158
EPICenter Concepts and Solutions Guide
Policy Manager Overview
ports or ranges of ports. Custom Applications are entered into the EPICenter database using the
Grouping Manager.
• Users
(by name): These are entered into the EPICenter database through the Grouping Manager,
either using the Import capability or through the GUI. An individual User is typically mapped to a
Host by establishing a relationship within the Grouping Manager. User-Host relationships can be
specified through the Grouping Manager GUI or as part of the Import function. The Host is then in
turn mapped to an IP address and physical ports as described above. Users can be added as
members to groups through the Grouping Manager. For Security policies, user-host relationships are
established during netlogin/802.1x login and removed upon user logout.
• Ports
: Ports are entered into the EPICenter database through the Inventory Manager through the
Discovery or Add Devices functions. They can be specified individually as part of a policy traffic
definition, or they can be members of a group. Ports are added to groups through the Grouping
Manager.
• VLANs
: VLANs are detected by the Discovery or Add Device functions in the Inventory Manager,
and can also be created and modified using the EPICenter VLAN Manager. They can be specified
individually as part of a VLAN QoS policy traffic definition or they can be members of a group.
VLANs are added to groups through the Grouping Manager.
• IP addresses/Subnets
: IP addresses or subnet addresses are used in Security and IP QoS rules to
identify IP traffic flows. IP and subnet addresses can be determined by the Policy Manager from
mappings associated with named components such as users or hosts. They can also be entered
directly as endpoints in an IP policy traffic definition.
• QoS Profiles
: QoS profiles provide the definitions of traffic priority, and minimum and maximum
bandwidth that, when combined with a traffic flow specification, define a policy. QoS profiles are
predefined, but they can be reconfigured from within the Policy Manager.
The arrows shown in Figure 71 indicate the mapping relationships between policy named components
and policy primitive components. The higher-level component at the start of the arrow can be mapped
by the Policy Manager to the component at the end of the arrow. Named components may map directly
to a primitive component, or they may map to another named component that in turn maps to a
primitive component. For example, the Policy Manager maps a Host component directly to an IP
address and a port. However, a User component specified as a traffic endpoint is mapped first to a
Host, and then to an IP address and port, which is used to create the policy rules that affect traffic from
that user.
The labels associated with the arrows depicts how the mapping relationship is created:
•
GUI indicates that the mapping may be created through the Grouping Manager user interface.
•
Netlogin/DLCS indicates that the mapping may be obtained through Netlogin or the Dynamic Link
Context System (DLCS) operating within Extreme Networks devices.
•
DNS indicates that the mapping may be obtained via a name lookup service such as DNS.
•
IMPORT indicates that the mapping relationship can be specified during the import process in the
EPICenter Grouping Manager.
•
SYSTEM indicates that the mapping is predefined, or is set up by the EPICenter server, such as
through the Discovery feature in the Inventory Manager.
Summary of Contents for EPICenter 5.0
Page 12: ...12 EPICenter Concepts and Solutions Guide Preface...
Page 76: ...76 EPICenter Concepts and Solutions Guide Managing your Network Assets...
Page 92: ...92 EPICenter Concepts and Solutions Guide Managing VLANs...
Page 116: ...116 EPICenter Concepts and Solutions Guide Managing Wireless Networks...
Page 146: ...146 EPICenter Concepts and Solutions Guide VoIP and EPICenter Avaya Integrated Management...
Page 163: ...Appendices...
Page 164: ......
Page 178: ...178 EPICenter Concepts and Solutions Guide Troubleshooting...