Access Control Rules for Admin Portal Access

Deployment Strategy

For enhanced security, the Portal Administration login page is now available under a proprietary URL: <Management Interface IP Address>:8445/administration. The previous URL: <ICP WLAN Interface IP Address>:443/administration is no longer supported for Admin access.

All network clients connected through a Management Port VLAN (port 5825) have access to the new port 8445. This includes the following VLANs with management access:
  • The Admin Interface
  • A physical interface configured with Mgmt traffic enabled.
To access the Admin Interface:
  1. Go to Administration > System > Interfaces.
  2. Scroll down to the list of Interfaces.
To access Bridged@AC VLANS with Mgmt traffic enabled:
  1. Go to Configure > Policy > VLANs > Add.
  2. Select Layer 3.
  3. Select Mgmt traffic.

Additionally, you can configure Access Control Rules to filter client access and limit exposure to the Admin portal by associating members of the Admin group to port 8445. This deployment strategy involves configuring: Access Control Groups, policy roles, and captive portal definitions to define an Access Control Rule for Admin access.

From ExtremeCloud IQ Controller, take the following steps:
  1. Create an Access Control Group.
  2. Create a Policy Role with Layer 3 and Layer 4 rule definitions.
  3. Create a Captive Portal definition or specify the Default captive portal.
  4. Create an Access Control Rule for Admin access.
  5. Place the Access Control Rule for Admin access within the Rules List.
9038115-00 Rev. AA