User's Guide
Table Of Contents
- Table of Contents
- Preface
- Welcome to Extreme Campus Controller
- Dashboard
- Monitor
- Sites List
- Device List
- Access Points List
- Smart RF Widgets
- Switches List
- Networks List
- Clients
- Policy
- Configure
- Network Configuration Steps
- Sites
- Add a Site
- Modifying Site Configuration
- Site Location
- Adding Device Groups to a Site
- Add or Edit a Configuration Profile
- Associated Profiles
- Associated Networks
- Mesh Point Profile Configuration
- Configure Client Bridge
- Understand Radio Mode
- Radio as a Sensor
- Advanced AP Radio Settings
- VLAN Profile Settings
- AirDefense Profile Settings
- ExtremeLocation Profile Settings
- IoT Profile Settings
- Positioning Profile Settings
- Analytics Profile Settings
- RTLS Settings
- Advanced Configuration Profile Settings
- Configuring RF Management
- Configuring a Floor Plan
- Advanced Tab
- Devices
- Networks
- Policy
- Automatic Adoption
- ExtremeGuest Integration
- AAA RADIUS Authentication
- Onboard
- Onboard AAA Authentication
- Manage Captive Portal
- Manage Access Control Groups
- Access Control Rules
- Tools
- Administration
- System Configuration
- Manage Administrator Accounts
- Extreme Campus Controller Applications
- Product License
- Glossary
- Index
Table 68: Role Parameter Settings (continued)
Field Description
Default Action Determines the access control default action. If you do not
define policy rules for a role, the role's default action is applied
to all trac subject to that role. However, if you require user-
specific filter definitions, then the filter ID configuration
identifies the specific role that is applied to the user. Valid
values are:
• Allow. Allow packets using the specified VLAN option.
Specify either the Default Network VLAN or a configured
VLAN.
• Deny. Deny packets that do not match a filter rule or deny
packets when a filter rule does not exist. When a packet
does match the filter rule action Allow, allow packet using
the specified VLAN option. Specify either the Default
Network VLAN or a configured VLAN.
VLAN ID Policy roles default to the VLAN specified during network
configuration. You can specify a unique VLAN here. Click to
add a new VLAN option.
Associated Profile Indicates profiles that this role is associated with. Click to
modify profile association.
Note: Associate a role with a configuration Profile. The
configuration Profile is associated with the device group. Each
AP in the device group makes use of the policy role.
Rules Policy rules are organized by Open Systems Interconnection
(OSI) layer classification. Select the drop-down arrow to display
rules that pertain to each OSI layer.
Related Topics
Policy Rules for OSI L2 to L4 on page 261
Application (Layer 7) Rules on page 264
Policy Rules for OSI L2 to L4
You can define policy rules for a role to specify network access settings for a specific user role. Network
policies are a set of rules, defined in a specific order, that determine how connections are authorized or
denied. If you do not define policy rules for a role, the role's default action is applied to all trac subject
to that role. However, if you require user-specific filter definitions, then the filter ID configuration
identifies the specific role that is applied to the user.
A role can have no rules if the default action is sucient. Rules are used only to provide dierent
treatments for dierent packet types to which a single role is applied.
Specify the OSI layer to which the rule pertains. The rule defines one or more actions to take on a
packet matching criteria specified by the rule. The criteria could be the MAC address (L2) or the IP
address or port number (L3 and L4).
The default action for all rules is Contain to VLAN, indicating that the rule applies to all trac
associated with the VLAN defined at the Role. This can be the Network default VLAN or a unique VLAN
Configure
Configuring Roles
Extreme Campus Controller User Guide for version 5.46.03 261