User's Guide
Table Of Contents
- Table of Contents
- Preface
- Welcome to Extreme Campus Controller
- Dashboard
- Monitor
- Sites List
- Device List
- Access Points List
- Smart RF Widgets
- Switches List
- Networks List
- Clients
- Policy
- Configure
- Network Configuration Steps
- Sites
- Add a Site
- Modifying Site Configuration
- Site Location
- Adding Device Groups to a Site
- Add or Edit a Configuration Profile
- Associated Profiles
- Associated Networks
- Mesh Point Profile Configuration
- Configure Client Bridge
- Understand Radio Mode
- Radio as a Sensor
- Advanced AP Radio Settings
- VLAN Profile Settings
- AirDefense Profile Settings
- ExtremeLocation Profile Settings
- IoT Profile Settings
- Positioning Profile Settings
- Analytics Profile Settings
- RTLS Settings
- Advanced Configuration Profile Settings
- Configuring RF Management
- Configuring a Floor Plan
- Advanced Tab
- Devices
- Networks
- Policy
- Automatic Adoption
- ExtremeGuest Integration
- AAA RADIUS Authentication
- Onboard
- Onboard AAA Authentication
- Manage Captive Portal
- Manage Access Control Groups
- Access Control Rules
- Tools
- Administration
- System Configuration
- Manage Administrator Accounts
- Extreme Campus Controller Applications
- Product License
- Glossary
- Index
Related Topics
Configuring L3, L4 Rules on page 263
Policy Rules for OSI L2 to L4 on page 261
Configuring L3, L4 Rules
Configure policy rules that are associated with a role from the Role Configuration page. To configure an
OSI Layer 3 and 4 rule, which filters on IP Address and Port number:
1. Select the L3, L4 drop-down and select New or select the rule to edit and existing rule.
2. Configure the following parameters:
Name
Name the rule.
Action
Determines access control action for the rule. Valid values are:
• None - No role defined
• Allow - Packets contained to role's default action's VLAN/topology
• Deny - Any packet not matching a rule in the policy is dropped.
• Containment VLAN - A topology to use when a network is created using a role that does not
specify a topology. (Not applicable for L7 Application Rules.)
COS
Determines the importance of a frame while it is forwarded through the network relative to other
packets. The CoS defines actions to be taken when rate limits are exceeded.
Protocol
The user defined protocol or protocol type associated with the defined rule. Trac from this
protocol is subject to the defined rule. Valid values are:
• User Defined, then specify a protocol that is not already in the list. Use this option to explicitly
specify a protocol that is not listed.
• A specific protocol from the list.
IP Subnet
Specify the IP address or subnet address associated with the defined rule. Trac from this
address will be subject to the defined rule. Valid values are:
• User Defined. Specify the destination IP address and mask. Use this option to explicitly define
the IP/subnet aspect of the rule.
• Any IP - Maps the rule to the associated Topology IP address.
• Select a specific subnet value - Select to map the rule to the associated topology segment
definition (IP address/mask).
• FQDN - Allows for filtering on fully qualified domain names.
• Other subnet options include:
◦ Sepectralink Mcst
◦ Vocera Mcst
◦ mDNS/Bonjour
Port
Configure
Configuring Roles
Extreme Campus Controller User Guide for version 5.46.03 263