Specifications

ManualsBrandsExtreme Networks ManualsSoftwareExtremeWare Command

121

122

123

124

125

126

127

128

129

130

124 ExtremeWare XOS 10.1 Concepts Guide

Security

Policy Examples

Translating an Access Profile to a Policy

You may be more familiar with using access profiles on other Extreme Networks’ switches. This

example shows the policy equivalent to an access-profile.

ExtremeWare Access-Profile:

Seq_No Action IP Address IP Mask Exact

5 permit 22.16.0.0 255.252.0.0 No

10 permit 192.168.0.0 255.255.192.0 Yes

15 deny any 255.0.0.0 No

20 permit 10.10.0.0 255.255.192.0 No

community [add | delete] [no-advertise | no-export |

no-export-subconfed | <community_num>

{<community_num1> <community_num2> ….

<community_numN>} | <as_num> :

<community_num> {<as_num1>

<community_num1> <as_num2>

<community_num2> ….}];

Adds/deletes communities to/from a route's community

attribute. Communities must be enclosed in double quotes

("").

community remove; Strips off the entire community attribute from a route.

Communities must be enclosed in double quotes ("").

cost <cost(0-4261412864)>; Sets the cost/metric for a route.

cost-type {ase-type-1 | ase-type-2 | external |

internal};

Sets the cost type for a route.

dampening half-life <minutes (1-45)> reuse-limit

<number (1-20000)> suppress-limit <number

(1-20000)> max-suppress <minutes (1-255)>;

Sets the BGP route flap dampening parameters.

deny; Deny the route.

local-preference <number>; Sets the BGP local preference for a route.

med {add | delete} <number>; Performs MED arithmetic. "Add" means the value of the

MED in the route will be incremented by <number> and

"delete" means the value of the MED in the route will be

decremented by <number>.

med {internal | remove}; "Internal" means that IGP distance to the next hop will be

taken as the MED for a route. "Remove" means take out

the MED attribute from the route.

med set <number>; Sets the MED attribute for a route.

next-hop <ipaddress> ; Sets the next hop attribute for a route.

nlri [<ipaddress> | any]/<mask-length> {exact};

nlri [<ipaddress> | any] mask <mask> {exact};

These set statements are used for building a list of IP

addresses. This is used by PIM to set up the RP list.

origin {igp | egp | incomplete}; Sets the BGP route origin values.

permit; Permit the route.

tag <number>; Sets the tag number for a route.

weight <number> Sets the weight for a route.

Table 26: Policy Actions (continued)

Action Description