Use this window to add a new end-system group or edit an existing end-system group. End-system groups are rule components that enable you to group together devices having similar network access requirements or restrictions. You can access the Add/Edit End-System Group window from the Manage Rule Groups window or from the end-system group field in the Create Rule window.
There are six system-defined end-system groups automatically populated by ExtremeCloud IQ Site Engine. The first is the Assessment Warning end-system group that includes end-systems that have assessment warnings and must acknowledge them before being granted access to the network. The second is the blocked list end-system group that includes end-systems denied access to the network. The other four system-defined groups are populated as end-systems register through the Registration portal.
You can access the Create Group window by accessing the Access Control tab and selecting ExtremeControl Configurations > Group Editor > End-System Groups in the left-panel menu and selecting the Add button in the right panel.
| NOTE: | Changes to rule components do not require an enforce. Changes are automatically synchronized with engines on the next status update. Changes
do not affect end-systems until the next authentication and/or assessment
occurs. |
|---|
- Description
- Enter a description of the end-system group. If you are using Data Center Manager (DCM), the end-system group description contains the DCM specific settings as key/value pairs.
- Type
- Specify whether the end-system group be based on:
- MAC - a list of MAC addresses, MAC OUI, or MAC Masks.
- IP - a list of IP addresses or subnets.
- Hostname - a list of hostnames: exact match or wild card (for example, *.extremenetworks.com).
- LDAP Host Group - a way to group hosts by doing an LDAP lookup on the resolved hostname of the end-system detected on the network. Note for the standard use with Active Directory, the Engine Settings > Hostname Resolution must be configured to use DNS Hostname Resolution so ExtremeCloud IQ Site Engine can resolve the Fully Qualified Domain Name. In the LDAP configuration, you must also have the "Use Fully Qualified Domain Name" checkbox selected.
- Mode
- For LDAP Host Groups, the mode option lets you specify whether to match any or match all of the LDAP attributes listed below. You can also use "Exists" to just check to see if a host is present in LDAP.
- Custom 1
- Displays additional information about the end-system. Up to four custom columns can be added to the table. The columns for Custom 2, Custom 3, and Custom 4 are hidden by default. To display these columns, select the down arrow next to the Custom 1 column header and select Columns > Custom 2, Custom 3, or Custom 4.
- Add Button
- Select the Add button to open the Add Entry window, from which you can add an entry to the table. To add or edit custom information, right-click on the table
entry and select Edit Custom Information. You can add information for up
to four Custom columns.
- Edit Button
- Select an entry in the Entry Editor section of the window and select the Edit button to open the Edit Entry window, from which you can edit an existing entry.
- Delete Button
- Select an entry in the Entry Editor section of the window and select the Delete button to delete an existing entry.
- Filter
- Use the Filter functions to filter for a specific entry based on a numeric value or text.
For information on related help topics: