When the default action is sucient, a role does not need additional rules. Rules are used only to
provide unique treatment of packet types when a single role is applied.
ExtremeCloud Appliance is shipped with a default policy configuration that includes the following
default roles:
•
Enterprise User
•
Quarantine
•
Unregistered
•
Guest Access
•
Deny Access
•
Assessing
•
Failsafe
The Enterprise User access policy is intended for admin users with full access.
The Quarantine access policy is used to restrict network access to end-systems that have failed
assessment. The Quarantine policy role denies all trac by default while permitting access to only
required network resources such as basic network services (e.g., ARP, DHCP, and DNS) and HTTP to
redirect web trac for assisted remediation.
Related Links
Adding Policy Roles on page 128
Role Widgets on page 61
Policy Role Settings on page 129
Adding Policy Roles
Define policy roles to provide unique treatment of packet types when a single role is applied.
Note
Associate each role with a configuration Profile of a device group for each AP in the group to
make use of the policy role.
1 Go to Configure > Policy > Roles > Add.
2 Configure the parameters for the role. For more information, see Policy Role Settings on page 129.
3 Select the drop-down arrow to open the appropriate OSI layer.
Add rules associated with the appropriate OSI layer. Each OSI layer has one default rule that is
provided by ExtremeCloud Appliance. Policy rules are applied from top to bottom.
4 To add new rules, click New.
5 To edit a rule, click on the rule to open the rule parameters. Configure the rule parameters and select
Save.
Note
If you create a Deny All rule for any subnet as the top rule, the policy will drop all trac.
Related Links
Policy Role Settings on page 129
Policy Rules for OSI L2 to L4 on page 130
Application (Layer 7) Rules on page 132
Configure
ExtremeCloud Appliance User Guide for version 4.36.03 128
To Next Page
Loading...
