Initial Configuration Checklist

---

ExtremeCloud IQ Site Engine allows you to monitor and manage your entire network via a single web-based interface. Organized into tabs, network information is easy-to-find and complex workflows are accomplished with minimal navigation.

When you first log into ExtremeCloud IQ Site Engine, the database is empty of network devices and the Administrator access through which you are currently logged in is the only set of user credentials.

This topic includes instructions detailing the initial setup of your network in ExtremeCloud IQ Site Engine, which includes adding and mapping devices as well as configuring user and device authorization credentials.

For additional information about using this help system, see Using the Help System.

IMPORTANT:

These instructions assume ExtremeCloud IQ Site Engine is already installed. For additional information about installing ExtremeCloud IQ Site Engine, see ExtremeCloud IQ Site Engine Suite Installation.

Devices

When first accessing ExtremeCloud IQ Site Engine, configure the default device settings, create the organizational structure of the geographic location of your devices, and add the devices to the ExtremeCloud IQ Site Engine database.

Sites

When you first open ExtremeCloud IQ Site Engine, use the Site tab to configure the default settings that apply to devices you add to ExtremeCloud IQ Site Engine.

Profiles allow you to configure different sets of SNMP and CLI credentials for read access, write access, and maximum access. After you create profiles, assign them to devices to allow users appropriate access based on the credentials they use for a device.

NOTE:

ZTP+ enabled devices use a different device discovery process. For additional information on discovering devices using ZTP+, see ZTP+ Device Configuration.

1. Open the Network > Devices > Sites > World tab.
2. Select the Add button in the Addresses list to discover your devices.

NOTE:

ExtremeCloud IQ Site Engine only allows a subnet search of a 16-bit mask or higher when discovering devices.

3. Select the Add button in the Profiles section of the window to open the Add Profile window. Select New in the drop-down list to create SNMP and CLI credentials for the profile and select the Save button.
4. Select the profiles you want the devices on your network to Accept or Reject using the Profiles list.
   For additional information about profiles, see Profiles tab.
5. Select the Automatically Add Devices checkbox and any other appropriate actions for your devices in the Device Actions section of the window.
6. Repeat the process for all devices added to this site.
7. Create additional sites for devices that require different configurations.
   For additional information about sites, see Site tab.
8. Select Save.

Maps

After you create sites for your devices, add a map or multiple maps for each site, which represent their physical geographic location.

Organizing devices into maps is accomplished using a "top-down" approach, where maps are first created at the largest organizational unit in your network (e.g. a country, city, or building) from the World Site map.

After the largest maps are created, create smaller maps contained within each of those maps. This nests your smaller maps within each of the larger maps until your maps are as granular as you require. You can then create maps for a single floorplan (when adding access points), or a single topology map (when adding wired devices).

After your map structure is defined, create map links to provide access to smaller maps from within larger maps.

As you add devices to the appropriate smallest organizational unit map, they are also accessible using the links available in the building maps and the world map.

Initially the Network > Devices > World Site > Site tab displays.

1. Right-click the World Site navigation tree in the left-panel and select Maps > Create New Map.
   
   The Create New Map window appears.
2. Enter a name for the largest map in your network (e.g. a building, a group of buildings, a city, a country).
3. Select OK to create the map.
   
4. Right-click your newly created map and select Maps > Create New Map.
   
   The Create New Map window appears.
5. Create the maps that belong within the map you created in step 3.
6. Repeat the above steps to add all geographic, floorplan, and topology map maps on your network.
7. Add map links to allow access to nested maps from larger maps.
   1. In the Maps navigation tree, right-click on the map from which you want to link and select Maps > Edit Map or select File > Edit button in the map properties panel.
   2. The map's property panel opens in Edit mode. Select File > Add > Map Link.
   3. The Add Link to Map window opens.
      
   4. From the drop-down list, select the map to which you want to link and select OK.
   5. The map link is added to the map and can be repositioned, if desired.
   6. Select the Save button to save the map and close the properties panel.

   For additional information about maps, see Maps tab.
   

Adding Devices

After discovering your devices, configure individual devices and add them to the ExtremeCloud IQ Site Engine database via the Discovered tab.

1. Select Discover.
2. Open the Operations table at the bottom of the ExtremeCloud IQ Site Engine window by selecting the Clock icon in the Top menu to monitor the progress of the device discovery.
3. Open the Network > Discovered tab when the device discovery is complete.
   The Discovered tab displays.
4. Open the Network > Discovered tab in ExtremeCloud IQ Site Engine.
   For more information about the Discovered tab, see Discovered tab.
5. Select the devices you want to add to the ExtremeCloud IQ Site Engine database and select the Add Devices button. The Add Devices window opens.
   The window is populated with the information you entered on the Site tab.
6. Enter any device-specific information, or change information that does not match the device defaults set on the Site tab.
7. Select the Add button.
   The devices are added to the ExtremeCloud IQ Site Engine database and move from the Network > Discovered tab to the Network > Devices tab.
8. Open the Administration > Users tab.
   The Users tab displays.

Now that devices are organized, device credentials are created via profiles, and devices are added to ExtremeCloud IQ Site Engine, the next step is to add authorized users with access to specific features.

Users

Users are given access to parts of ExtremeCloud IQ Site Engine based on the authorization group to which they are assigned. Assign a set of capabilities for each authorization group and then add users to each authorization group depending on the capabilities they require.

Select the Acquire Lock button in the Users/Groups Access section at the top of the tab. This button locks access to the tab for all other users and allows you to make changes to the authorization groups and authorized users.

IMPORTANT:

ExtremeCloud IQ Site Engine does not save passwords. Users you create are authenticated against the Operating System, the RADIUS server, or the LDAP server, depending on the authentication method you select.

Authorization Group

Create authorization groups for each group of ExtremeCloud IQ Site Engine users via the Authorization Groups section at the bottom of the Users tab.

1. Select the Add button.
2. Enter the appropriate information for each authorization group using ExtremeCloud IQ Site Engine.
   The Capability section of the window allows you to expand each capability tree by selecting the arrow to the left of the checkbox to display more specific tasks. Select only those that apply to each user group. Additionally, you can search for a specific capability in the Search field above the tree.
3. Select the Save button to create the authorization group.
4. Repeat the process to create the necessary authorization groups.
   For additional information about authorization groups, see Authorization Group Table.

Authorized Users

Next, use the Authorized Users section of the Administration > Users tab to create the users who require access to ExtremeCloud IQ Site Engine and add them to an authorization group depending on the level of access they require.

1. Select the Add button.
2. Enter a User Name, a Domain/Host Name (if necessary), and select the Authorization Group with the appropriate level of access for the user.
3. Select the Save button to save the new user.
4. Repeat the process to add all ExtremeCloud IQ Site Engine users for each authorization group.
   For additional information about authorized users, see Authorized Users.

Authentication Method

Finally, use the Authentication Method section of the Administration > Users tab to select the method by which users authenticate when accessing ExtremeCloud IQ Site Engine.

ExtremeCloud IQ Site Engine supports three authentication methods to authenticate users: using the underlying host operating system, using a specified LDAP configuration, or using specified RADIUS servers.

1. Select the Authentication Type using the drop-down list.
   
   The options change based on the Authentication Type selected.
2. Select the supplemental information based on the type selected.
   For additional information about the authentication method, see Authentication Method.
3. Select the Release Lock button to allow other users to make changes.

The initial configuration is complete and your devices and users are saved to the ExtremeCloud IQ Site Engine database.

Additional Device Configuration

Now that your devices and users are added to the ExtremeCloud IQ Site Engine database, configure optional settings in ExtremeCloud IQ Site Engine, including:

• The SMTP server from which ExtremeCloud IQ Site Engine sends emails
• The file transfer settings used when updating firmware
• Policy creation on your network
• End-system monitoring
• Application analysis

Configuring Email Settings

You can configure ExtremeCloud IQ Site Engine to send emails to users in certain circumstances, including as an alarm action when an alarm occurs and to send periodic status reports about your network. Enter the email information for the user from which emails are sent on the SMTP Email Options Panel.

1. Open the Administration > Options tab.
2. Select SMTP Email from the left panel.
3. Enter the SMTP server information for outgoing emails.
4. Enter the password and email address for the user from whom ExtremeCloud IQ Site Engine is sending emails.
5. Select the Save button.
   For additional information about the SMTP Email Options panel, see SMTP Email Options.

Configuring File Transfer Settings

This section outlines how to configure ExtremeCloud IQ Site Engine to update firmware images and save archives for the following server types:

• FTP Server
• SCP Server
• TFTP Server

FTP Server

Configuring file transfer settings in ExtremeCloud IQ Site Engine for an FTP server includes entering the credentials to download firmware updates from ExtremeNetworks.com, selecting the directory path to which updates are saved, and entering the FTP user credentials.

1. Open the Administration > Options tab.
2. Select ExtremeNetworks.com Updates from the left panel.
   
   The ExtremeNetworks.com Updates panel displays.
3. Enter your credentials to access firmware and ExtremeCloud IQ Site Engine updates in the Update Credentials section of the window and select Save.
   For additional information about the ExtremeNetworks.com options panel, see ExtremeNetworks.com Updates Options.
4. Expand the Inventory Manager > File Transfer navigation tree in the left panel of the Options tab and select FTP Server Properties.
   
   The FTP Server Properties panel displays.
5. Enter the credentials to access the server in the Login Information section of the window.
6. Enter the firmware directory path or use the default path in the Firmware Directory Path field and select Save. Downloaded firmware images must be saved in this location to be available for FTP file transfers from ExtremeCloud IQ Site Engine.
   For additional information about this panel, see FTP Server Properties Settings.

SCP Server

Configuring file transfer settings in ExtremeCloud IQ Site Engine for an SCP server includes entering the credentials to download firmware updates from ExtremeNetworks.com, selecting the directory path to which updates are saved, and entering the SCP user credentials.

1. Open the Administration > Options tab.
2. Select ExtremeNetworks.com Updates from the left panel.
   The ExtremeNetworks.com Updates panel displays.
3. Enter your credentials to access firmware and ExtremeCloud IQ Site Engine updates in the Update Credentials section of the window and select Save.
   For additional information about the ExtremeNetworks.com options panel, see ExtremeNetworks.com Updates Options.
4. Expand the Inventory Manager > File Transfer navigation tree in the left panel of the Options tab and select SCP Server Properties.
   The SCP Server Properties panel displays.
5. Enter the SCP user credentials to access the server in the Login Information section of the window.
6. Enter the firmware directory path or use the default path in the Firmware Directory Path field and select Save. Downloaded firmware images must be saved in this location to be available for SCP file transfers from ExtremeCloud IQ Site Engine.
   For additional information about this panel, see SCP Server Properties Settings.

TFTP Server

Configuring file transfer settings in ExtremeCloud IQ Site Engine for a TFTP server includes entering the credentials to download firmware updates from ExtremeNetworks.com and selecting the directory path to which updates are saved.

1. Open the Administration > Options tab.
2. Select ExtremeNetworks.com Updates from the left panel.
   The ExtremeNetworks.com Updates panel displays.
3. Enter your credentials to access firmware and ExtremeCloud IQ Site Engine updates in the Update Credentials section of the window and select Save.
   For additional information about the ExtremeNetworks.com options panel, see ExtremeNetworks.com Updates Options.
4. Select TFTP Properties in the left-panel Inventory Manager > File Transfer navigation tree.
   The TFTP Properties panel displays.
5. Enter the firmware directory path or use the default path in the Directory Path field in the Firmware section and select Save. Downloaded firmware images must be saved in this location to be available for TFTP file transfers from ExtremeCloud IQ Site Engine.
   For additional information about this panel, see TFTP Properties Settings.

Configuring Policies

The Control > Policy tab enables you to create policy profiles, called roles, which are assigned to the ports in your network. These roles are based on the existing business functions in your company and consist of services that you create, made up of traffic classification rules. Roles provide four key policy features: traffic containment, traffic filtering, traffic security, and traffic prioritization.

For additional information about creating policies, see Policy tab.

Configuring ExtremeControl

The Control > ExtremeControl tab provides secure, policy-based management for your ExtremeControl solution. The tab allows you to configure and manage ExtremeControl gateways, provides user-to-device location mapping services, generates network endpoint audit reports, and interfaces with other security management applications.

For additional information about configuring the end-user experience, see ExtremeControl tab.

Configuring ExtremeAnalytics

ExtremeAnalytics provides Layer 7 application visibility on your network. Combining ExtremeCloud IQ Site Engine, S-Series and/or K-Series devices, and the ExtremeAnalytics engine, this feature integrates application, user, and device data to give you a full understanding of the applications on your network and who's using those applications.

For additional information about configuring an ExtremeAnalytics engine, see Analytics tab.