Policy Configuration Terms and Definitions lists terms and definitions used in this policy configuration discussion.
Term | Definition |
---|---|
Administrative Profile | A logical container that assigns a traffic classification to a policy role. |
CoS (Class of Service) | A logical container for packet priority, queue, and forwarding treatment that determines how the firmware treats a packet as it transits the link. |
Filter-ID | A string that is formatted in the RADIUS (Remote Authentication Dial In User Service) access-accept packet sent back from the authentication server to the switch during the authentication process. In the Extreme policy context, the string contains the name of the policy role to be applied to the authenticating user or device. |
Hybrid Authentication | An authentication feature that allows the switch to use both the filter-ID and tunnel attributes in the RADIUS response message to determine how to treat the authenticating user. |
Policy | A component of Secure Networks that provides for the configuration of a role based profile for the securing and provisioning of network resources based upon the function the user or device plays within the enterprise network. |
Policy Maptable | A logical entity that can be configured to provide VLAN (Virtual LAN) to policy role mappings. |
Policy Profile/Role | A logical container for the rules that define a particular policy role. |
Policy Rule | A logical container providing for the specification of policy behaviors associated with a policy role. |
Role | The grouping of individual users or devices into a logical behavioral profile for the purpose of applying policy. |
Rule Precedence | A numeric traffic classification value, associated with the policy role, the
ordering of which on a precedence list determines the sequence in which
classification rules are applied to a packet. Note: Rule precedence is fixed (not
configurable) until ExtremeXOS
22.7 and later.
|
TCI Overwrite | A policy feature, when enabled in a policy role-based tci-overwrite only, allows for the overwrite of the current user priority and other classification information in the VLAN tag‘s TCI field. |
Traffic Classification | A network element such as MAC or IP address, packet type, port, or VLAN used as the basis for identifying the traffic to which the policy will be applied. |
Untagged and Tagged VLAN | Untagged VLAN frames are classified to the VLAN associated with the port it enters. Tagged VLAN frames are classified to the VLAN specified in the VLAN tag; the PVID is ignored. |
VLAN Authorization | An aspect of RFC3580 that provides for the inclusion of the VLAN tunnel attribute in the RADIUS Access-Accept packet defining the base VLAN-ID to be applied to the authenticating user or device. |
VLAN Egress List | A configured list of ports that a frame for this VLAN can exit. |