The Quarantine role is a highly restrictive role used to isolate users and restrict network access.
The Quarantine role is used in conjunction with the Extreme Networks Intrusion Prevention System (IPS) to create an automatic response to threats detected on the network. After the Quarantine role has been enforced to the network and the Extreme Networks IPS is properly configured, this role can be automatically set as the default role on any port where a threat has been detected. Normally, roles are applied to ports via authentication.
You can also set the Quarantine role as a port's default role if, for example, you have modified the role to provide some limited access and you want to use it as a "guest" role.
The Policy tab default domain includes the Quarantine role. However, if you add a new domain, you need to create the Quarantine role. For information on how to create a role, see How to Create a Role.
After you have created the role, you can modify the role's default class of service and access control settings, and make changes to the role's services and rules using the right-panel tabs, just like any other role. If you make any changes to the Quarantine role, keep in mind that the role can be used by other applications and should remain highly restrictive in nature.
Instructions on:
- Modifying the Quarantine Role: Use the right-panel tabs to modify the Quarantine role's default values and add or remove services.
- Setting the Quarantine Role as the Default Role on a Port: Use the right-panel General tab or the Port Configuration wizard to set the Quarantine role as a default role on a port.
Modifying the Quarantine Role
When you've created a Quarantine role, you can change its characteristics by selecting the role in the Policy tab's left panel and using the associated tabs in the right panel.
| NOTE: | You cannot rename the Quarantine role.
|
|---|
Modifying Default Values
Use the General tab to change the Quarantine role's default class of service and default access control settings, and to add or edit a description.
- Select the Quarantine Role in the left-panel Roles tab.
- In the right-panel General tab, select the desired default class of service and default access control settings.
- If desired, add or edit the role's description.
- Be sure to perform an Enforce to write the new Quarantine role to the devices.
Adding/Removing Services
Use the General tab to add or remove services to the Quarantine role.
- Select the Quarantine Role in the left-panel Roles tab.
- In the right-panel General tab, select Add/Remove Services. This opens the Add/Remove Services window.
- Make sure the Quarantine role is displayed in the Role selection box.
- Select the service or service group in the All Services & Service Groups and select the Right Arrow button to add them to the Selected Services & Service Groups list.
To remove services, select them in the Selected Services & Service Groups list and select the Left Arrow button. To remove all services, select the Double Left Arrow button.
NOTE: The Policy tab checks for rule conflicts when more than one service is added. See Conflict Checking for more information. - Select OK.
- Be sure to perform an Enforce to write the new Quarantine role to the devices.
Setting the Quarantine Role as the Default Role on a Port
There can be circumstances when you would like to use the Policy tab to assign the Quarantine role as the default role on one or more ports. For example, if you have modified the Quarantine role to provide limited access, you can use it as the default role for guest users on your network.
The Quarantine role is assigned as a default role just like any other role. Refer to Assigning Default Roles to Ports for instructions.
For information on related help topics: