The three primary benefits of using policy in your network are provisioning and control of network resources, security, and centralized operational efficiency. Policy provides for the provisioning and control of network resources by creating policy roles that allow you to determine network provisioning and control at the appropriate network layer, for a given user or device. With a role defined, rules can be created based upon up to 15 traffic classification types for traffic drop or forwarding. A CoS (Class of Service) can be associated with each role for purposes of setting priority, forwarding queue, rate limiting, and rate shaping.
Extreme Management Center Policy Manager provides a centralized point and click configuration, and one click pushing of defined policy out to all network elements. Use Extreme Management Center Policy Manager for ease of initial configuration and response to security and provisioning issues that may come up during real-time network operation.
Note
When OnePolicy is enabled certain MPLS (Multiprotocol Label Switching), PSTag, VXLAN, and OpenFlow configurations may not operate.Note
Configuration changes on existing policy mux entries (changing the policy profile for a convergence endpoint to 0 or a different value, disabling Link Layer Discovery Protocol or CDP, etc.) do not take effect until re-authorization. As a result, existing CEP connections remain active and FDB (forwarding database) is still learned on policy profile even though CDP/LLDP neighbor times out and show cdp neighbor {detail} and show lldp neighbors is empty. You can force re-authorization by clearing a CEP connection: configure policy convergence-endpoint clear ports [port_list | all].Note
If you configure multiple authentication types, failure of a higher priority authentication results in the lower priority authentication being used.Slot-2 Stack.45 # show netlogin session Multiple authentication session entries --------------------------------------- Port : 3:1 Station address : bc:f1:f2:b4:e7:5e Auth status : failed Last attempt : Fri Nov 4 13:39:34 2016 Agent type : dot1x Session applied : false Server type : radius VLAN-Tunnel-Attr : None Policy index : 0 Policy name : No Policy applied Session timeout : 0 Session duration : 0:00:00 Idle timeout : 300 Idle time : 0:00:00 Termination time: Not Terminated Port : 3:1 Station address : bc:f1:f2:b4:e7:5e Auth status : success Last attempt : Fri Nov 4 13:38:49 2016 Agent type : cep Session applied : true Server type : local VLAN-Tunnel-Attr : None Policy index : 1 Policy name : Tes1 (active) Session timeout : 0 Session duration : 0:04:16 Idle timeout : 300 Idle time : 0:00:00 Termination time: Not Terminated # show policy convergence-endpoint connections ports all Convergence End Point Connection Info for port 3:1 Endpoint Type cisco Policy Index 1 Discovery Time Fri Nov 4 13:38:49 2016 Firmware Version Address Type 1 Endpoint IP Endpoint MAC bc:f1:f2:b4:e7:5e
Print
this page
Email this topic
Feedback
View PDF
Download EPUB