Applying Policies
ExtremeWare XOS 11.3 Concepts Guide
259
Refreshing Policies
When a policy file is changed (such as adding, deleting an entry, adding/deleting/modifying a
statement), the information in the policy database does not change until the policy is refreshed. The user
must refresh the policy so that the latest copy of policy is used.
When the policy is refreshed, the new policy file is read, processed, and stored in the server database.
Any clients that use the policy are updated. Use the following command to refresh the policy:
refresh policy <policy-name>
For ACL policies only, during the time that an ACL policy is refreshed, packets on the interface are
blackholed, by default. This is to protect the switch during the short time that the policy is being
applied to the hardware. It is conceivable that an unwanted packet could be forwarded by the switch as
the new ACL is being setup in the hardware. You can disable this behavior. To control the behavior of
the switch during an ACL refresh, use the following commands:
enable access-list refresh blackhole
disable access-list refresh blackhole
Applying Policies
ACL policies and routing policies are applied using different commands.
Applying ACL Policies
A policy intended to be used as an ACL is applied to an interface, and the CLI command option is
named
<aclname>
. Supply the policy name in place of the <aclname>
option. To apply an ACL policy, use the following command:
configure access-list <aclname> [any
| ports <portlist> | vlan <vlan
name>] {ingress |
egress}
If you use the any keyword, the ACL is applied to all the interfaces and is referred to as the wildcard
ACL. This ACL is evaluated for any ports without specific ACLs, and it is also applied to any packets
that do not match the specific ACLs applied to the interfaces.
If an ACL is already configured on an interface, the command will be rejected and an error message
displayed.
To remove an ACL from an interface, use the following command:
unconfigure access-list {any | ports
<portlist> | vlan <vlanname>} {
ingress | egress}
To display which interfaces have ACLs configured, and which ACL is on which interface, use the
following command:
show access-list {any | ports <portlist> | vlan <vlanname>} {ingress | egress}
To Next Page
Loading...
Need help?
General
