Policy Manager Options Window

These options apply only to the Policy Manager application. In the Options window (Tools > Options), the right-panel view changes depending on what you have selected in the left-panel tree. Expand the Policy Manager folder to view all the different options you can set.

Click the link for information on the following Policy Manager Options views:

Default Class of Service

Selecting Default Class of Service in the left panel of the Options window (Tools > Options) provides the following view where you can specify the default Class of Service mode to set on a device (if supported) when it is created in Policy Manager or added to the domain via the Assign Devices to Domain window. The default setting is "Role-Based Rate Limits/ Transmit Queue Configuration." The CoS mode is written to the devices when an Enforce operation is performed. This setting applies to all users.

See below for information about the three selections.

  NOTE: You can change this default value for a specific device by setting a different CoS mode in the Device General tab or via the Device Configuration Wizard.

Click the graphic for more information.

Default Class of Service Options


Rate Limits Disabled Role-Based Rate Limits/Transmit Queue Configuration Priority-Based Rate Limits

Select the class of service mode or select the option to disable rate limits on devices. Only certain devices such as the N-Series Gold and Platinum devices support both modes, but you cannot have both modes enabled at the same time. See Getting Started with Class of Service for more information.

Rate Limits Disabled
Select this option if you want rate limits disabled. This means that any priority-based rate limits will not be written to devices on enforce, and any role-based rate limits will not be included in roles written to devices on enforce.
Role-Based Rate Limits/Transmit Queue Configuration
Select this mode if you want to be able to configure role-based rate limits and transmit queues on devices. These rate limits are defined within a class of service and associated with a specific role via a rule action or as a role default. They are implemented based on the role assigned to a port. This mode also allows transmit queue behavior to be configured for the class of service. See How to Define Rate Limits and How to Configure Transmit Queues for more information.
Priority-Based Rate Limits
Priority-based rate limits are supported in Policy Manager for use with legacy devices such as the E7 and E1 devices. See Priority-Based Rate Limits for more information.

Dialog Boxes

Selecting Dialog Boxes in the left panel of the Options window (Tools > Options) provides the following view where you can turn on the message dialog boxes that you have turned off on individual dialog box(es). This setting applies only to the current user.

Dialog Boxes Options

Name Resolution (PM)

Selecting Name Resolution (PM)in the left panel of the Options window (Tools > Options) provides the following view where you can enable or disable host name resolution for Policy Manager Port Usage tabs and Anti-Spoofing binding views.

Host name resolution must also be enabled globally in the Suite Options > Name Resolution panel or these settings are ignored.

These options are enabled by default, but can be turned off for diagnostic or troubleshooting purposes, if needed.

Optional Views

Selecting Optional Views in the left panel of the Options window (Tools > Options) provides the following view where you can choose whether or not you want certain views to be displayed. These settings apply only to the current user.

Click the graphic for more information.

Optional Views Options

Enforce Preview
When this checkbox is checked, the Enforce Preview window will appear any time you enforce, before the actual enforcement takes place. You can also turn this option on and off on the Enforce Preview window itself.

Policy Rule Hit Reporting

Selecting Policy Rule Hit Reporting in the left panel of the Options window (Tools > Options) provides the following view where you can configure the Policy Rule Hit Reporting feature. This feature allows you to view reports on rule usage for your policy domains. The reports can be accessed from the View menu. To use rule hit reporting, the devices must be configured to do rule accounting via the device Role/Rule tab, and each rule in the domain must have the Generate System Log on Rule Hit option selected on the rule General tab. For more information on configuring Policy Rule Hit Reporting, see Rule Accounting and Rule Hit Reporting.

Click the graphic for more information.

Policy Rule Hit Reporting Options

Database Aging Row Count View Polling Interval Syslog Message Queue Drain Size Real Time View Maximum Table Size
Database Aging Row Count
Once every 24 hours (based on when the server is started), the policy rule hit database table is trimmed to no more than the row count (number of entries) specified here. This prevents the table from getting too large. This setting is for all users.
Syslog Message Queue Drain Size
Specifies the maximum number of rule hits written to the database by the reporting agent every two seconds. The reporting agent has a message queue that stores all the rule hits from the syslog server. Every two seconds the queue is drained and the messages are written to the database. The Syslog message drain queue size limits the number of rule hits that can be written to the database. This prevents the reporting agent from monopolizing the database in the case of a deny attack on the network, where many rule hits could be generated at one time. This setting is for all users.
Real Time View Maximum Table Size
The maximum number of rows allowed in the Real Time Policy Rule Hits table (View > Policy  Rule Hit > Real Time Policy Rule Hits). The oldest rows are aged out when new ones come in. This setting is for the current user only.
Policy Accounting View Polling Interval
Use this option to set the polling interval for the Policy Rule Hit Accounting tool. This tool shows all rule hits read from latest data in the database and can be accessed by selecting the View menu > Policy Rule Hit > Policy Accounting Tool. The polling interval is the frequency of the database query. This setting is for the current user only.
Policy Accounting View Maximum Table Size
The maximum number of rows allowed in the tables displayed in Policy Rule Hit Reports (View > Policy  Rule Hit). The oldest rows are aged out when new ones come in. This setting is for the current user only.

Ports

Selecting Ports in the left panel of the Options window (Tools > Options) provides the following view where you can set or clear the Hide Logical Ports feature. This setting applies only to the current user.

Click the graphic for more information.

Ports Options

Hide Logical Ports
The Hide Logical Ports feature lets you hide the display of logical ports in Policy Manager. Logical ports include SmartTrunk ports and LEC (LAN emulation client) ports, which can be seen in Policy Manager even if they are not yet configured or connected. If there are too many of these logical ports, they can cause unwanted clutter in your Policy Manager port list displays.

Startup

Selecting Startup in the left panel of the Options window (Tools > Options) provides the following view where you can configure the features that run on startup.

When you launch Policy Manager or open a domain, two background operations are automatically performed: a background read of the VLANs from all reachable devices and a background verify operation that determines if the roles on the devices match those in the current Policy Manager domain. Because these operations run in the background, you have instant access to Policy Manager and the domain even while the operations are verifying the current status of the domain. However, you can deselect the options in this view to prevent these operations from being performed, if desired. (For more information on the verify operation, see Verifying in the Policy Manager Concepts file.)

In addition, you can set an option that allows you to select a domain on startup. When you start Policy Manager, the Select a Domain to Open window presents a drop-down list that allows you to select which domain to open, or create a new domain, if desired. If this option is not selected, Policy Manager will open the domain that was open when the NetSight client last closed.

These settings apply only to the current user.

Click the graphic for more information.

Startup Options

Verify On Startup/Database Read/Import Get VLANs on Startup Select Domain on Startup
Background Verify On Startup/Domain Open
Deselect this option to stop a background verify operation that is performed when Policy Manager is launched or when you open a domain.
Background Get VLANs On Startup/Domain Open
Deselect this option to stop a background operation to read the VLANs from all reachable devices that is performed when Policy Manager is launched or when you open a domain.
Select a Domain On Startup
Select this option if you want to select a domain to open when Policy Manager is launched.

SNMP Options

Selecting SNMP Options in the left panel of the Options window (Tools > Options) provides the following view where you can specify SNMP polling parameters for the Policy Manager server and client.

Click the graphic for more information.

SNMP Options


Server SNMP Client SNMP

Enforce/Verify 

To improve performance time during the verify operation, Policy Manager uses the "Last Changed" attribute on the device to determine if any rules have changed. Selecting the "Force read of policy rules table" option causes Policy Manager to perform the verify operation using the rules table instead of the attribute. This can cause the verify operation to take longer to perform. Normally this option is not selected and should only be enabled for specific customer deployments as instructed by Extreme Networks Support.

Tab Configuration

Selecting Tab Configuration in the left panel of the Options window (Tools > Options) provides the following view where you can specify the top-level tab organization for your domains. By default, all domains will use the configuration defined here. However, it is possible to override these setting on a per-domain basis using the View > Domain Tab Configuration menu. Any new domain you create will use the settings specified here. These settings apply only to the current user.

Click the graphic for more information.

Tab Configuration Options


Domain Default Tab Configuration
Use the drop-down list to select the tab configuration you would like to use in your domains:
  • Consolidated Tab Configuration (Recommended) - In this configuration, there are two top-level tabs: Roles/Services and Network Elements/Port Groups. Access Control and Class of Service trees are presented in external Configuration windows accessed from the Edit menu.
  • Classic Tab Configuration - This configuration uses six top-level tabs, one for each Policy Manager tree: Roles, Services, Access Control, Classes of Service, Network Elements, and Port Groups. This is similar to the configuration used in Policy Manager prior to version 4.0.
  • Custom Tab Configuration - This configuration allows you to define which tab the different Policy Manager trees will be organized under. For Access Control and Classes of Service trees, you can also select to display the tree in a Configuration View (an external window) accessed from the Edit menu.
Select Tree at Startup
Specify the tree that will be selected in the left-panel when you start Policy Manager.
Show description fields as tooltip in trees
If this option is selected, a description of each node in a tree will be displayed (if available) in a tooltip when the cursor hovers over the node. In the example below, you can see that a description of the Student role is displayed when the cursor hovers over the Student node in the tree.

Description Tooltip

Welcome View

Selecting Welcome View in the left panel of the Options window (Tools > Options) provides the following view where you can display or hide the Welcome tab that is displayed when you first open Policy Manager. This setting applies only to the current user.

Welcome View Options

Wireshark

Selecting Wireshark in the left panel of the Options window (Tools > Options) provides the following view where you can specify the location of the Wireshark executable so that it can be used by Policy Manager to display rule color filters. For more information on using Wireshark in Policy Manager, see How to Use Wireshark to Analyze a Role's Behavior. This setting applies only to the current user.

Wireshark Options

Related Information

For information on related tasks:

Top