Left Panel

The left panel of the Policy Manager main window contains tabs that display hierarchical trees representing the roles, services, network elements, and port groups involved in managing policies for your network. What you select in the left panel determines what is displayed in the right panel.

The trees in the left panel tabs can be organized in different "tab configurations." By default, Policy Manager opens using a Consolidated Tab Configuration. In the Consolidated Tab Configuration, there are two left-panel tabs: Roles/Services and Network Elements/Port Groups. Access Control, Class of Service, and Network Resources are launched in separate configuration windows from the Edit menu.

You can change the tab configuration using the Tab Configuration option panel (Tools > Options > Tab Configuration), if desired. Instead of the Consolidated Tab Configuration, you can select the Classic Tab Configuration which was used in Policy Manager prior to version 4.0, or a Custom Tab Configuration which allows you to define which tab the different trees will be organized under. Whatever configuration you select in the options panel will be the default configuration used by all domains. However, you can also override the default configuration on a per-domain basis using the View > Domain Tab Configuration menu. For more information on available Tab Configurations, see the Tab Configuration Option Help topic.

When you first open Policy Manager, the Roles tab is displayed in the left panel, by default. The Select Tree at Startup option (Tools > Options > Tab Configuration) lets you select any of the other left-panel tabs to be displayed in subsequent startups. There is also an option to display the same tab you were using when you last closed Policy Manager.

Features of the left panel include:

Expanding and collapsing items in the hierarchy: Double-click the item or its icon, or single-click the turner to the left of the icon.
Right-click menus: Right-click a folder or other item in the left panel, and a menu of the options you can perform on your selection appears.
Drag and drop: Populate port groups, services, and service groups by using drag and drop in the left panel. You can also drag and drop multiple selections from right-panel Details View tab lists in the Services tab.

Information on the left-panel tabs:

Roles/Services Tab
Network Elements/Port Groups Tab
Access Control Configuration
Class of Service Configuration
Network Resources Configuration

Roles/Services Tab

This tab displays the Roles and Service Repository trees.

Roles Tree

The Roles tree lists the roles defined for the current domain. A role is a set of network access services that can be applied at various access points in a policy-enabled network.

Click the tree items for more information.

Roles Folder: This folder contains the roles defined for the current domain. See How to Create a Role for more information.

Role: Individual roles are listed by name. Select a role in the left panel, and view information about that role in the right-panel tabs. Only Quarantine roles are displayed with a red icon .

Service Repository Tree

The Service Repository tree displays your Local and Global services and service groups. Services are sets of rules that define how network traffic for a particular network service or application should be handled by a network access device. Local Services are services that are unique to the current domain. Global Services are services that are common to all domains. The tab also displays your network resource groups.

Click the tree items for more information.

Local Services Folder: Local Services are services that are unique to the current domain. This folder contains the local service groups and services defined for the current domain. For more information, see How to Create a Service Group.

Global Services Folder: Global Services are services that are common across all domains. This folder contains the global service groups and services that are shared by all domains. For more information, see How to Create a Service Group.

Service Groups Folder: Policy Manager lets you create categories (service groups) into which you can group services. This folder contains the service groups that have been defined. For more information, see How to Create a Service Group.

Service Group: Individual service groups are listed by name. Expand the service group to see the services and service groups included in that group.

Services Folder: This folder contains the automated and manual services that have been defined. For more information, see How to Create a Service.

Automated Service: Individual Automated services are listed under the Services Folder or within a service group in the Service Groups folder.

Manual Services Folder: This folder contains your currently defined Manual services.

Manual Service: Individual Manual services are listed under the Services Folder. Expand the service to see the rules associated with it.

Rule: Individual rules are listed by name. If the rule is disabled, the rule icon displays a red X . If the rule is device-specific, the rule icon displays a small switch .

Network Elements/Port Groups Tab

This tab displays the My Network and Port Groups trees.

My Network Tree

The My Network tree displays the devices that are assigned to the current domain, organized into groups.

Click the tree items for more information.

My Network: My Network displays the system-created device groups and any user-created device groups (that you created through NetSight Console). Each device group name is followed by the total number of devices in that group and any subgroups, in parentheses.

All Devices Folder: This folder contains all the devices that are assigned to the current domain. For information on adding devices to the domain, see How to Add and Delete Devices.

Grouped By Folder: The top-level Grouped By folder contains five system-created groups: Chassis, Contact, Device Type, IP, and Location. When a device is assigned to a domain, it automatically becomes a member of the appropriate group. System-created groups are displayed with blue folders.

Chassis Folder: Contains subgroups for specific chassis in the domain.

Contact Folder: Contains subgroups of the devices in a domain based on the system contact. Sub-groups in this folder are automatically created based on the Contact value in the Console Properties (Device) tab. For example, a contact defined as NOC/Salem/Jones will automatically create a hierarchy of three sub-groups under the Grouped By > Contact folder. The Contact sub-groups are removed when the last device with a particular contact is deleted.

Device Type Folder: Contains subgroups for the specific product families and device types in the domain.

IP Folder: Contains subgroups based on the IP subnets in the domain.

Location Folder: Contains subgroups of the devices in a domain based on the system location. Sub-groups in this folder are automatically created based on the Location value in the Console Properties (Device) tab. For example, a location defined as NewHampshire/Salem/Closet1 will automatically create a hierarchy of three sub-groups under the Grouped By > Location folder. The Location sub-groups are removed when the last device for a particular location is deleted.

User-created Device Groups: You can add your own device groups and subgroups (displayed with yellow folders) using NetSight Console.

Device: This icon represents an individual device that has been assigned to the current domain. It appears below the Devices folder and also below any device group of which it is a member.

Port Groups Tree

This tree displays the pre-defined and user-defined port groups for the current domain.

Click the tree items for more information.

Port Groups Folder: This folder contains the Pre-Defined and User-Defined Port Groups for the current domain. Policy Manager allows ports to be combined into groups, similar to the way devices are combined into device groups. Port groups enable you to configure multiple ports on the same device or on different devices simultaneously, or to retrieve port information from them. For more information, see How to Create a Port Group.

Pre-Defined Port Groups Folder: Policy Manager provides you with several commonly used port groups for your convenience. Expand this folder to see the pre-defined port groups. For more information, see Pre-Defined Port Groups.

User-Defined Port Groups Folder: Policy Manager lets you create your own port groups. When you create a user-defined port group, you can select individual ports to add to the group.

Port Group: Select a port group in the left panel and view information about that group in the right-panel tabs.

Access Control Configuration

The left panel tree in the Access Control Configuration window (available from the Policy Manager Edit menu) displays the Global VLANs for the current domain. If you have enabled Policy VLAN Islands, it also displays your Island VLANs and Policy VLAN Islands.

Click the tree items for more information.

Global VLANs Folder: This folder contains your currently defined global VLANs for this domain.

VLAN: The VLAN icon indicates the access control for the VLAN-- if it is a Discard VLAN, the icon displays a red X . Otherwise, it is a Contain VLAN.

Island VLANs Folder: This folder appears only when the Policy VLAN Islands feature is enabled, and contains your currently defined Island VLANs for this domain.

Policy VLAN Islands Folder: This folder appears only when the Policy VLAN Islands feature is enabled, and contains your currently defined VLAN islands and the devices that belong to them. When you enable Policy VLAN Islands, this folder is pre-populated with a Default Island containing all the devices in the domain.

VLAN Island: Click on a VLAN island to see the devices associated with it listed in the right-panel Details View tab. The Default Island is created by Policy Manager when you enable Policy VLAN Islands, and it cannot be deleted.

Class of Service Configuration

The left panel tree in the Class of Service Configuration window (available from the Policy Manager Edit menu) displays your Classes of Service defined for the current domain. The tree is only displayed when you are in Advanced Mode.

Classes of Service prioritize traffic with an 802.1p priority, and optionally an IP type of service (ToS/DSCP) value, rate limits, and transmit queue configuration. You can then assign the class of service as a classification rule action, as part of the definition of an Automated service, or as a role default. For more information, see Getting Started with Class of Service.

Click the tree items for more information.

Classes of Service Folder: When you first install Policy Manager, the left-panel Classes of Service folder is pre-populated with eight classes of service, each associated with one of the 802.1p priorities (0-7). These are static classes of service and cannot be deleted. You can use these classes of service as is, or configure them to include ToS/DSCP, rate limit, and/or transmit queue values. You can also rename them, if desired. In addition, you can also create your own classes of service. After you have created and defined your classes of service, they are then available when you make a class of service selection for a rule action (General tab), a role default (General tab), or an automated service (General tab).

Class of Service: Select a Class of Service in the left panel, and view information about that service in the right-panel tabs. For more information, see How to Create a Class of Service.

CoS Components Folder: This folder contains subfolders of the possible components of a class of service (802.1p Priorities, Rate Limits, Role-Based Rate Limit Port Groups, and Transmit Queue Port Groups).

802.1p Priorities Folder: This folder contains the eight 802.1p priorities. Select a priority in the left panel, and view information about that priority in the right-panel tabs.

Rate Limits Folder: This folder contains the currently defined rate limits, listed in the order of precedence. For more information, see How to Define Rate Limits.

Rate Limit Port Groups: These folders contain the currently defined inbound and outbound rate limit port groups. Select a port group in the left panel and view information about that group in the right-panel tabs. For more information, see Creating Class of Service Port Groups.

Transmit Queue Port Groups Folder: This folder contains the currently defined transmit queue port groups and the transmit queues defined for each group. For more information, see How to Configure Transmit Queues.

Network Resources Configuration

The left panel tab in the Network Resource Configuration window (available from the Policy Manager Edit menu) displays the network resources and network resource topologies for the current domain.

Click the tree items for more information.

Network Resources Folder: This folder contains any network resource groups you have created. For more information, see How to Create a Network Resource.

Network Resource: Individual network resource groups are listed by name. Select a resource in the left panel, and view information about that resource in the right-panel tabs.

Network Resource Topologies Folder: This folder contains the network resource topologies currently defined for this domain.

Network Resource Topology: A network resource topology can be used to divide the devices in a domain into groups called islands. You can then define a unique network resource list for each island within that topology, allowing user access to resources on the network based on the physical location at which they authenticate. If you are not using custom topologies to group your devices, you will use the Domain Wide topology, which contains just one island for all your domain devices.

Topology Island: A topology island is a group of devices that have a unique network resource list, allowing you to set up network resource access based on the location where end users authenticate.

Global Network Resources Folder: Global Network Resources are network resources that are common across all domains. For more information, see How to Create a Network Resource.

Related Information

For information on related windows: