User's Guide
Table Of Contents
- Table of Contents
- Preface
- Welcome to Extreme Campus Controller
- Dashboard
- Monitor
- Sites List
- Device List
- Access Points List
- Smart RF Widgets
- Switches List
- Networks List
- Clients
- Policy
- Configure
- Network Configuration Steps
- Sites
- Add a Site
- Modifying Site Configuration
- Site Location
- Adding Device Groups to a Site
- Add or Edit a Configuration Profile
- Associated Profiles
- Associated Networks
- Mesh Point Profile Configuration
- Configure Client Bridge
- Understand Radio Mode
- Radio as a Sensor
- Advanced AP Radio Settings
- VLAN Profile Settings
- AirDefense Profile Settings
- ExtremeLocation Profile Settings
- IoT Profile Settings
- Positioning Profile Settings
- Analytics Profile Settings
- RTLS Settings
- Advanced Configuration Profile Settings
- Configuring RF Management
- Configuring a Floor Plan
- Advanced Tab
- Devices
- Networks
- Policy
- Automatic Adoption
- ExtremeGuest Integration
- AAA RADIUS Authentication
- Onboard
- Onboard AAA Authentication
- Manage Captive Portal
- Manage Access Control Groups
- Access Control Rules
- Tools
- Administration
- System Configuration
- Manage Administrator Accounts
- Extreme Campus Controller Applications
- Product License
- Glossary
- Index
The port or port type associated with the defined rule. Trac from this port is subject to the
defined rule. Valid values are:
• User Defined, then type the port number. Use this option to explicitly specify the port
number.
• A specific port type. The appropriate port number or numbers are added to the Port text
field.
3. Select Save.
All rule types are applied to the policy in top to bottom order. The policy is installed on the enforced
APs.
Application (Layer 7) Rules
An application rule leverages the AP's deep packet inspection (DPI) engine to detect the underlying
application to which a frame or flow belongs. The rule then applies access control and quality of service
actions to all the trac associated with the application, not just trac destined for specific IP addresses
or ports. The control actions regulate both access control and trac engineering (rate limit, marking,
and prioritization) for applications and groups.
Use case examples include:
• Identifying critical applications and assigning a higher priority and CoS value.
• Blocking restricted web content.
• Blocking or limiting peer-to-peer protocols to preserve bandwidth and flows for other applications.
• Limiting bandwidth usage by non-business related trac.
Extreme Campus Controller installs application policies with rules on the supported APs where
enforcement occurs.
Note
Application policies are supported by Extreme Campus Controller-enabled APs only, not
switches.
Rules
Application policies consist of rules with matching criteria, coupled with one or more actions to take
when a packet matches the rule's criteria. The matching criteria for an application is usually just the
name of the application. The Extreme Campus Controller user interface lets you first select a category
of applications, resulting in a subset of applications to choose from. Additionally, you can create a single
rule that applies to all trac in the application category by selecting a category and then selecting 'Wild
Card' as the specific application.
Custom application rules are rules that you create to recognize (match) applications that are not in the
pre-defined set of application matches provided by Extreme Campus Controller. You create a custom
application rule by defining a regular expression to match against host names. The rule's match criteria
will be available as a match criteria for policy rules that you create in the future.
Actions and Limitations
When the Action filter for the application rule is set to Deny, the first few packets of a flow must be
allowed to pass through so that the deep-packet inspection (DPI) engine can examine the contents and
classify the packets. After the packets are classified as Deny and the flow is blocked, the first few
Configuring
Roles Configure
264 Extreme Campus Controller User Guide for version 5.46.03