•
One network policy rule that provides full access to the network.
•
One application policy rule that denies access to social media apps.
2 Configure a policy role named Basic Student Access: The member has limited network access but
access to all applications is allowed.
•
One network policy rule that limits students to TCP access on ports: HTTP/S, DNS, and DHCP-
Server.
Note
If no application policy rule exists, access to all applications is allowed.
Groups
Configure the following groups:
•
Student Body. User group that includes all registered students.
•
School Computers. End-System group with MAC addresses for all school issued computers.
Captive Portal
Configure a captive portal to associate with one or more Access Control Rules. Authentication settings
on the captive portal will deny access to students who are no longer a member of the student body.
Access Control Rules
1 Configure Access Control Rule "Learning Student".
The Access Control Rule takes the defined policy rule: Learning Student Access and applies it to
members of the student body who are using school issued computers in a single rule.
Group Criteria:
Select the following values for each group:
•
User Group = Student Body
•
End-System Group = School Computers
Policy Role:
Select Learning Student Access as the Policy Role.
2 Configure Access Control Rule "Basic Student"
The Access Control Rule takes the defined policy rule: Basic Student Access and applies it to all
members of the student body that are using non-school issued devices.
Group Criteria:
a Select the following values for each group:
•
User Group = Student Body
•
End-System Group = School Computers.
b Check Invert check box. This indicates a match if student is not using a school computer.
Policy Role:
Select Basic Student Access as the Policy Role.
Onboard
ExtremeCloud Appliance User Guide for version 4.36.03 169
To Next Page
Loading...
