How to Set Policy Manager Options

---

Use the Options window (Tools > Options) to set options for the Policy Manager application. In the Options window, the right-panel view changes depending on what you have selected in the left-panel tree. Expand the Policy Manager folder in the tree to view all the different options you can set.

Instructions on setting the following Policy Manager options:

• Default Class of Service
• Dialog Boxes
• Name Resolution (PM)
• Optional Views
• Policy Rule Hit Reporting
• Ports
• Startup
• SNMP Options
• Tab Configuration
• Welcome View
• Wireshark

Default Class of Service

Use the Default Class of Service view to specify the default Class of Service mode to set on a device (if supported) when it is created in Policy Manager or added to the domain via the Assign Devices to Domain window. The default setting is "Role-Based Rate Limits/ Transmit Queue Configuration." The CoS mode is written to the devices when an Enforce operation is performed. This setting applies to all users.

	NOTE:	You can change this default value for a specific device by setting a different CoS mode in the Device General tab or via the Device Configuration Wizard.

1. Select Tools > Options in the menu bar. The Options window opens.
2. In the left-panel tree, expand the Policy Manager folder and select Default Class of Service. The right-panel Default Class of Service view is displayed.
3. Select the class of service mode or select the option to disable rate limits on the device. Only certain devices such as the N-Series Gold and Platinum devices support both modes, but you cannot have both modes enabled at the same time. See Getting Started with Class of Service for more information.
   • Rate Limits Disabled - Select this option if you want rate limits disabled. This means that any priority-based rate limits will not be written to devices on enforce, and any role-based rate limits will not be included in roles written to devices on enforce.
   • Role-Based Rate Limits/Transmit Queue Configuration - Select this mode if you want to be able to configure role-based rate limits and transmit queues on devices. These rate limits are defined within a class of service and associated with a specific role via a rule action or as a role default. They are implemented based on the role assigned to a port. This mode also allows transmit queue behavior to be configured for the class of service. See How to Define Rate Limits and How to Configure Transmit Queues for more information.
   • Priority-Based Rate Limits - Select this mode if you want to configure priority-based rate limits for use with legacy devices such as the E7 and E1 devices. See Priority-Based Rate Limits for more information.
4. Click OK to set options and close the window. Click Applyto set options and leave the window open.

Dialog Boxes

Use the Dialog Boxes view to turn on the message dialog boxes that you have turned off on individual dialog box(es). This setting applies only to the current user.

1. Select Tools > Options in the menu bar. The Options window opens.
2. In the left-panel tree, expand the Policy Manager folder and select Dialog Boxes. The right-panel Dialog Boxes view is displayed.
3. In the Ignored Dialog Boxes section, click the Re-Show All button to turn on the display of messages that have been turned off in individual message dialog box(es).
4. Click OK to set the option and close the window. Click Applyto set the option and leave the window open.

Optional Views

Use Optional Views to choose whether or not you want certain views to be displayed. These settings apply only to the current user.

1. Select Tools > Options in the menu bar. The Options window opens.
2. In the left-panel tree, expand the Policy Manager folder and select Optional Views. The right-panel Optional Views view is displayed.
3. Select the Show Enforce Preview on Enforce checkbox if you want the Enforce Preview window to appear any time you enforce, before the actual enforcement takes place. You can also turn this option on and off on the Enforce Preview window itself.
4. Click OK to set options and close the window. Click Apply to set options and leave the window open.

Name Resolution (PM)

Use the Name Resolution (PM) view to enable or disable host name resolution for Policy Manager Port Usage tabs and Anti-Spoofing binding views.

Host name resolution must also be enabled globally in the Suite Options > Name Resolution panel or these settings are ignored.

These options are enabled by default, but can be turned off for diagnostic or troubleshooting purposes, if needed.

1. Select Tools > Options in the menu bar. The Options window opens.
2. In the left-panel tree, expand the Policy Manager folder and select Name Resolution (PM). The right-panel Name Resolution (PM) view is displayed.
3. Enable or disable the options as desired.
4. Click OK to set options and close the window. Click Apply to set options and leave the window open.

Policy Rule Hit Reporting

Use the Policy Rule Hit Reporting view to configure the Policy Rule Hit Reporting feature. This feature allows you to view reports on rule usage for your policy domains. The reports can be accessed from the View menu. To use rule hit reporting, the devices must be configured to do rule accounting via the device Role/Rule tab, and each rule in the domain must have the Generate System Log on Rule Hit option selected on the rule General tab. For more information on configuring Policy Rule Hit Reporting, see Rule Accounting and Rule Hit Reporting.

1. Select Tools > Options in the menu bar. The Options window opens.
2. In the left-panel tree, expand the Policy Manager folder and select Policy Rule Hit Reporting.
3. Specify the Database Aging Row Count. Once every 24 hours (based on when the server is started), the policy rule hit database table is trimmed to no more than the row count (number of entries) specified here. This prevents the table from getting too large. This setting is for all users.
4. Specify the Syslog Message Queue Drain Size. This is the maximum number of rule hits written to the database by the reporting agent every two seconds. The reporting agent has a message queue that stores all the rule hits from the syslog server. Every two seconds the queue is drained and the messages are written to the database.  The Syslog message drain queue size limits the number of rule hits that can be written to the database. This prevents the reporting agent from monopolizing the database in the case of a deny attack on the network, where many rule hits could be generated at one time. This setting is for all users.
5. Specify the Real Time View Maximum Table Size, which is the maximum number of rows that can be added to the Real Time Rule Hit view. The oldest rows are aged out when new ones come in. This setting is for the current user only.
6. Specify the polling interval for the Policy Rule Hit Accounting tool. This tool shows all rule hits read from latest data in the database and can be accessed by selecting the View menu > Policy Rule Hit > Policy Accounting Tool. The polling interval is the frequency of the database query. This setting is for the current user only.
7. Specify the Policy Accounting View Maximum Table Size, which is the maximum number of rows allowed in the tables displayed in Policy Rule Hit Reports (View > Policy  Rule Hit). The oldest rows are aged out when new ones come in. This setting is for the current user only.
8. Click OK to set options and close the window. Click Apply to set options and leave the window open.

Ports

Use the Ports view to set or clear the Hide Logical Ports feature. The feature is set by default when you first launch Policy Manager. This setting applies only to the current user.

The Hide Logical Ports feature lets you hide the display of logical ports in Policy Manager. Logical ports include SmartTrunk ports and LEC (LAN emulation client) ports, which can be seen in Policy Manager even if they are not yet configured or connected. If there are too many of these logical ports, they can cause unwanted clutter in your Policy Manager port list displays.

1. Select Tools > Options in the menu bar. The Options window opens.
2. In the left-panel tree, expand the Policy Manager folder and select Ports. The right-panel Ports view is displayed.
3. Use the checkbox to enable or disable the Hide Logical Ports feature, as desired.
4. Click OK to set options and close the window. Click Apply to set options and leave the window open.

Startup

Use the Startup view to configure the features that run on Policy Manager startup.

When you launch Policy Manager or open a domain, two background operations are automatically performed: a background read of the VLANs from all reachable devices and a background verify operation that determines if the roles on the devices match those in the current Policy Manager domain. Because these operations run in the background, you have instant access to Policy Manager and the domain even while the operations are verifying the current status of the domain. However, you can deselect the options in this view to prevent these operations from being performed, if desired. (For more information on the verify operation, see Verifying in the Policy Manager Concepts file.)

In addition, you can set an option that allows you to select a domain on startup. When you start Policy Manager, the Select a Domain to Open window presents a drop-down list that allows you to select which domain to open, or create a new domain, if desired. If this option is not selected, Policy Manager will open the domain that was open when the NetSight client last closed.

These settings apply only to the current user.

1. Select Tools > Options in the menu bar. The Options window opens.
2. In the left-panel tree, expand the Policy Manager folder and select Startup. The right-panel Startup view is displayed.
3. Deselect the Background Verify on Startup/Domain Open checkbox to stop a background verify operation that is performed when Policy Manager is launched or when you open a domain.
4. Deselect the Background Get VLANs on Startup/Domain Open checkbox to stop a background operation to read the VLANs from all reachable devices that is performed when Policy Manager is launched or when you open a domain.
5. Select the Select a Domain on Startup option if you want to select a domain to open when Policy Manager is launched.
6. Click OK to set options and close the window. Click Apply to set options and leave the window open.

SNMP Options

Use the SNMP Options view to specify SNMP polling parameters for the Policy Manager server and client.

1. Select Tools > Options in the menu bar. The Options window opens.
2. In the left-panel tree, expand the Policy Manager folder and select SNMP Options. The right-panel SNMP Options view is displayed.
3. Under Server SNMP, specify SNMP polling parameters for the Policy Manager server. These settings apply to all users.
   • SNMP Retries - The number of times the server will attempt to contact a device after the first attempt fails. The default setting is 3 retries, which means that the server retries a timed-out request three times, making a total of four attempts to contact a device.
   • SNMP Timeout - The amount of time (in seconds) that the server waits before re-trying to contact a device.
4. In the Enforce/Verify section, select the "Force read of policy rules table" option to change how the Policy Manager verify operation is performed. During the verify operation, Policy Manager uses the "Last Changed" attribute on the device to determine if any rules have changed. Selecting the "Force read of policy rules table" option causes Policy Manager to perform the verify operation using the rules table instead of the attribute. This can cause the verify operation to take longer to perform. Normally this option is not selected and should only be enabled for specific customer deployments as instructed by Extreme Networks Support.
5. Under Client SNMP, specify SNMP polling parameters for the Policy Manager client. These settings apply to the current user.
   • SNMP Retries - The number of times the client will attempt to contact a device after the first attempt fails. The default setting is 3 retries, which means that the client retries a timed-out request three times, making a total of four attempts to contact a device.
   • SNMP Timeout - The amount of time (in seconds) that the client waits before re-trying to contact a device.
6. Click OK to set options and close the window. Click Apply to set options and leave the window open.

Tab Configuration

Use the Tab Configuration view to specify the top-level tab organization for your domains. By default, all domains will use the configuration defined here. However, it is possible to override these setting on a per-domain basis using the View > Domain Tab Configuration menu. Any new domain you create will use the settings specified here. These settings apply only to the current user.

1. Select Tools > Options in the menu bar. The Options window opens.
2. In the left-panel tree, expand the Policy Manager folder and select Tab Configuration. The right-panel Tab Configuration view is displayed.
3. Use the Domain Default Tab Configuration drop-down list to select the tab configuration you would like to use in your domains:
   • Consolidated Tab Configuration (Recommended) - In this configuration, there are two top-level tabs: Roles/Services and Network Elements/Port Groups. Access Control and Class of Service trees are presented in external Configuration windows accessed from the Edit menu.
   • Classic Tab Configuration - This configuration uses six top-level tabs, one for each Policy Manager tree: Roles, Services, Access Control, Classes of Service, Network Elements, and Port Groups. This is similar to the configuration used in Policy Manager prior to version 4.0.
   • Custom Tab Configuration - This configuration allows you to define which tab the different Policy Manager trees will be organized under. For Access Control and Classes of Service trees, you can also select to display the tree in a Configuration View (an external window) accessed from the Edit menu.
4. Use the Select Tree at Startup drop-down list to specify the tree that will be selected in the left-panel when you start Policy Manager.
5. Select Show Description fields as tooltips in trees if you want a description of each node in a tree to be displayed (if available) in a tooltip when the cursor hovers over the node. In the example below, you can see that a description of the Student role is displayed when the cursor hovers over the Student node in the tree.
   
   
6. Click OK to set options and close the window. Click Apply to set options and leave the window open.

Welcome View

Use the Welcome View option to display or hide the Welcome tab that is displayed when you first open Policy Manager. This setting applies only to the current user.

1. Select Tools > Options in the menu bar. The Options window opens.
2. In the left-panel tree, expand the Policy Manager folder and select Welcome View. The right-panel Welcome View option is displayed.
3. Select whether to display or hide the Welcome tab when Policy Manager is first opened.
4. Click OK to set the option and close the window. Click Apply to set the option and leave the window open.

Wireshark

Use the Wireshark view to specify the location of the Wireshark executable so that it can be used by Policy Manager to display rule color filters. For more information on using Wireshark in Policy Manager, see How to Use Wireshark to Analyze a Role's Behavior. This setting applies only to the current user.

1. Select Tools > Options in the menu bar. The Options window opens.
2. In the left-panel tree, expand the Policy Manager folder and select Wireshark. The right-panel Wireshark view is displayed.
3. Enter the location of the Wireshark executable or use the Browse button to navigate to the executable file.
4. Click OK to set the option and close the window. Click Apply to set the option and leave the window open.

---

Related Information

For information on related windows:

• Options Window, Policy Manager Options