Create Hybrid Policies

About this task

This task shows you how to create a hybrid policy.

Procedure

  1. Select Add Hybrid Policy.
    Create New Policy displays.
  2. For Policy Name, enter at least three alphanumeric characters
  3. (Optional) Enter a description.
  4. For User Groups, select Any User or select a user group from the drop-down menu or create one, for details, see Create User Groups.
  5. For Device Groups, select Any Device or select a device group from the drop-down menu or create one, for details, see Create Device Groups.
    Note

    Note

    If user and device groups are configured in the policy, for the policy to match for network access both access conditions must pass.
  6. (Optional) For Location Based Condition, select a location condition from the drop-down menu or create a new condition, for details, see Add Location Based Conditions.
  7. (Optional) For Time Based Condition, select a time condition from the drop-down menu or create a new condition, for details, see Add Time Based Conditions.
  8. (Optional) For Authentication Based Condition, select an authentication condition from the drop-down menu or create a new condition, for details, see Create Authentication Based Conditions
  9. For Application Groups, select one from the drop-down menu or create one, for details, see Add Applications to Groups
  10. Select Agent-based or Agentless access mode.
    Note

    Note

    By default Agent-based or Agentless are checked when creating new policies.
  11. If you do not want to use a secure network access, change the Default Network Access to Allow.
  12. For the Select VLAN from ExtremeCloud IQ options, you can use your own VLAN or a VLAN from ExtremeCloud IQ .
    • To use your own VLAN, ensure Select VLAN from ExtremeCloud IQ is deactivated (default) and enter a VLAN ID.
    • To use a VLAN from ExtremeCloud IQ, activate Select VLAN from ExtremeCloud IQ and select a VLAN from the list
  13. (Optional) Select a VLAN from the drop-down menu.
  14. (Optional) Fabric Service Identified (ISID) .
  15. Select (Optional) Network Service Group and continue as follows:
    1. Select Add Network Service Group.
    2. Select Allowed or Denied
  16. Select Add.