User's Guide
Table Of Contents
- Table of Contents
- Preface
- Welcome to Extreme Campus Controller
- Dashboard
- Monitor
- Sites List
- Device List
- Access Points List
- Smart RF Widgets
- Switches List
- Networks List
- Clients
- Policy
- Configure
- Network Configuration Steps
- Sites
- Add a Site
- Modifying Site Configuration
- Site Location
- Adding Device Groups to a Site
- Add or Edit a Configuration Profile
- Associated Profiles
- Associated Networks
- Mesh Point Profile Configuration
- Configure Client Bridge
- Understand Radio Mode
- Radio as a Sensor
- Advanced AP Radio Settings
- VLAN Profile Settings
- AirDefense Profile Settings
- ExtremeLocation Profile Settings
- IoT Profile Settings
- Positioning Profile Settings
- Analytics Profile Settings
- RTLS Settings
- Advanced Configuration Profile Settings
- Configuring RF Management
- Configuring a Floor Plan
- Advanced Tab
- Devices
- Networks
- Policy
- Automatic Adoption
- ExtremeGuest Integration
- AAA RADIUS Authentication
- Onboard
- Onboard AAA Authentication
- Manage Captive Portal
- Manage Access Control Groups
- Access Control Rules
- Tools
- Administration
- System Configuration
- Manage Administrator Accounts
- Extreme Campus Controller Applications
- Product License
- Glossary
- Index
Configuring Roles on page 259
Class of Service on page 267
VLANS on page 269
Configuring Rates on page 279
Configuring Roles
A role is a set of network access services that can be applied at various points in a policy-enabled
network. Roles are usually named for a type of user such as Student or Engineering. Often, role names
match the naming conventions that already exist in the organization. The role name should match filter
ID values set up on the RADIUS servers.
The default non-authenticated role is used when the client is not authenticated but able to access the
network. The default authenticated role is assigned to a client when it successfully authenticates but the
authentication process did not explicitly assign a role to the client.
Note
To configure default roles, go to Configure > Networks.
When the default action is sucient, a role does not need additional rules. Rules are used only to
provide unique treatment of packet types when a single role is applied.
Extreme Campus Controller is shipped with a default policy configuration that includes the following
default roles:
• Enterprise User
• Quarantine
• Unregistered
• Guest Access
• Deny Access
• Assessing
• Failsafe
The Enterprise User access policy is intended for admin users with full access.
The Quarantine access policy is used to restrict network access to end-systems that have failed
assessment. The Quarantine policy role denies all trac by default while permitting access to only
required network resources such as basic network services (for example, ARP, DHCP, and DNS) and
HTTP to redirect web trac for assisted remediation.
Related Topics
Add Policy Roles on page 260
Role Widgets on page 113
Policy Role Settings on page 260
Configure
Configuring Roles
Extreme Campus Controller User Guide for version 5.46.03 259