Deployment Guide
Table Of Contents
- Table of Contents
- Preface
- About Extreme Campus Controller Deployment
- Configuring DHCP, NPS, and DNS Services
- Centralized Site with a Captive Portal
- Centralized Site with AAA Network
- Deploying a Mesh Network
- Configuring an External NAC Server for MBA and AAA Authentication
- Manage RADIUS Servers for User Authentication
- External Captive Portal on a Third-Party Server
- Access Control Rule Admin Portal Access
- Deploying Centralized Web Authentication
- Deploying ExtremeCloud IQ - SE as an External Captive Portal
- Deployment Strategy
- Configuring an External Captive Portal Network
- Editing the Configuration Profile for Network and Roles
- Extreme Campus Controller Default Pass-Through Rule
- Adding Extreme Campus Controller as a Switch to ExtremeCloud IQ - Site Engine
- Editing the Unregistered Policy on ExtremeCloud IQ - Site Engine
- Editing the ExtremeCloud IQ - Site Engine Profile for Policy and Location-Based Services
- Deploying an ExtremeGuest Captive Portal
- Deploying Client Bridge
- Deploying an Availability Pair
- Deploying Universal APs
- Extreme Campus Controller Pair with ExtremeLocation and AirDefense
- ECP Local Authentication
- PHP External Captive Portal, Controller’s Firewall Friendly API
- Index
Table 16: Access Control Rule Settings (continued)
Field Description
Accept Policy Associate a policy role with the Access Control Rule. Example:
Captive Portal Admin. We configured this policy under
Configure Admin Access Policy Role on page 114. The Default
Action is defined in the policy rule.
Portal Associate a captive portal with a rule. Our example uses the
Default.
Next, review the Default Access Control Rules, then go to Onboard > Rules to define the rule
precedence of the Access Control Rules.
Related Topics
Default Access Control Rules on page 118
Define Rule Precedence on page 119
Configure Access Control Group on page 113
Configure Admin Access Policy Role on page 114
Default Access Control Rules
The following Access Control Rules are added when you enable an internal captive portal. The rules are
removed when you disable the captive portal.
• Blacklist. This rule quarantines any MAC address that is part of the Blacklist group. This is always the
first rule in the Rules List.
• Default Catchall. This rule applies the Default Auth Policy to any MAC Address. It is always the final
rule in the Rules List.
• Unregistered: This rule is a catchall, and will always be listed immediately before the Default Catchall.
Users who do not match any other rule will match Unregistered, and they will be presented with the
captive portal.
• Registered Guests: Users who complete registration through the Guest captive portal will match this
rule, which checks for end-system MAC addresses in the Registered Guests group.
Note
This rule is only present when Guest Registration or Guest Web Access is enabled.
• Web Authenticated Users: Users who complete registration through the Authenticated captive
portal will match this rule, which checks for end-system MAC addresses in the Web Authenticated
Users group.
Note
This rule is only present when Authenticated Registration or Authenticated Web Access is
enabled.
Related Topics
Configure Access Control Rule on page 116
Default Access Control Rules
Access Control Rule Admin Portal Access
118 Extreme Campus Controller Deployment Guide for version 5.46.03