User's Guide
Table Of Contents
- Table of Contents
- Preface
- Welcome to Extreme Campus Controller
- Dashboard
- Monitor
- Sites List
- Device List
- Access Points List
- Smart RF Widgets
- Switches List
- Networks List
- Clients
- Policy
- Configure
- Network Configuration Steps
- Sites
- Add a Site
- Modifying Site Configuration
- Site Location
- Adding Device Groups to a Site
- Add or Edit a Configuration Profile
- Associated Profiles
- Associated Networks
- Mesh Point Profile Configuration
- Configure Client Bridge
- Understand Radio Mode
- Radio as a Sensor
- Advanced AP Radio Settings
- VLAN Profile Settings
- AirDefense Profile Settings
- ExtremeLocation Profile Settings
- IoT Profile Settings
- Positioning Profile Settings
- Analytics Profile Settings
- RTLS Settings
- Advanced Configuration Profile Settings
- Configuring RF Management
- Configuring a Floor Plan
- Advanced Tab
- Devices
- Networks
- Policy
- Automatic Adoption
- ExtremeGuest Integration
- AAA RADIUS Authentication
- Onboard
- Onboard AAA Authentication
- Manage Captive Portal
- Manage Access Control Groups
- Access Control Rules
- Tools
- Administration
- System Configuration
- Manage Administrator Accounts
- Extreme Campus Controller Applications
- Product License
- Glossary
- Index
• Basic Student Access
1. Configure a policy role named Learning Student Access: The member has full access to the network
but is denied access to social media apps.
• One network policy rule that provides full access to the network.
• One application policy rule that denies access to social media apps.
2. Configure a policy role named Basic Student Access: The member has limited network access but
access to all applications is allowed.
• One network policy rule that limits students to TCP access on ports: HTTP/S, DNS, and DHCP-
Server.
Note
If no application policy rule exists, access to all applications is allowed.
Groups
Configure the following groups:
• Student Body. User group that includes all registered students.
• School Computers. End-System group with MAC addresses for all school issued computers.
Captive Portal
Configure a captive portal to associate with one or more Access Control Rules. Authentication settings
on the captive portal will deny access to students who are no longer a member of the student body.
Access Control Rules
1. Configure Access Control Rule "Learning Student".
The Access Control Rule takes the defined policy rule: Learning Student Access and applies it to
members of the student body who are using school issued computers in a single rule.
Group Criteria:
Select the following values for each group:
• User Group = Student Body
• End-System Group = School Computers
Policy Role:
Select Learning Student Access as the Policy Role.
2. Configure Access Control Rule "Basic Student"
The Access Control Rule takes the defined policy rule: Basic Student Access and applies it to all
members of the student body that are using non-school issued devices.
Group Criteria:
a. Select the following values for each group:
• User Group = Student Body
• End-System Group = School Computers.
Onboard
Configuring Network Policy Roles and Dynamic Access
Control
Extreme Campus Controller User Guide for version 5.46.03 321