also use XMC Policy Manager without NAC, for L3 ACLs? I am configuring ACLs by CLI and appling them to a VLAN interface on S series and C5. I also do it on X460-G2. So is it possible with Policy Manager?  If it is possible I want to use Policy Manager instead of CLI.

 

Here is what I want on EOS:

ip access-list extended cctv-camera
 permit ip 10.242.2.0 0.0.0.255 10.1.1.0 0.0.0.255
 permit ip 192.168.10.0 0.0.0.255 10.1.1.0 0.0.0.255
 permit ip host 192.168.1.44 10.1.1.0 0.0.0.255
 permit ip 10.110.100.0 0.0.0.255 10.1.1.0 0.0.0.255
 permit ip 10.111.100.0 0.0.0.255 10.1.1.0 0.0.0.255
 permit ip 10.120.100.0 0.0.0.255 10.1.1.0 0.0.0.255
 deny ip any any log


 interface vlan.0.33
 ip address 10.1.1.1 255.255.255.0 primary
 ip access-group cctv-camera out
 ip helper-address 192.168.10.96
 no shutdown
 exit

 

And on EXOS:

 

create access-list santral-pbx-110 " source-address 10.150.101.0/24 ; destination-address 10.150.101.0/24 ;" " permit ; count santral-pbx-allow-110 ;" application "Cli"
create access-list santral-pbx-120 " source-address 10.160.101.0/24 ; destination-address 10.150.101.0/24 ;" " permit ; count santral-pbx-allow-120 ;" application "Cli"
create access-list santral-pbx-130 " source-address 10.111.101.0/24 ; destination-address 10.150.101.0/24 ;" " permit ; count santral-pbx-allow-130 ;" application "Cli"
create access-list santral-pbx-deny " source-address 0.0.0.0/0 ; destination-address 10.150.101.0/24 ;" " deny ; count santral-pbx-deny ;" application "Cli"


configure access-list add santral-pbx-110 last priority 0 zone SYSTEM vlan Santral-PBX egress
configure access-list add santral-pbx-120 last priority 0 zone SYSTEM vlan Santral-PBX egress
configure access-list add santral-pbx-130 last priority 0 zone SYSTEM vlan Santral-PBX egress
configure access-list add santral-pbx-deny last priority 0 zone SYSTEM vlan Santral-PBX egress

 

Regards,

Rahman

0 Kudos
GTM-P2G8KFN