Policies; Creating Policies; Policy File Syntax - Extreme Networks ExtremeWare XOS Guide Manual

Security

Policies

Policies are a more general concept than routing access profiles and route maps. ExtremeWare XOS uses
policies to implement routing access profiles and route maps. A central manager processes policies, and
various policy clients, such as BGP or OSPF, get the policies from the central manager.
The following sections apply to creating and using policies:
• Creating Policies on page 120
• Policy File Syntax on page 120
• Policy Examples on page 125
• Using Policies on page 129

Creating Policies

Policies are created by writing a text file containing a number of rule entries. Name the text file with the
policy name and use ".pol" as the filename extension. For example, the policy name "boundary" refers
to the text file "boundary.pol". Any common text editor can be used to create a policy file. The file is
then transferred to the switch using TFTP, and then applied.
To transfer policy files to the switch, use the following command:
tftp [<ip_address> | <host_name>] {-v <vr_id>} [-g | -p] [{-l <local_file>} {-r
<remote_file>} | {-r <remote_file>} {-l <local_file>}]

Policy File Syntax

The policy file contains one or more policy entries. Each policy entry consists of:
• a policy entry name, unique within the same policy.
• zero or one match type. If no type is specified, the match type is all, so all match conditions must be
satisfied.
• zero or more match conditions. If no match condition is specified, all are matched.
• zero or more actions. If no action is specified, no action is taken, and processing continues.
Each policy entry in the file uses the following syntax:
entry <entry-name>{
if <match-type> {
<match-conditions>;
} then {
<action>;
}
}
Here is an example of a policy entry:
entry ip_entry {
if match any {
nlri 10.203.134.0/24;
nlri 10.204.134.0/24;
} then {
next-hop 192.168.174.92;
120 ExtremeWare XOS 10.1 Concepts Guide