Network Policy Settings
Configure the basic elements of a network policy.
About Network Policy Settings
A network policy is a combination of configuration settings that can be applied to multiple APs, switches, and routers that share a common characteristic, such as being located at the same site or working together to connect multiple remote sites through VPN tunnels. The type of network policy you choose depends on whether your deployment consists of only wireless AP devices, only switch devices, only router devices, or any combination of these devices. One of the strengths of creating a single policy for multiple device types is that you may only need one unified policy for all your devices. The policy can include one or more SSIDs (service set identifiers), device templates and port types, as well as other configuration elements for networking, including management services, such as QoS and VPN tunneling.
This topic guides you through the basic steps to enable Extreme Networks devices to provide clients with network access. This process assumes that APs and routers have been deployed and have established secure CAPWAP connections with ExtremeCloud IQ. Switches do not use CAPWAP connections. Extreme Networks routers and APs run IQ Engine and communicate with ExtremeCloud IQ using CAPWAP on UDP port 12222 or CAPWAP-over-HTTP on TCP port 80. This is true whether they communicate with ExtremeCloud IQ on premises or in the cloud. Other supported devices communicate with ExtremeCloud IQ using HTTPS on TCP port 443.
- ExtremeCloud IQ requires only one network policy for all network devices, but can support hundreds of network policies. ExtremeCloud IQ Connect supports up to three network policies.
If you are using Hierarchical ExtremeCloud IQ with full administrative rights, then you can create master network policies, which you can clone to other organizations. You create a master network policy in the same way that you create a normal network policy, except that you must select Enable Policy Cloning.
- Cloned master network policies do not support settings that rely on RADIUS servers or user groups. For example, cloned network policies cannot use guest self-registration because it requires a user group. PPSK and 802.1X Enterprise are also not available to clone because PPSK requires user groups and 802.1X Enterprise requires a RADIUS server.
Network Policy Configuration Tabs
There are multiple tabs as part of the network policy configuration process:
Policy Details: When you create a new policy, you are prompted to choose a policy type: wireless (APs), switches, routing, or any combination of these. You will create a policy name and an optional description.
Wireless Networks: Define the wireless network (SSID) profile name, the SSID name—which can be the same as or different from the SSID profile name—and the bands on which to broadcast each SSID. Configure SSID usage, user access, and additional settings. See "Standard Wireless Network Settings" and "Guest Access Wireless Network Settings".
Device Templates: Set up AP and switch device templates using the following subtabs:
AP Templates: Select a template for a specific AP model, and then assign port type and radio settings. See "AP Templates".
Switch Templates: Select a template for a specific switch model, and then assign STP, IGMP, MTU, PSE, flow control, and management interface settings. See "Switch Templates".
Router Settings: Define wired or wired and wireless router templates, assign port usage settings, and specify authentication. See "Router Template" .
Additional Settings: Configure additional settings pertaining to networking, management services, QoS, and VPN tunneling.
Deploy Policy: After you have saved your network policy, you must push the configuration to your network devices. See "Deploy a Network Policy" .
Add a New Network Policy
To add a new network policy from the Network Policies window, do the following:
- Select Add above the Network Policies table, or click Add Network Policy. In the New Policy window, select a device policy type. Choose the types of policy to create: Wireless (APs), (wired) Switches, Routing, or any combination, including all three. When you are viewing or editing an existing policy, you can change the Wireless, Switches, and Routing selections, and change the policy name and description, or you can select Save to continue to the Wireless Settings tab.
- Enter a name for the new network policy. The name can contain up to 32 characters without spaces.
- Enter an optional description for the network policy. The description can contain up to 64 characters, including spaces.
- Enable or disable "Insights Proximity & Presence" for the network policy. Configure Presence analytics for the APs in the network policies in the "Presence Analytics" window.
- If you are using Hierarchical ExtremeCloud IQ as a top-level administrator, you can select Enable Policy Cloning to create a master network policy template that other organizations can use.
- Select Save. The highlighted tab changes from Policy Details to Wireless Networks, Device Templates, Router Settings, or Additional Settings.
Configure Wireless Networks (SSIDs) and Templates
To add a Guest Access wireless network, in the Wireless Networks subtab, select Add/Guest Access Network and then add one or more wireless networks (SSIDs) and select Save for each wireless network. For details , see "Guest Access Wireless Network Settings".
If you are cloning a master network policy, to add a standard wireless network, in the Wireless Networks subtab, select Add/All other networks (standard) and then add one or more wireless networks (SSIDs) and select Save for each one. See "Standard Wireless Network Settings".
- Select the Device Templates subtab to configure device templates for your wireless network. See "AP Templates".
- After you create each device template, select Save.
- Select Next.
Configure Switch Settings
- In the Switch Settings tab, create one or more wired switch templates. See "Switch Templates".
- Select Next to configure Router Settings or Additional Settings.
Configure Router Templates
- In the Router Settings tab, create router templates. See "Router Template".
- After you create each router template, select Save. When you are finished, select Next.
- Continue with the following sections.
Configure Additional Settings
- If you are not configuring additional settings, select Next. The highlighted tab changes from Additional Settings to Deploy Policy.
- In the Additional Settings subtab, configure management server settings, policy settings, network services, QoS options, and security settings.
- Select Next.
- Deploy the network policy as described below.
View and Filter the Deploy Policy List
By default, ExtremeCloud IQ displays devices that have already been assigned to a network policy in the Apply the network policy to selected devices panel. This is a safety precaution to protect against accidentally assigning the active policy to devices that have been assigned to other admin-defined policies. However, you can apply the active network policy to devices currently assigned to other policies if you like. To view other devices so that you can select them, use the FILTER BY section to the left of the device table.
Network Policy: By default, ExtremeCloud IQ displays devices for all network policies. If you choose a network policy from the drop-down list, then only devices to which that policy applies are shown.
Device Type: By default, ExtremeCloud IQ displays only real device models. You can also choose to see all devices (real and simulated).
Remember This Filter: To save the filter, select Save next to FILTER BY, enter a name in the field in the Save Filter dialog box, and select Save. The name can contain up to 20 characters, including spaces. The saved filter appears in the MY FILTERS section at the top of the left-hand column.
Deploy Your Network Policy
To deploy your network policy, see "Upload a Configuration".