Create Hybrid Policy

Use this task to create a hybrid policy.

  1. Go to Policies > Policies.
  2. Select Add Policy and select Hybrid drop the drop-down list and configure the settings.
    Table 1. Hybrid Policy Settings
    Field Description
    Policy Name Enter at least 3 alphanumeric characters.
    Description (Optional) Enter a description.
    User Groups Select Any User or select a user group from the drop-down list or create one. For more information, see Manage User Groups.
    Device Groups Select Any Device or select a device group from the drop-down menu or create one, for details, see Managed Device Groups.
    Note: If user and device groups are configured in the policy, for the policy to match for network access both access conditions must pass.
    Location Based Condition (Optional) Select a location condition from the drop-down menu or create a new condition.
    Note: Location group is also used to scope the network policies to only those network devices included in the location condition.

    For more information, see Add Location-Based Conditions
    Time Based Condition (Optional) Select a time condition from the drop-down menu or create a new condition, for details, see Add Time-Based Conditions.
    Authentication Based Condition (Optional) Select an authentication condition from the drop-down menu or create a new condition, for details, see Create Authentication-Based Conditions.
    Applications Groups Select one from the drop-down menu or create one, for details, see Create Application Groups.
    Access Mode Select Agent-based or Agentless to determine whether the applications defined in the application group should be available via the agent, the agentless web portal, or both.
    AP Aware Ability to determine AP attachment to port to prevent auth for wireless clients when Auth for wireless clients is handled via AP.
    Default Network Access Select the default access for the network. By default, all network access is dropped except for agent-based traffic.
    Select VLAN from ExtremeCloud IQ You can use your own VLAN or a VLAN defined in ExtremeCloud IQ .
    • To use your own VLAN, ensure Select VLAN from ExtremeCloud IQ is deactivated (default) and enter a VLAN ID.
    • To use a VLAN from ExtremeCloud IQ, activate Select VLAN from ExtremeCloud IQ and select a VLAN from the list
    VLAN ID (Optional) Select a VLAN from the drop-down menu.
    ISID (Optional) Fabric Service Identifier (ISID) .
    Network Service Group (Optional) Select Network Service Group and continue as follows:
    1. Select Add Network Service Group.
    2. Select Allowed or Denied.
    Note: The Network Service groups, and their associated actions are ordered. To re-arrange the order, drag the network service group up or down.
    Advanced Settings (Optional)
    • Radius VSA's - Select from the drop-down menu.
    • Variables - Select from the drop-down menu.
  3. Select Add.
  4. To update or remove and existing Hybrid policy, select Elipses and select Update or Remove from the drop-down list.
9039102-00 Rev AA