Header Only - DO NOT REMOVE - Extreme Networks

IdentiFi location based roles


Userlevel 6
Hello, all!

Is there possibility to do location based roles with open SSID?
For, example - clients which in building/room have full access, clients which out of building/room have no access to Inet (if connect to SSID).

Do I need only IdentiFi+NetSight, or NAC too?

Is there Guide examples?

Thank you!

4 replies

Userlevel 5
Hi Alexandr

Yes, utilizing the NAC you can change the policies applying the the users based on loaction, time, device type ect...

So in your case you would create two locations, a "In building" and "out building" location.
You would add the appropriate AP's to each group.
So if the clients connects to SSID on the AP's that is part of the "In building" the NAC would return the appropriate internet access policy. If the client connects to SSID on the AP that is part of the "out building" another policy would apply that would limit internet access.

Hope this helps
Userlevel 6
Andre Brits Kannemeyer wrote:

Hi Alexandr

Yes, utilizing the NAC you can change the policies applying the the users based on loaction, time, device type ect...

So in your case you would create two locations, a "In building" and "out building" location.
You would add the appropriate AP's to each group.
So if the clients connects to SSID on the AP's that is part of the "In building" the NAC would return the appropriate internet access policy. If the client connects to SSID on the AP that is part of the "out building" another policy would apply that would limit internet access.

Hope this helps

Hello, Andre!

Can we do location based rules based on 1 ap?

Thank you!
Userlevel 5
Andre Brits Kannemeyer wrote:

Hi Alexandr

Yes, utilizing the NAC you can change the policies applying the the users based on loaction, time, device type ect...

So in your case you would create two locations, a "In building" and "out building" location.
You would add the appropriate AP's to each group.
So if the clients connects to SSID on the AP's that is part of the "In building" the NAC would return the appropriate internet access policy. If the client connects to SSID on the AP that is part of the "out building" another policy would apply that would limit internet access.

Hope this helps

Hi Alexandr

This will not be possible.
a locations consists of a AP - the NAC can not apply policies based on signal strength.
You can how ever configure the output power/ Probe suppression to disconnect the user when they move to a specific signal strength.

Userlevel 6
Andre Brits Kannemeyer wrote:

Hi Alexandr

Yes, utilizing the NAC you can change the policies applying the the users based on loaction, time, device type ect...

So in your case you would create two locations, a "In building" and "out building" location.
You would add the appropriate AP's to each group.
So if the clients connects to SSID on the AP's that is part of the "In building" the NAC would return the appropriate internet access policy. If the client connects to SSID on the AP that is part of the "out building" another policy would apply that would limit internet access.

Hope this helps

Can I do this per AP configuration?
Not per VNS.

Can you give me some example - where I can find this?

Thank you!

Reply