Manage policies
Create network access policies to assign a VLAN, implement a CLI configuration or assign a VPN Group Policy when a host requires network access. Policies are selected for a connecting host by matching host and user data to the criteria defined in the associated user/host profile. The first policy that matches the host and user data is assigned.
If the host does not match any policy, it is assigned the default VLAN configured on the switch. |
If you create a user/host profile with fields Where set to Any, Who/What by Group set to Any, Who/What by Attribute set to Any and When set to Always, it matches ALL users and hosts. This is essentially a Catch All profile. If this user/host profile is used in a policy, all policies below that policy are ignored when assigning a policy to a user or a host. To highlight this, policies below the policy with the catch all profile are grayed out and have a line through the data.
The best way to use a Catch All profile is to create a general policy with that profile and place it last in the list of policies.
Settings
An empty field in a column indicates that the option has not been set.
Field |
Definition |
||
---|---|---|---|
Rank |
Policy's rank in the list of policies. Rank controls the order in which host connections are compared to Policies.
|
||
Name |
User defined name for the policy. |
||
Configuration |
Contains the configuration for the VLAN, CLI configuration or VPN Group Policy that will be assigned if this Access Policy matches the connecting host. See Network access configurations. |
||
Who/What |
Attributes A host or user must meet all parameters within a single filter, but is only required to match one filter in the list. The attribute must be known at the time of connection. See Filter example. RADIUS Attributes Used to match against endpoints pre- and post-authentication. Groups
|
||
Where |
The connection location specified in the user/host profile. The host must connect to the network on a device, port or SSID contained within one of the groups shown here to be a match. When set to Any, this field is a match for all hosts or users. |
||
When |
The time frame specified in the selected user/host profile. The host must be on the network within this time frame to be a match. When set to Always this field is a match for all hosts or users. |
||
Used By |
Lists all elements which are using this component. |
||
Show Audit Log |
Opens the admin auditing log showing all changes made to the selected item. For information about the admin auditing log, see Audit Logs.
|