Configure Network Services

About this task

Network service objects identify Layer 4 traffic by protocol and port number. ExtremeCloud IQ provides a number of predefined services and you can create custom network services to use when defining firewall policies (see Configure a Router Firewall Policy) and QoS traffic classification and marking policies (see About Classifier Maps and Configure Marker Maps).

The Network Services table displays the following information about predefined and custom network service objects:
  • Name: The name of the network service object.
  • Protocol Number: The type of protocol (followed by its standard protocol number) that the service uses. Predefined services use the following protocols:
    • 1 : ICMP (Internet Control Message Protocol)
    • 6: TCP (Transmission Control Protocol)
    • 17: UDP (User Datagram Protocol)
    • 89: OSPF (Open Shortest Path First)
    • 119: SVP (SpectraLink Voice Priority)
  • Port Number: The standard destination port number of the service. The receiving device uses the port number to map the service to a particular processor.
  • Service Idle Timeout: The amount of time (in seconds) after which the device terminates an inactive session using this service. (For IP firewall policies, this field is only supported by APs.)
  • ALG Type: An ALG (application layer gateway) links certain port numbers to a service so that the device can apply the proper QoS (Quality of Service) and firewall policies. For example, the TFTP service has a control stream and data stream that each use different port numbers. The port number for the TFTP control stream is static (port 69 by default), but the port number for the TFTP data stream is dynamic and is negotiated within the control session. The TFTP ALG links these two streams together logically so that the device can apply the proper QoS and firewall policies to both TFTP streams. You can apply different QoS settings to the TFTP control and data sessions, for example, to ensure high reliability but tolerate high latency, or to ensure accept a medium level of reliability but require low latency.
  • Description: An optional description for the object. Descriptions can be very useful when troubleshooting or managing a complex network.
  • Virtual IQ : The name of the Virtual IQ (virtual ExtremeCloud IQ ) to which the service belongs. All predefined services are marked as global to indicate that they belong to all Virtual IQs. This column only appears when you are logged in to "All Virtual IQs" with super-user privileges.

Use the following procedure to configure a network service:

Procedure

  1. Select the plus sign.
  2. Enter a name for the service.
  3. Select a service idle timeout (for APs and routers only).
    This is the amount of time (in seconds) after which the device terminates an inactive session using this service.
  4. Select an IP Protocol number.
    The number of the protocol the service will use. Predefined services appear in the drop-down list, or you can configure a custom protocol.
  5. Enter the standard destination port number of the service.
    For services that use TCP or UDP, you must set a destination port number, which the receiving device uses to map the service to a specific processor. When you use a custom protocol, a destination port number is not required because the receiving device can use the protocol to map the service to the appropriate processor.
  6. Select an ALG type from the drop-down list.
    ALG is supported for APs and routers only. If the service you are defining needs to use an ALG, select DNS, FTP, HTTP, SIP, or TFTP, from the drop-down list. Otherwise, leave this empty.