Before you can add classification rules to a network policy, you must add a default
AP device template and a location for the target AP. You should also create cloud
config groups, IP addresses, and IP subnets.
You can create classification rules
as part of a network policy or as a common object. Use this task to create
classification rules associated with a network policy. ExtremeCloud IQ
supports multiple classification rules for DNS servers, VLANs, RADIUS servers, device
templates, user groups, and private client groups (PCGs).
- Configure Device Location
rules to assign different DNS and RADIUS servers, and different time zones to
different physical locations.
- Configure Cloud Config
Groups (CCGs) to create user passwords which restrict access to
private and personal network devices.
- Configure IP Address
classification rules to associate user groups so they can communicate using
their own private networks.
- Configure IP Subnet
classification rules to support multiple user-group private networks.
- Configure IP Range
classification rules for multiple user-group private networks.
-
Select the plus sign on the
appropriate default AP template screen.
-
Enter the new AP template
name.
-
Select Save
Template.
The new template is displayed
on the main AP template window. The Classification
Rules column for this template now contains a plus sign and
arrow sign. Use the arrow sign to assign an existing rule and the plus sign to
create new rules.
-
In the Classification Rules column, select the arrow
sign to assign an existing classification rule.
-
Select Link.
-
Select the plus sign in the
Classification Rules column to add a new
classification rule.
-
Enter a name for the rule.
-
Enter an optional description.
-
Select the plus sign and the rule type to configure.
-
If you selected Device Location, perform the following
steps:
-
Open each location level until you reach the level where the device
resides.
-
Choose Select.
The location is
displayed in the Classification Rule table.
-
If you selected Cloud Config Group, perform the
following steps:
-
Select the Match Type.
-
Select an existing group from the drop-down list.
-
Select Save
Rule.
-
If you selected IP Address, perform the following
steps:
-
Select the Match Type.
-
Select an existing IP
address from the drop-down list.
To add a new IP
address, select the add icon.
-
Select Save
IP.
-
If you selected IP Subnet, perform the following
steps:
-
Select the Match Type.
-
Select an existing IP
subnet from the drop-down list.
To add a new IP subnet,
select the add icon.
-
Select Save
Subnet.
-
If you selected IP Range, perform the following
steps:
-
Select the Match Type.
-
Select an existing IP
range from the drop-down list.
To add a new IP range,
select the add icon.
-
Select Save
IP.
-
Use the up and down arrows in
the Order
column to define the order in which the location, cloud config group, IP
address, IP subnet, and IP range objects appear.
These objects are considered using a top-down, first-match, stop-on-match
method, so if a device is a member of more than one matching object for an
element, only the first match is applied.
-
Select Save Rule.