and the policy, it is necessary to open each device group and associate the configured network and the
defined roles by editing the assigned configuration Profile.
ExtremeCloud Appliance simplifies this procedure. After saving a network configuration or policy
definition, ExtremeCloud Appliance prompts you to select the configuration Profile for association.
Note
The association that you define applies to all device groups that use the selected
configuration Profile.
If necessary, you can modify a configuration Profile from the device group. The Associated Profiles
dialog simply makes the profile association process easier.
Related Links
Profiles on page 13
Policy Rules for OSI L2 to L4
You can define policy rules for a role to specify network access settings for a specific user role. Network
policies are a set of rules, defined in a specific order, that determine how connections are authorized or
denied. If you do not define policy rules for a role, the role's default action is applied to all trac subject
to that role. However, if you require user-specific filter definitions, then the filter ID configuration
identifies the specific role that is applied to the user.
A role can have no rules if the default action is sucient. Rules are used only to provide dierent
treatments for dierent packet types to which a single role is applied.
Specify the OSI layer to which the rule pertains. The rule defines one or more actions to take on a
packet matching criteria specified by the rule. The criteria could be the MAC address (L2) or the IP
address or port number (L3 and L4).
The default action for all rules is Contain to VLAN, indicating that the rule applies to all trac
associated with the VLAN defined at the Role. This can be the Network default VLAN or a unique VLAN
ID specified at the Role. The ability to specify the VLAN ID at the Role makes configuring network policy
easier.
If the trac is allowed, it can also be assigned a Class of Service (CoS) that can aect the priority and
latency of that trac. Only the rules in the policy assigned to a client are applied to a client's trac.
Note
Rules in the Application Layer (L7) apply to application access and use dierent matching
criteria.
Related Links
Configuring L2 Rules on page 130
Configuring L3, L4 Rules on page 131
Configuring L2 Rules
Configure policy rules that are associated with a role from the Role Configuration page. To configure an
OSI Layer 2 rule, which filters on MAC Address:
Configure
ExtremeCloud Appliance User Guide for version 4.36.03 130
To Next Page
Loading...
