Add/Edit End-System Group


Use this window to add a new end-system group or edit an existing end-system group. End-system groups are rule components that enable you to group together devices having similar network access requirements or restrictions. You can access the Add/Edit End-System Group window from the Manage Rule Groups window or from the end-system group field in the Create Rule window.

There are six system-defined end-system groups automatically populated by ExtremeCloud IQ Site Engine. The first is the Assessment Warning end-system group that includes end-systems that have assessment warnings and must acknowledge them before being granted access to the network. The second is the blocked list end-system group that includes end-systems denied access to the network. The other four system-defined groups are populated as end-systems register through the Registration portal.

You can access the Create Group window by accessing the Access Control tab and selecting ExtremeControl Configurations > Group Editor > End-System Groups in the left-panel menu and selecting the Add button in the right panel.

  NOTE: Changes to rule components do not require an enforce. Changes are automatically synchronized with engines on the next status update. Changes do not affect end-systems until the next authentication and/or assessment occurs.

Add New Group

Name
Enter a new name for the end-system group. You cannot edit the name of a group.
Description
Enter a description of the end-system group. If you are using Data Center Manager (DCM), the end-system group description contains the DCM specific settings as key/value pairs.
Type
Specify whether the end-system group be based on:
  • MAC - a list of MAC addresses, MAC OUI, or MAC Masks.
  • IP - a list of IP addresses or subnets.
  • Hostname - a list of hostnames: exact match or wild card (for example, *.extremenetworks.com).
  • LDAP Host Group - a way to group hosts by doing an LDAP lookup on the resolved hostname of the end-system detected on the network. Note for the standard use with Active Directory, the Engine Settings > Hostname Resolution must be configured to use DNS Hostname Resolution so ExtremeCloud IQ Site Engine can resolve the Fully Qualified Domain Name. In the LDAP configuration, you must also have the "Use Fully Qualified Domain Name" checkbox selected.
Value
The MAC address, IP address, Hostname, or Attribute value of the end-system.
Description
The description of the end-system group.
Mode
For LDAP Host Groups, the mode option lets you specify whether to match any or match all of the LDAP attributes listed below. You can also use "Exists" to just check to see if a host is present in LDAP.
Custom 1
Displays additional information about the end-system. Up to four custom columns can be added to the table. The columns for Custom 2, Custom 3, and Custom 4 are hidden by default. To display these columns, select the down arrow next to the Custom 1 column header and select Columns > Custom 2, Custom 3, or Custom 4.
Add Button
Select the Add button to open the Add Entry window, from which you can add an entry to the table. To add or edit custom information, right-click on the table entry and select Edit Custom Information. You can add information for up to four Custom columns.


Edit Button
Select an entry in the Entry Editor section of the window and select the Edit button to open the Edit Entry window, from which you can edit an existing entry.
Delete Button
Select an entry in the Entry Editor section of the window and select the Delete button to delete an existing entry.
Save Button
Select the Save button to save the location group.
Use the Multiple MAC OUI Entries button to open a window where you can select MAC OUI vendors.
Filter
Use the Filter functions to filter for a specific entry based on a numeric value or text.

For information on related help topics: