Network Resource Groups are groups of network resources such as routers,
VoIP (Voice over IP) gateways, and servers. You create a network resource group by defining a list of IP addresses
for devices
that you want included in the group, or by choosing an IP subnet which comprises
the group. Once a network resource group has been defined, you
can associate it with an Automated service (see How to Create a Service for more information).
The Automated service automatically creates an IP address rule with a specified
action (class of service and/or access control), for each IP address in the network resource
group.
| |
TIP: |
The Policy Manager Demo.pmd file contains
examples of network resource groups that you might want to create, such as Internet Proxy Servers and SAP
Servers.
|
There are two ways to create a network resource group:
- Using the Network Resources Wizard: The Network Resources Wizard is a
series of windows that leads you through all the steps required to create a
network resource group and the Automated service with which to
associate it.
- Using the Create Network Resource Window: The Create
Network Resource window lets you simply create and define a resource group.
Then, once you've created
the group, you can associate it with an Automated service either via the
Service
wizard, or the Service tabs.
Instructions on:
The Network Resources Wizard is a series of windows that leads you through all the steps
required to create a network resource group and an Automated service with which to associate it.
The wizard also lets you apply the Automated service to a role.
- In the Policy Manager left panel, select the Network Elements tab.
- Right-click on the Network Resources folder and select Network Resources Wizard.
- In the Name window, type a name for the network resource group. (The group name is
case-sensitive; therefore, Policy Manager sees "SAP Servers" and "sap servers" as two different group
names.) Click Next.
- In the IP Address window, define the devices you want in the group. You can either
create a list of IP addresses for the group or specify an entire subnet.
- Network Resource IP Address List:
Enter an IP address in the box below the list field and click Add. To
remove an IP address from the group, select the IP Address in the list and click
Remove. - Subnet:
Enter the IP address of the subnet you want to be in the network resource group
and select the desired subnet mask from the drop-down list.
Click Next.
- In the Name window, type a name for the Automated service that you
are associating with the group. Click Next.
- In the Network Resources window, select the type of IP address rule you want to create (Bilateral, Source, or Destination) for the
IP addresses in the network resource group. Layer 3 IP address is the only rule type available for an Automated service. Click Next.
- In the Actions window, define the actions to apply to the rule:
- CoS: To assign a class of service to the traffic, select the
CoS checkbox. This opens the Classes of Service
Selection View, where you can select a
class of service for the traffic. (See How
to Create a Class of Service for more information.) Click OK to return to the Actions window.
- Access Control: To assign access control (a VLAN), select the Access Control checkbox
and choose one of the following options (see Access Control
for more information):
- Permit Traffic: If you want to allow traffic to
be forwarded with the port's assigned VID, select this option and
click Next.
-
Deny Traffic:
- If you want to deny traffic and one Discard VLAN exists: Select this
option (the Discard
VLAN is already selected), then click Next.
-
If you want to deny traffic and no Discard VLAN exists: Select this
option, then click New to
create a new Discard VLAN, then select it
from the list and click Next.
-
If you want to deny traffic and more than one Discard VLAN exists: Select this option and choose the appropriate VLAN from
the list, then click Next.
- Contain to VLAN: If you want to contain traffic for this rule, select
this option, then select the appropriate VLAN from the list, and click Next.
- In the Service Role window, select the role(s) to which the service will apply. If you want
to
create a new role to add to the list before selecting, click New.
- Click Finish.
The network resource group will be listed under the Network Resources folder in
the left-panel Network Elements tab and the Automated service will be listed
under the Services folder in the left-panel Services tab.
You can create a network resource group,
which you can then associate with an Automated service either via the
Service
wizard, or the Service tabs. To create a network resource group:
- In the left panel, select the Network Elements tab.
- Right-click the Network Resources folder and select Create Network
Resource.
- In the window, define the devices you want in the group. You can either
create a list of IP addresses for the group or specify an entire subnet.
- Network Resource IP Address List:
Enter an IP address in the box below the list field and click Add. To
remove an IP address from the group, select the IP Address in the list and click
Remove. - Subnet:
Enter the IP address of the subnet you want to be in the network resource group
and select the desired subnet mask from the drop-down list.
- Click OK.
The network resource group will be listed under the Network Resources folder.
Once a network resources group that has been created and defined, it can be
associated with an Automated service (see How to Create a Service
for more information).
You can add or delete IP addresses, or change the subnet for a network resource
group.
- In the left panel, select the Network Elements tab and expand the
Network Resources folder.
- Select the network resource group you want to modify.
- In the right-panel General tab, make the desired changes.
- To add an IP address: In the box below the IP Address list, enter the IP address and click Add.
- To remove an IP address: In the IP Address list, select the IP address or
addresses you want to remove. To
select more than one address,
hold down Ctrl (for non-sequential addresses) or Shift (for sequential
addresses) while selecting.
Click Remove.
- To change the subnet: Click Change to open the Enter IP Subnet window,
and enter the IP address of the subnet you now
want to be in the network resource group.
Use the drop-down list to change the IP subnet mask for the
new subnet, if desired.
Click OK.
For information on related tasks:
For information on related windows: