ONEPolicy allows you create profiles for securing and provisioning network resources based upon the role the user or device plays within the enterprise. By first defining the user or device role, network resources can be tailored to a specific user, system, service, or port-based context by configuring and assigning rules to the policy role. A policy role can be configured for any combination of Class of Service, VLAN assignment, classification rule precedence, or default behavior based upon L2, L3, and L4 packet fields. Hybrid authentication allows either policy or dynamic VLAN assignment, or both, to be applied through RADIUS authorization.

Supported Platforms

  • Summit X450-G2
  • Summit X460-G2
  • Summit X670-G2
  • Summit X770


  • ExtremeXOS only allows policy to be enabled if all the devices in the stack support policy. At the time of configuration a switch provisions the lowest common denominator of functionality. If a switch attempts to join the stack after policy is enabled, it must be able to support the existing level of functionality or it is not allowed to participate in policy.
  • Only 'macdest', 'macsource', or 'port' policy rules can be applied to QinQ (that is, double-tagged) packets received on an untagged VMAN port.