ExtremeControl Access Control
The Access Control tab provides secure, policy-based management for the ExtremeControl solution. It configures and manages ExtremeControl gateways, provides user to device location mapping services, generates network endpoint audit reports and interfaces with other security management applications.
Contact your sales representative for information on obtaining an ExtremeCloud IQ Site Engine software license.
The Access Control tab contains three main navigation trees in the left-panel:
ExtremeControl Configuration
The ExtremeControl Configuration lets you manage the end-user connection experience
and control network access based on a variety of criteria including
authentication, user name, MAC address, time of day, and location. ExtremeCloud IQ Site Engine
comes with a default ExtremeControl Configuration which is automatically assigned to your ExtremeControlengines. You can use this default configuration as is, or make changes to the
default configuration, if desired.
Configure a registration that forces any new end-system connected on the network to
provide the user's identity in a web page form before being allowed access to the
network. End users are automatically provisioned network access on demand
without time-consuming and costly network infrastructure reconfigurations.
In addition, IT operations gains visibility into the end-systems and their
associated users (for example, guests, students, contractors, and employees) on the
network.
Via the ExtremeControl Configuration, you can also configure agent-less or agent-based security posture
assessment of endpoints. The Access Control tab uses assessment
servers to assess and audit connecting end-systems and provide details about an
end-system's patch levels, running processes, anti-virus definitions, device type,
operating system, and other information critical in determining an end-system's
security compliance. End-systems that fail assessment can be dynamically quarantined
with restrictive network access to prevent security threats from entering the network.
Assisted remediation is a process that informs end users when their end-systems have
been quarantined due to network security policy non-compliance, and allows end users to
safely remediate their non-compliant end-systems without assistance from IT operations. After the remediation steps have been successfully
performed and the end-system is compliant with network security policy, the appropriate
network resources are allocated to the end-system, again without the intervention of IT operations.
ExtremeControl Group Editor
The ExtremeControl Engine Groups tree presents groups of ExtremeControl engines you configure into engine groups. Information for engine groups is organized into four tabs in the right-panel, each showing different information relating to the engine group selected:
- Details — Displays basic information about the engine group as well as information about how the engines in the group are configured.
- Switches — Shows the switches monitored by the gateway engines in the group and allows you to add, delete, and edit the switch configuration.
- End-Systems — Displays end-systems monitored by the ExtremeControl engines in the selected engine group.
- ExtremeControl Engines — Displays the ExtremeControl engines added to the engine group. Right-clicking an engine in the table displays a menu from which you can configure the engine. You can also preview the changes you are making to an engine when you enforce by selecting Enforce Preview.
All ExtremeControl Engines
The All ExtremeControl Engines tree displays all of your ExtremeControl engines. Selecting an engine displays information in three tabs:
- Details — Displays basic information about the engine, provides a summary of the interface, and allows you to disable ExtremeControl authentication and assessment.
- End-Systems — Displays end-systems monitored by the ExtremeControl engine.
- Switches — Shows the switches monitored by the gateway engine and allows you to add, delete, and edit the switch configuration.
For information on related help topics: