Home > GUI > Configuration > Network Policy Classification Rules
|
Network Policy Classification Rules
Configure and manage a network-policy-specific AP classification rule.
Navigate using the tab icons. Hover over an icon to see the name of the tab.
Configure > Network Policies > policy_name > Device Templates > AP Templates
The classification rule feature allows you to set which classification objects (DNS servers, VLANs, RADIUS servers, and device templates) devices must use based on the location of AP devices, on Cloud Config Groups, IP addresses, IP subnets, and IP ranges.
Default device templates cannot have a classification rule, and classification rule templates can have only one classification rule. AP device templates can include multiple classification rules.
You can add network-policy-specific classification rules here, or you can manage common-object classification rules as described in Classification Rule Common Objects.
As an example of the use of classification rules, Acme Corporation is uses AP305Cs in all its locations with a default template for most of these devices, However , Acme also wants subsets of the AP305C template to support different locations, Cloud Config Groups, IP addresses, IP subnets, and IP ranges. Acme can set up the default template and then create subset classification rules to meet these needs. For example, Acme has two campus sites (engineering and marketing), each of which requires different classification rules and RADIUS servers, Acme can assign devices located in the engineering building to use RADIUS server A for authentication and can assign devices located in the marketing building to use RADIUS server B.
Before you can use classification rules, you must create a network location. See ML Insights Network 360 Plan for more information. (For an overview of the feature, see Classification Rules Overview.)
The columns in the device template table include:
Device Model: The AP model to which the template applies.
Template: AP model template name.
Classification Rules: Which classification rules, if any, are applied to this AP model. Default templates have no classification rules, and classification rule templates display 
, 
, and the associated classification rule name. See any of the "Add a Classification Rule" sections above for how to use the and icons.
Assignment Description: The 
icon and the optional classification rule description. Select the icon to display the type and definition of the included classification rules.
Before you can add any classification rules, you must first add a default template for the AP model to use in your network policy. To do this, selectAdd, and select an AP model from the drop-down list. Enter a name for the template, make any other changes, and then select Save Template.
Add Classification Rules by Location
To add a classification rule, you must first create a default template for the target AP model. See "Add a Default Device Template". You must have also created a location for the target APs, as described in ML Insights Network 360 Plan. The classification template and the default template model must match.
To add a classification rule template, select Add, and select an AP model that already has a default device template. Enter a name for the classification rule template in the Template Name text box. Make any other changes and then select Save Template.
Select in the Classification Rules column and select an existing classification rule from the Select Classification Rules panel. Select Link.
To clone an existing classification rule, select the target classification rule, select Copy, enter a new classification rule name in the Save As text box, and then select Save.
To add a new classification rule, select . Enter a name and an optional description. Select Add and Device Location from the drop-down menu. In the Location panel, select the physical location for the classification rule, and then choose Select. Select Save Rule.
Note
When selecting a location, drill down to the level where the devices are installed. For example, if the devices are located on a particular floor of a building, select that floor. After you choose Select, the location is displayed in the Classification Rule table.Add Classification Rules by Cloud Config Group
To add a classification rule, you must create a default template for the target AP model. The classification template and the default template model must match. You must have also created a Cloud Config Group for the target APs, as described in Cloud Config Group Settings.
To add a classification rule template, select Add and choose an AP model that already has a default device template. Enter a name in the Template Name text box. Make any other required changes and then select Save Template.
Select in the Classification Rules column, then select a classification rule from the Select Classification Rules panel and finally select Link.
To clone an existing classification rule, select the target classification rule, select Copy, enter a new rule name in the Save As text box, and then select Save.
To add a new classification rule, select . Enter a name and optional description and then select real and simulated devices to have their host names appear in the Selected Devices text box.
When you finished, select Save Cloud Config Group. Select Continue. Use the up and down arrows in the Order column to define the priority of the rules. Rules are selected using a top-down, first-match, stop-on-match method, so if a device is a member of more than one group with matching criteria, only the first match is applied. Select Save Rule.
Add Classification Rules by IP Address
To add a classification rule, you must create a default template for the target AP model. The classification template and the default template model must match. You must have also created a Cloud Config Group for the target APs, as described in Cloud Config Group Settings.
To add a classification rule template, select Add, and then choose an AP model that already has a default device template. Enter a name for the classification rule template. Make any other required changes and then select Save Template.
Select in the Classification Rules column, select an existing classification rule from the Select Classification Rules panel and then select Link.
To clone an existing classification rule, select the target classification rule, select Copy, enter a new classification rule name in the Save As text box, and then select Save.
Select to add a new classification rule. Enter a name and an optional description. Select Add and select an IP Address from the drop-down menu. Select the Match Type (Contains or Does Not Contain), the existing IP Address object for the classification rule, and then select Continue. Use the up and down arrows in the Order column to define the order in which the rules are considered. Rules are considered using a top-down, first-match, stop-on-match method, so if a device is a member of more than one group with matching criteria, only the top rule is applied. Select Save Rule.
Add Classification Rules by IP Subnet
To add a classification rule, you must create a default template for the target AP model. The classification template and the default template model must match. You must have also created an IP Range object as described in IP Objects and Host Names.
To add a classification rule template, select Add, and then choose an AP model that already has a default device template. Enter a name for the classification rule template in the Template Name text box. Make any other required changes and then select Save Template.
Select in the Classification Rules column, select a classification rule from the Select Classification Rules panel and select Link.To clone an existing classification rule from the Select Classification Rules panel, select the target classification rule, select Copy, enter a new classification rule name in the Save As text box, and then select Save.
To add a new classification rule, select . Enter a name and an optional description. Then select Add, and select IP Subnet from the drop-down menu. In the IP Subnet panel, select the Match Type (Contains or Does Not Contain), select the existing IP Address Subnet object for the classification rule, and then select Continue. Use the up and down arrows in the Order column to define the order in which the profiles are considered. (Profiles are considered using a top-down, first-match, stop-on-match method, so if a device is a member of more than one matching criteria for an element, only the first match is applied.) Select Save Rule.
Add Classification Rules by IP Range
To add a classification rule, you must create a default template for the target AP model. The classification template and the default template model must match. You must have also created an IP Range object as described in IP Objects and Host Names.You must have also created an IP Range object for the target APs, as described in IP Objects and Host Names.
To add a classification rule template, select Add, and then choose an AP model that already has a default device template. Enter a name for the classification rule template in the Template Name text box. Make any other changes and then select Save Template.
Select in the Classification Rules column, select an existing classification rule and select Link.
To clone an existing classification rule from the Select Classification Rules panel, select the target classification rule, select Copy, enter a new classification rule name in the Save As text box, and then select Save.
To add a new classification rule, select . Enter a name and an optional description. Select Add and select an IP Range from the drop-down menu. In the IP Range panel, select the Match Type (Contains or Does Not Contain), select the existing IP Address Subnet object for the classification rule, and then select Continue. Use the up and down arrows in the Order column to define the order in which the rules are considered. (Rules are considered using a top-down, first-match, stop-on-match method, so if a device is a member of more than one matching criteria, only the top rule is applied.) Select Save Rule.
Delete a Classification Rule
To delete a classification rule, select the check box for the rule you want to delete, and then select 
.
Copyright © 2020 Extreme Networks. All rights reserved. Published March 2020.