Adding and Modifying Device Groups

Policy Manager groups devices into Device Groups, which function as a component in service and role-mapping rules. Device groups can also be associated with enforcement profiles; Policy Manager sends the attributes associated with these profiles only if the request originated from a device that belongs to a device group. Administrators configure device groups at the global level. Device groups can contain the members of the IP address of a specified subnetSubnet is the logical division of an IP network., regular expression-based variation, or devices that are previously configured in the Policy Manager database.

Policy Manager lists all configured device groups in the Device Groups page .

 

The Device Group list displays device names together with their corresponding IP addresses, making it easier to locate and select devices. When adding or modifying a Device Group list, you can also select Network Access Server (NASNetwork Access Server. NAS provides network access to users, such as a wireless AP, network switch, or dial-in terminal server. ) devices based on both the device name and IP address.

In Policy Manager 6.9.7 and earlier releases, when adding a device group, you must perform all tasks from a single browser tab. The Policy Manager WebUI uses server-side session caching during add or edit workflows, so performing add or edit actions on the same device group from different tabs of the same browser can lead to data loss and impact network access.

Adding a Device Group

To add a device group:

1. Navigate to Configuration > Network > Device Groups .

The Network Device Groups page opens:

Figure 1  Device Groups Page

2. Click Add.

3. Complete the fields in the Add New Device Group page as described in the following figure:

Figure 2  Add New Device Group Page

4. Specify the Add New Device Group page parameters as described in the following table:

Table 1: Add New Device Group Page

Parameter

Action/Description

Name

Enter the name of the device group.

Description

Optionally, enter the description that provides additional information about the device group.

Format

Select the format: Subnet, Regular Expression, or List.

SubnetSubnet is the logical division of an IP network.

Enter a subnetSubnet is the logical division of an IP network. consisting of IPv4 network address and the network suffix (CIDRClassless Inter-Domain Routing. CIDR is an IP standard for creating and allocating unique identifiers for networks and devices. The CIDR IP addressing scheme is used as a replacement for the older IP addressing scheme based on classes A, B, and C. With CIDR, a single IP address can be used to designate many unique IP addresses. A CIDR IP address ends with a slash followed by the IP network prefix, for example, 192.0.2.0/24. notation). For example, 192.168.5.0/24. This parameter does not support IPv6 subnetsSubnet is the logical division of an IP network..

Regular Expression

Specify a regular expression that represents all IPv4 or IPv6 addresses matching that expression. For example, ^192(.[0-9]*){3}$.

NOTE: IPv6 addresses are not allowed in NADNetwork Access Device. NAD is a device that automatically connects the user to the preferred network, for example, an AP or an Ethernet switch. configurations when RadSec is enabled. CP-34279

List:

Available Devices

Selected Devices

Starting with Policy Manager 6.9, you can use the List format to create a group of IPv4 or IPv6 devices. Use the widgets to move device identifiers between Available and Selected. To filter the list based on the text in the associated text box, click Filter. The filter fields are case sensitive in Policy Manager 6.9.0-6.9.3, and case-insensitive starting with Policy Manager 6.9.4.

NOTE: IPv6 addresses are not allowed in NADNetwork Access Device. NAD is a device that automatically connects the user to the preferred network, for example, an AP or an Ethernet switch. configurations when RadSec is enabled.

5. Click Save.

Modifying a Device Group

To modify a device group:

1. From the Network Device Groups page, select the device group you wish to modify.

The Edit Device Group dialog opens.

Figure 3  Modifying an Edit Group

2. Modify the Device Group as necessary, then click Save.