match the naming conventions that already exist in the organization. The role name should match filter
ID values set up on the RADIUS servers.
The default non-authenticated role is used when the client is not authenticated but able to access the
network. The default authenticated role is assigned to a client when it successfully authenticates but the
authentication process did not explicitly assign a role to the client.
Note
To configure default roles, go to Configure > Networks.
When the default action is sucient, a role does not need additional rules. Rules are used only to
provide unique treatment of packet types when a single role is applied.
ExtremeCloud Appliance is shipped with a default policy configuration that includes the following
default roles:
•
Enterprise User
•
Quarantine
•
Unregistered
•
Guest Access
•
Deny Access
•
Assessing
•
Failsafe
The Enterprise User access policy is intended for admin users with full access.
The Quarantine access policy is used to restrict network access to end-systems that have failed
assessment. The Quarantine policy role denies all trac by default while permitting access to only
required network resources such as basic network services (e.g., ARP, DHCP, and DNS) and HTTP to
redirect web trac for assisted remediation.
Related Links
Adding Policy Roles on page 128
Role Widgets on page 61
Policy Role Settings on page 129
Preconfigured Policy Roles
ExtremeCloud Appliance is shipped a with the following default policy configurations listed in Table 19.
Policy roles define the authorization level that ExtremeCloud Appliance assigns to a connecting end-
system based on the end-system's authentication and/or assessment results. The access policies define
a set of network access services that determine exactly how an end-system's trac is authorized on the
network.
Monitor
ExtremeCloud Appliance User Guide for version 4.36.03 59
To Next Page
Loading...
