ONEPolicy Maximum Authenticated Users Increased, New Policy Profiles and Profile Modifier Feature Added

For ExtremeXOS 22.4, the maximum number of authenticated users for ONEPolicy is increased as shown in the following table.

ONEPolicy Authenticated Users— maximum authenticated users with TCI overwrite disabled.
Note: The maximum values assume 75% utilization of VLAN-XLATE hash table.
Summit X450-G2, X770 6,144
Summit 460-G2, X670-G2, and ExtremeSwitching X870 12,288
ExtremeSwitching X690 24,576
ExtemeSwitching X440-G2, X620 1,536
Stacking 1,536–65,534

For all ExtremeXOS limits, see Limits.

ExtremeXOS 22.4 also adds two new resource profiles:
  • less-acl more-ipv4-no-mac-no-ipv6
  • more-ipv4-no-mac-no-ipv6
For more information about these resource profiles, see the Platform Rule Allocation section in Chapter ONEPolicy of the ExtremeXOS 22.4 User Guide.

ExtremeXOS 22.4 also now provides a profile modifier feature that allows you to return resources back to ACL from the specified profile (see the profile-modifier option in the following changed commands.

Supported Platforms

Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X870, X620, X690 series switches.

Changed CLI Commands

Changes are underlined.

configure policy resource-profile [default |less-acl [more-ipv4 | more-ipv4-no-ipv6 | more-ipv4-no-mac-no-ipv6] |more-ipv4-no-ipv6 | more-ipv4-no-mac-no-ipv6 |more-mac-no-ipv6] {profile-modifier [ {no-mac no_mac} {no-ipv4 no_ipv4} {no-ipv6 no_ipv6}]}

show policy resource-profile {[default | less-acl [more-ipv4 |more-ipv4-no-ipv6 | more-ipv4-no-mac-no-ipv6] |more-ipv4-no-ipv6 | more-ipv4-no-mac-no-ipv6 |more-mac-no-ipv6] { profile-modifier [ {no-mac} {no-ipv4} {no-ipv6}]}}