Device Config - Access Role Profile

The Unified Profile Device Config Access Role Profile Screen displays information about all devices/AP Groups to which an Access Role Profile has been assigned. You can edit an Access Role Profile on an AOS Device or AP Group, or delete a profile from an AOS Device or AP Group. To display AOS Device information, click on the Devices ADD button and select a device(s). To display AP Group information, click on the AP Group ADD button and select an AP Group(s). To add/remove devices/AP Groups from the display, click on the applicable EDIT button.

Important Note: Any configuration updates applied in the Device Config application are only applied to the selected devices/AP Groups. The updates will not affect the corresponding SSIDs, Unified Access Profiles/Templates.

Editing an Access Role Profile

Select a device/AP Group in the Access Role Profile List and click on the Edit icon to edit the field(s) as described below. When you are finished, click on the Apply button. Note that support for different parameters varies by device type.

Access Role Profile Attributes

• Policy List - An Access Role Profile can also be configured with an existing Unified Policy List. The set of rules within the Unified Policy List are then applied to the traffic that passes though switches/wireless devices. Only one Unified Policy List is allowed per profile, but multiple profiles may use the same Policy List. Select a Unified Policy List for the profile from the drop-down menu.
• Upstream Bandwidth - The maximum bandwidth limit allocated for ingress traffic on UNP ports assigned to the profile. If the maximum ingress bandwidth value is set to zero, all ingress traffic is allowed on the UNP port.
• Downstream Bandwidth - The maximum bandwidth limit allocated for egress traffic on UNP ports assigned to the profile. If the maximum egress bandwidth value is set to zero, all egress traffic is allowed on the UNP port.
• Upstream Burst (AOS 6) - This value determines how much the traffic can burst over the maximum ingress bandwidth rate. When the ingress depth value is reached, the switch starts to drop packets.
• Downstream Burst (AOS 6) - This value determines how much the traffic can burst over the maximum egress bandwidth rate. When the egress depth value is reached, the switch starts to drop packets.

Deleting an Access Role Profile

Select a device(s)/AP Group(s) in the Access Role Profile List and click on the Delete icon, then click OK at the confirmation prompt.

Access Role Profile Information

• Device Friendly Name - The user-defined name for the device.
• Profile Name - The name assigned to the Access Role Profile
• VLAN(s) Number - The VLAN mapping for the profile.
• Auth Flag -Enables/Disables authentication (not supported on wireless devices and ignored when applied to those devices).
• Mobile Tag Status - Enables/Disables classification of tagged packets received on mobile ports (not supported on wireless devices and ignored when applied to those devices).
• Redirect Status - Enables/Disables Captive Portal Redirect (not supported on wireless devices and ignored when applied to those devices). Note that if Redirect Status is enabled, the Access Role Profile can only map to a VLAN when applying the profile to a device.
• Policy List - The name of the Policy List assigned to the profile. The set of rules within the Policy List are applied to the traffic that passes though switches/wireless devices. Only one Policy List is allowed per profile, but multiple profiles may use the same Policy List.
• Location Policy Name - The name of the Location Access Policy assigned to the profile.
• Period Policy Name - The name of the Period Policy assigned to the profile..
• Captive Portal Auth - The type of Captive Portal Authentication ( None, Internal, or External).
• External Captive Portal Auth - Enables/Disables external Captive Portal.
• Portal Server - The FQDN/IP address of the external captive portal server.
• Redirect URL - The redirect URL for the captive portal authentication.
• HTTPS Redirection - Specify whether the redirect portal page is using HTTPS protocol.
• AAA Server Profile - The AAA Server used for Captive Portal Authentication.
• Custom Profile - The External Captive Portal Config File used for communication between APs and the External Portal Server. The External Captive Portal Config File is configured on the AP Groups Screen in the AP Registration application.
• Captive Portal Profile - A Captive Portal Profile can be applied to AOS devices. Only one Captive Portal Profile is allowed per profile, but multiple profiles may use the same Captive Portal Profile.
• Inactivity Interval - The amount of time, in seconds, before an authenticated device is automatically logged out of the network due to inactivity (MAC address for the device has aged out). This timer value applies only to devices learned in the profile.
• Client Session Logging - Enables/Disables client session logging.
• Client Connection Logging Level:
  • Logging HTTP/HTTPs - Log only the HTTP/HTTPs web session of wireless clients.
  • Logging ALL - Log all sessions of wireless clients, including HTTP/HTTPs.
  • None - Log only client online/offline behavior, without session details.
• WCF Profile - The specified WCF Profile for the Access Role Profile. An Access Role Profile can only contain one WCF Profile.
• Wireless Client Social Login Vendor - The vendor(s) selected to allow a wireless client to authenticate through a social media vendor (Facebook, Google, and Rainbow are supported). OmniVista automatically configures the Allowlist Domains for the selected vendor(s). This allows the user to connect over the Internet to the selected vendor(s) for authentication.
• Allowlist Domains - Facebook, Google, Rainbow login, or any user-specified Allowlist Domain that allows a user to connect to sites over the Internet without authentication. For example, a hotel may want to allow a guest to connect to their website without authentication. Domains must be in Fully Qualified Domain Name (FQDN) format (e.g., www.marriot.com, www.bbc.com). IP Addresses and http/https prefixes should not be used.
• Allowed list of devices for an isolated client - The MAC addresses of devices that a client is allowed to access when the Client Isolation mode is enabled. When Client Isolation is enabled for the client SSID or the Access Authentication Profile for the switch port to which the AP is connected, traffic between clients on the same AP in the SSID is blocked; client traffic can only go toward the default gateway.
• Upstream Bandwidth - The maximum bandwidth limit allocated for ingress traffic on UNP ports assigned to the profile. If the maximum ingress bandwidth value is set to zero, all ingress traffic is allowed on the UNP port. (Not supported on AOS 7.3.4 switches and ignored when applied to those devices.)
• Downstream Bandwidth - The maximum bandwidth limit allocated for egress traffic on UNP ports assigned to the profile. If the maximum egress bandwidth value is set to zero, all egress traffic is allowed on the UNP port. (Not supported on AOS 7.3.4 switches and ignored when applied to those devices.)
• Upstream Burst - The maximum ingress depth value that is applied to traffic on UNP ports that are assigned to the profile. This value determines how much the traffic can burst over the maximum ingress bandwidth rate. The maximum ingress depth value is configured in conjunction with the maximum ingress bandwidth parameter. When the ingress depth value is reached, the switch starts to drop packets. (Not supported on AOS 7.3.4 switches and ignored when applied to those devices.)
• Downstream Burst - The maximum egress depth value that is applied to traffic on UNP ports that are assigned to profile. This value determines how much the traffic can burst over the maximum egress bandwidth rate. The maximum egress depth value is configured in conjunction with the maximum egress bandwidth parameter. When the egress depth value is reached, the switch starts to drop packets. (Not supported on AOS 7.3.4 switches and ignored when applied to those devices.)
• Mapping Type - Whether the Access Role Profile is mapped to a VLAN or service.
• Mapping Name - The VLAN, service, or tunnel ID to which the profile is mapped.
• MIB set - The Mibset List that applies to this profile.
• DHCP Option 82 - Enables/Disabled the DHCP Option 82 Feature.