Applying a zone policy to a ONE application

To apply a zone policy to a ONE Application, you can complete one of the following steps:
  • Enter the zone-service-policy command on the switch

  • Use the ONE application's management interface to apply the zone policies

To apply zone policies through the ONE application, consult the ArubaOS-Switch Installation and Getting Started Guide for that application.

To apply a zone service policy from the switch CLI, enter the following command from the global configuration context.

Syntax:


no zone-service-policy policy-name zone [enable | disable | update] bind [Ethernet] logical port appname application name appinstance instance description [fail-action | [bypass | block]] [expire | [app-down | permanent | slot-down]]
policy-name

Specifies the name of the policy you configured with the policy command.

enable|disable|update

Makes the policy active, inactive, or updates options that have been assigned to a policy.

logical port

Specifies the HPE AllianceONE Extended Services Module's port 1, using the format slot1.

application name

Specifies the name of the ONE application. See the ArubaOS-Switch Installation and Getting Started Guide for the ONE application.

instance description

Specifies the name of the application and the slot in which it resides. See the ArubaOS-Switch Installation and Getting Started Guide for the ONE application.

fail-action bypass | block

Specifies the action the switch will take if the ONE application is unavailable). Enter bypass if you want the switch to ignore the policies and not intercept traffic if the ONE application is unavailable. Specify block if you want the switch to drop traffic that matches your policy criteria if the ONE application is unavailable.

expire

Determines if the policy persists if the ONE application is down or unavailable.

app-down

Specifies if you want the policy to expire if the ONE application is unavailable. Specify permanent if you do not want the policy to ever expire.

slot-down

Specifies if you want the policy to expire if the slot in which the ONE application is installed is unavailable.

Applying a zone policy

The following example shows how to apply a zone policy:

switch(config)# zone-service-policy Firewall zone enable bind F1 appname
Verify that the zone policy is associated with the ONE application by entering the following command:
hostswitch(config)# show ONE_app slot_ID

Replace slot_ID with the slot in which the AllianceONE Extended Services zl Module is installed.

Viewing output for the show ONE_app command