Configure a Classification Rules Network Policy

Before you begin

Before you can add classification rules to a network policy, you must add a default AP device template and a location for the target AP. You should also create cloud config groups, IP addresses, and IP subnets.

About this task

You can create classification rules as part of a network policy or as a common object. Use this task to create classification rules associated with a network policy. ExtremeCloud IQ supports multiple classification rules for DNS servers, VLANs, RADIUS servers, device templates, user groups, and private client groups (PCGs).
  • Configure Device Location rules to assign different DNS and RADIUS servers, and different time zones to different physical locations.
  • Configure Cloud Config Groups (CCGs) to create user passwords which restrict access to private and personal network devices.
  • Configure IP Address classification rules to associate user groups so they can communicate using their own private networks.
  • Configure IP Subnet classification rules to support multiple user-group private networks.
  • Configure IP Range classification rules for multiple user-group private networks.

Procedure

  1. Select the plus sign on the appropriate default AP template screen.
  2. Enter the new AP template name.
  3. Select Save Template.
    The new template is displayed on the main AP template window. The Classification Rules column for this template now contains a plus sign and arrow sign. Use the arrow sign to assign an existing rule and the plus sign to create new rules.
  4. In the Classification Rules column, select the arrow sign to assign an existing classification rule.
  5. Select Link.
  6. Select the plus sign in the Classification Rules column to add a new classification rule.
  7. Enter a name for the rule.
  8. Enter an optional description.
  9. Select the plus sign and the rule type to configure.
  10. If you selected Device Location, perform the following steps:
    1. Open each location level until you reach the level where the device resides.
    2. Choose Select.
      The location is displayed in the Classification Rule table.
  11. If you selected Cloud Config Group, perform the following steps:
    1. Select the Match Type.
    2. Select an existing group from the drop-down list.
      To add a new group, selecgt the add icon. For more information, see Add a Cloud Config Group.
    3. Select Save Rule.
  12. If you selected IP Address, perform the following steps:
    1. Select the Match Type.
    2. Select an existing IP address from the drop-down list.
      To add a new IP address, select the add icon.
    3. Select Save IP.
  13. If you selected IP Subnet, perform the following steps:
    1. Select the Match Type.
    2. Select an existing IP subnet from the drop-down list.
      To add a new IP subnet, select the add icon.
    3. Select Save Subnet.
  14. If you selected IP Range, perform the following steps:
    1. Select the Match Type.
    2. Select an existing IP range from the drop-down list.
      To add a new IP range, select the add icon.
    3. Select Save IP.
  15. Use the up and down arrows in the Order column to define the order in which the location, cloud config group, IP address, IP subnet, and IP range objects appear.

    These objects are considered using a top-down, first-match, stop-on-match method, so if a device is a member of more than one matching object for an element, only the first match is applied.

  16. Select Save Rule.