Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentExtremeWare XOS Command

161

162

163

164

165

166

167

168

169

170

166 ExtremeWare XOS 11.0 Concepts Guide

Security

if {

origin incomplete;

community 19661200;

}

then {

dampening half-life 20 reuse-limit 1000 suppress-limit 3000 max-suppress 40

permit;

}

entry entry-60 {

if {

next-hop 192.168.1.5;

}

then {

community add 949616660;

permit;

}

entry deny_rest {

if {

}

then {

deny;

}

Using Policies

After the policy file has been transferred to the switch, the file can be checked to see if it is syntactically

correct. Use the following command to check the policy syntax:

check policy <policy-name>

To apply a policy, use the command appropriate to the client. Some examples include:

configure bgp import-policy [<policy-name> | none]

configure bgp neighbor [<remoteaddr> | all] {address-family [ipv4-unicast |

ipv4-multicast]} route-policy [in | out] [none | <policy>]

configure bgp peer-group <peer-group-name> route-policy [in | out] [none | <policy>]

configure ospf area <area-identifier> external-filter [<policy-map> |none]

configure ospf area <area-identifier> interarea-filter [<policy-map> | none]

configure rip import-policy [<policy-name> | none]

configure rip vlan [<vlan-name> | all] route-policy [in | out] [<policy-name> | none]

configure rip [vlan <vlan-name> | all] trusted-gateway [<policy-name> | none]

To remove a policy, use the none option.

Refreshing Policies

When a policy file is changed (such as adding, deleting an entry, adding/deleting/modifying a

statement), the new file can be downloaded to the switch. The user must refresh the policy so that the

latest copy of policy will be used.