User's Guide
Table Of Contents
- Table of Contents
- Preface
- Welcome to Extreme Campus Controller
- Dashboard
- Monitor
- Sites List
- Device List
- Access Points List
- Smart RF Widgets
- Switches List
- Networks List
- Clients
- Policy
- Configure
- Network Configuration Steps
- Sites
- Add a Site
- Modifying Site Configuration
- Site Location
- Adding Device Groups to a Site
- Add or Edit a Configuration Profile
- Associated Profiles
- Associated Networks
- Mesh Point Profile Configuration
- Configure Client Bridge
- Understand Radio Mode
- Radio as a Sensor
- Advanced AP Radio Settings
- VLAN Profile Settings
- AirDefense Profile Settings
- ExtremeLocation Profile Settings
- IoT Profile Settings
- Positioning Profile Settings
- Analytics Profile Settings
- RTLS Settings
- Advanced Configuration Profile Settings
- Configuring RF Management
- Configuring a Floor Plan
- Advanced Tab
- Devices
- Networks
- Policy
- Automatic Adoption
- ExtremeGuest Integration
- AAA RADIUS Authentication
- Onboard
- Onboard AAA Authentication
- Manage Captive Portal
- Manage Access Control Groups
- Access Control Rules
- Tools
- Administration
- System Configuration
- Manage Administrator Accounts
- Extreme Campus Controller Applications
- Product License
- Glossary
- Index
ID specified at the Role. The ability to specify the VLAN ID at the Role makes configuring network policy
easier.
If the trac is allowed, it can also be assigned a Class of Service (CoS) that can aect the priority and
latency of that trac. Only the rules in the policy assigned to a client are applied to a client's trac.
Note
Rules in the Application Layer (L7) apply to application access and use dierent matching
criteria.
For additional information about Policy Rules Direction, see Understanding the Policy Rules Direction in
the GTAC Knowledge Center.
Related Topics
Configuring L2 Rules on page 262
Configuring L3, L4 Rules on page 263
Configuring L2 Rules
Configure policy rules that are associated with a role from the Role Configuration page. To configure an
OSI Layer 2 rule, which filters on MAC Address:
1. Select the L2 drop-down and select New or select the rule to edit and existing rule.
2. Configure the following parameters:
Name
Name the rule.
Action
Determines access control action for the rule. Valid values are:
• None - No role defined
• Allow - Packets contained to role's default action's VLAN/topology
• Deny - Any packet not matching a rule in the policy is dropped.
• Containment VLAN - A topology to use when a network is created using a role that does not
specify a topology. (Not applicable for L7 Application Rules.)
COS
Determines the importance of a frame while it is forwarded through the network relative to other
packets. The CoS defines actions to be taken when rate limits are exceeded.
MAC Address Type
Indicates if the MAC Address is user defined or any MAC Address. User Defined enables the MAC
Address field for user input.
MAC Address
Media access control address. Sometimes known as the hardware address, is the unique physical
address of each network interface card on each device. Specify the MAC address of the wireless
client.
3. Select Save.
All rule types are applied to the policy in top to bottom order. The policy is installed on the enforced
APs.
Configuring
Roles Configure
262 Extreme Campus Controller User Guide for version 5.46.03