The Instant Secure Port Profile
(ISPP) option will only become available when Universal
ZTNA is activated.
You must create a network policy.
Use the Manage > Devices page to see all the devices that have been onboarded to ExtremeCloud IQ. Add the
network policy to the desired Switch Engine.
The type must have the Switching box checked. Other options like Wireless can be
checked as needed. The Policy Name is a required attribute.
Network Policy
Creation
Instant Secure Port Profiles (ISPPs) are created within the Switch Settings
subsection of the Network Policy creation and editing page.
To create a new Instant Secure Port Profile:
Select .
Enter the name for your ISPP.
The name is unique within ExtremeCloud IQ but is not pushed to the device.
Choose whether to use
Unauthenticated VLAN. Unauthenticated VLAN is either a common object or can be
created when the profile is created. If the Enable Unauthenticated VLAN is
selected, then this VLAN will override the untagged VLAN in the port type and
will be used as the Unauthenticated VLAN on the Switch Engine device
when the configuration is pushed.
Specify the order in which to
execute authentication. The order is per profile; therefore the same order is
used for the entire Switch Engine device once the configuration is pushed. Use the
arrows to change the default order.
ISPP Authentication
Order
Pick the RADIUS server for the
Instant Secure Profile. Selecting Use UZTNA RADIUS Cloud
configuration uses either the free cloud RADIUS server set up
per RDC, or configured proxy RADIUS servers in the UZTNA application.
Select one of the radio buttons to decide which type to use. Further, in the
case of proxy RADIUS, you can select up to two proxy RADIUS servers; it is
assumed that the ones selected have reached a deployed state after being
configured in UZTNA.
.
