About this task
This task shows you how to create a hybrid policy.
Procedure
-
Select Add Hybrid
Policy.
Create New Policy
displays.
-
For Policy Name, enter at least three alphanumeric characters
-
(Optional) Enter a
description.
-
For User Groups,
select Any
User or select a user group from the drop-down menu or create
one, for details, see Create User Groups.
-
For Device Groups,
select Any
Device or select a device group from the drop-down menu or create
one, for details, see Create Device Groups.
![Note](images/note.png)
Note
If user and device groups are configured in the policy, for the policy to
match for network access both access conditions must pass.
-
(Optional) For Location Based
Condition, select a location condition from the drop-down menu or
create a new condition, for details, see Add Location Based Conditions.
-
(Optional) For Time Based
Condition, select a time condition from the drop-down menu or
create a new condition, for details, see Add Time Based Conditions.
-
(Optional) For Authentication Based
Condition, select an authentication condition from the drop-down
menu or create a new condition, for details, see Create Authentication Based Conditions
-
For Application
Groups, select one from the drop-down menu or create one, for
details, see Add Applications to Groups
-
Select Agent-based or Agentless access mode.
![Note](images/note.png)
Note
By default Agent-based or Agentless are checked when creating new
policies.
-
If you do not want to use a
secure network access, change the Default Network
Access to Allow.
-
For the Select VLAN from
ExtremeCloud IQ options, you can use your own
VLAN or a VLAN from ExtremeCloud IQ .
- To use your own VLAN,
ensure Select
VLAN from ExtremeCloud IQ is deactivated (default) and enter a VLAN ID.
- To use a VLAN from ExtremeCloud IQ, activate Select VLAN from
ExtremeCloud IQ and select a VLAN from the
list
-
(Optional) Select a VLAN from the drop-down
menu.
-
(Optional) Fabric Service
Identified (ISID) .
-
Select (Optional) Network Service Group
and continue as follows:
-
Select Add Network Service Group.
-
Select Allowed or Denied
-
Select Add.