How to Use Device Type Profiling

---

This Help topic describes how to set up device type profiling in your ExtremeControl Configuration using device type rule groups. Device type profiling lets you assign ExtremeControl profiles to end-systems based on operating system family, operating system, or hardware type. This allows you to use the end-system's device type to determine the end user's level of network access control and whether the end-system is scanned. For more information on device type groups, see the Add/Edit Device Type Group Window Help topic.

	NOTE:	Assessment provides the most accurate determination of device type. If the initial device type determination is not based on assessment results, it can be less reliable. For that reason, device type rule groups should be based on broad families of device types.

Here are some examples of how device type profiling can be used to determine network access:

• When an end user with valid credentials logs in to the network on a registered iPad versus a registered Windows 10 machine, they receive a lower level of network access.
• When an end user registers a Windows machine using its MAC address, another user cannot spoof that MAC address using a Linux system. (Device profiling does not resolve this issue in environments with dual boot machines.)
• If an end user exports a certificate from a corporate PC to an iPad and successfully authenticates with 802.1x, the iPad is not allowed full network access.

Device Profiling Use Case

This section provides high-level instructions for configuring device type profiling for a sample use case. In this scenario, the network administrator has the following network access requirements:

• All Windows registered devices should be assigned the "Default ExtremeControl Profile."
• All Windows 10 registered devices should be assigned the "Windows10 Profile."
• All Linux registered devices should be assigned the "Default ExtremeControl Profile." In addition, a new Linux version called SuperLinux needs to be added to the Linux family device type.
• All HP Printers should be assigned the "HP Printer Profile."

To do this, create four rules in your ExtremeControl configuration that use device type as criteria for matching rules to end-systems authenticating to the network. The following instructions assume that you already created your profiles: Basic Profile, Windows10 Profile, and HP Printer Profile.

1. Expand the Default left-panel tree (Control > ExtremeControl> ExtremeControl Configurations > Default).
   
2. Select the Rules left-panel option and select the Add button in the right panel.
   
   
3. Create a rule that assigns the Default ExtremeControl Profile to all Registered Guests using Windows devices as shown below.
   
   
   
4. Create a rule that assigns the Windows10 Profile to all Windows 10 registered devices. To do this, you need to create a new Windows 10 device type group.
   1. From the ExtremeControl Configurations left-panel tree, expand the Group Editor tree.
      
   2. Select Device Type Groups and select the Add button in the right panel.
      
      
      
   3. Create a new device type group with the name Windows 10.
      
      
   4. Select Create. The Device Type Entry Editor displays.
      
      
   5. Select the Add button. The Add Entry window displays.
      
      
   6. Select the Select from Existing Types button and in the Select Device Types window, select Windows 10.
      
      
   7. Select the Add Selected button.
   8. Select the Save & Close button on the Add New Group window.
   9. You can then create the rule.
   10. Select the ExtremeControl Configurations > Default > Rules left-panel option and select the Add button in the right panel.
   11. In the Profile drop-down list, select New. The Create New Profile window displays.
       
       
   12. Enter the name Windows10 in the Name field and select the Create button.
       
       The ExtremeControl Profile window opens.
   13. Select Save.
   14. Configure the rule as shown in the screenshot below.
       
       
   15. Select Save.
       
5. Create a rule that assigns the Default ExtremeControl Profile to all Linux registered devices and add the SuperLinux version to the Linux family device type. To do this, you need to create a new Linux device type group that includes SuperLinux.
   1. Create the My Linux device type group to include the devices in the Linux device type group using the Select from Existing Types button in the Add Entry window as discussed in step 4f above.
      
      
   2. Select the Add button and in the Add Entry window, create the SuperLinux Device Type as shown below.
      
      
   3. Select Add to save the SuperLinux device type to the My Linux device type group.
   4. Select the Save & Close button on the Add New Group window.
      
6. Create a rule that assigns the HP Printer Profile to all HP printers on the network. To do this, create a new HP Printers device type group.
   1. Open the Add New Group window by selecting the Add button on the ExtremeControl Configurations > Group Editor > Device Type Groups panel.
      
      
   2. Select Create. The Device Type Entry Editor section displays.
   3. Add the HP Printers via the Add Entry window by selecting the Add button as shown below.
      
      
      
   4. Select Save & Close to save the HP Printers group.
      
   5. Select Rules in the left-panel tree (ExtremeControl Configurations > Default > Rules).
   6. Select Add in the right-panel to open the Add Rule window.
   7. Select the New option in the Profile drop-down list and create the HP Printer Profile.
   8. Create the HP Printers rule using the following criteria.
      
      
   9. Select Save.
      
7. Your ExtremeControl Configuration now contains the following rules used to determine network access and assessment requirements based on device type.

---

Related Information

For information on related help topics:

• Add/Edit Device Type Group Window
• Create Rule Window
• Manage Rule Groups Window