Policy Menus

The drop-down menus on the Policy tab provide access to Policy tab functions. The Open/Manage Domains menu provides options for the domain currently accessed. The Global Domain Settings drop-down list enables you to configure global Policy tab settings. Use the Tools menu to configure authentication settings and review Policy events.

Control - Open/Manage Domains

Open/Manage Domains Menu

The Open/Manage Domains provides the following options for the Policy tab:

Open Domain: Provides a list of the available Policy Domains. Selecting a domain opens that domain, allowing you to make changes.

Lock Domain: Lets you lock the current Policy Domain for editing purposes. The Policy tab automatically locks the domain when you begin to edit the domain configuration. Other Policy tab users are notified that the domain is locked and they are not able to save their own domain changes until the lock is released. For more information, see Controlling Client Interactions with Locks.

Save Domain: Lets you save any changes you made to the current Policy Domain. Only users with the capability to Enforce are able to save the domain.

Enforce Domain: Writes the role and/or any changes you have made to it (rules, services) to all the devices in your current domain. See Enforcing for more information.

Verify Domain: Compares the roles in your current domain to the roles currently enforced on all the devices in the current domain. This is useful for ensuring the roles in your domain are enforced, or, if you use more than one domain, ensuring that the roles in the domain you are currently using matches what is on the devices. See Verifying for more information.

Assign Devices to Domain: Opens the Assign Devices to Domain window where you can assign devices that are in the ExtremeCloud IQ Site Engine database to the current Policy Domain.

Create Domain: Lets you create and name a new (blank) Policy Domain.

Delete Domain(s): Opens a window where you can select one or more Policy Domains to delete.

Rename Domain: Lets you rename the current Policy Domain.

Import/Export > Import From Domain: Opens the Import from Domain window where you can import policy configuration data from one Policy Domain into another domain. (This menu option is not available if only one domain exists, as there are no other domains from which to import data.)

Import/Export > Import From File: Opens the Import from File window, which enables you to import policy data from a .pmd file into the current Policy Domain. Be aware that the import overwrites any existing data in the Policy Domain. Any devices in the .pmd file must already exist in the Console database or they won't be imported.

Import/Export > Export to File: Lets you save policy data from the current Policy Domain to a .pmd file or .xml file with the file name and location of your choosing. This file stores all information about roles, services, and rules configured in the current Policy Domain. This allows you to save a Domain configuration prior to making changes so that you can restore the original Domain configuration if required (via Import/Export > Import From File).

Global Domain Settings Menu

The Global Domain Settings Menu provides the following options:

GVRP > Ignore GVRP: To ignore GVRP status on the devices in the current domain, select this menu option and enforce. This means that the Policy tab ignores the GVRP configuration on a device during an Enforce operation, allowing you to configure some network devices with GVRP enabled and others with GVRP disabled (using MIB Tools or local management), according to their configuration requirements. Be aware that for devices with GVRP set to disabled, ignoring GVRP configuration during an Enforce may affect connectivity on ports with VLANs that rely on Dynamic Egress.

GVRP > Enable GVRP: To enable GVRP on the devices in the current domain, select this menu option and enforce. If the current domain configuration contains rules that use VLAN containment, Dynamic Egress and GVRP must be enabled on the devices in the domain, or the VLANs must be properly pre-configured on the devices outside of the Policy tab.

GVRP > Disable GVRP: If you do not want GVRP enabled on the devices in the current domain, select this menu option and enforce. Be aware that disabling GVRP may affect connectivity through ports with VLANs that rely on Dynamic Egress.

Port Level Role Mappings Enabled: Check this box to enable any port-level Tagged Packet VLAN to role mappings or port-level MAC to role mappings that have been configured and enforced for the current domain. If the box is not checked, all port-level mappings are ignored.

Do Not Use Global Services: Check this box to hide the display of Global Services in the left-panel Services tab for this domain. If you use Global Services in some domains but not in others, this option allows you to hide global services in the domains where they are not used so that they won't be inadvertently used or modified.

Role ACL Mode

Select to use ACLs in place of traditional rules on Summit devices. Enabling this feature also facilitates user-specified ordering and support for creating ACL entries that support multi-traffic descriptor matching.

	NOTE:	Summit devices must have firmware V30.5 or later.

Tools Menu

Authentication Configuration: Opens the Authentication Configuration wizard, where you can configure authentication settings on a device.

RADIUS Configuration: Opens the RADIUS Configuration wizard, where you can configure RADIUS authentication and accounting settings on a device.

Policy Event Log: Opens the Events tab filtered to display only Policy events.

Related Information

For information on related help topics:

Main Window