Device Config - Access Classification

The Unified Profile Device Config Access Classification Screen displays information about all devices/AP Groups to which a Access Classification Profile has been assigned. You can edit the Access Classification Rule on a device, or delete the profile from a device(s). To display device/AP Group information, click on the Devices ADD button or AP Groups ADD button and select devices/AP Groups. To add/remove devices/AP Groups from the display, click on the applicable EDIT button.

Important Note: Any configuration updates applied in the Device Config application are only applied to the selected devices/AP Groups. The updates will not affect the corresponding SSIDs, Unified Access Profiles/Templates.

Editing an Access Classification Profile

Select a device/AP Group in the Access Classification Profile List and edit the field(s) as described below. When you are finished, click on the Apply button. Note that the parameters you can edit depend on the Access Classification Profile assigned to the device.

• ESSID (APs only) - Defines an Extended Service Set Identifier (ESSID) for the specified Access Role Profile. The specified Access Role Profile will be applied if the ESSID of AP (which client is associating) matches with the defined ESSID in the rule.
  • Name - The rule name.
  • ESSID Value - The ESSID of AP.
  • Access Role Profile - The Access Role Profile to use for the rule.
• IP Address Rule (AOS Devices only) - Defines an IP Address Access Classification Rule for the specified UNP Access Role Profile. If the source IP address of the device traffic matches the IP address defined for the rule, the specified Access Role Profile is applied.
  • IP Network Address - The IPv4 network address (e.g., 10.0.0.0, 171.15.0.0, 196.190.254.0).
  • IP Mask - An IP address mask to identify the IP subnet for the interface (supports class-less masking).
  • VLAN Tag - An optional VLAN Tag. If configured, traffic must also match this VLAN Tag in addition to the source MAC address.
  • Customer Domain ID - An optional Customer Domain ID to which this rule will apply. When a customer domain ID is configured for this rule, the rule is applied only to traffic received on UNP ports that are associated with the same domain ID. All UNP ports are automatically assigned to customer domain 0 at the time the port is configured as a UNP port.
  • Access Role Profile - Select the Access Role Profile to use for the rule.
• LLDP Rule (AOS 8.x Devices only) - Defines an LLDP rule condition for the specified Access Role Profile.
  • Name - User-configured name for the LLDP Rule.
  • Endpoint Identifier - The endpoint identifier (IP Phone, AP).
  • Access Role Profile - The Access Role Profile to use for the rule.
• MAC Rule (Both AOS Devices and APs) - Defines a MAC Address Access Classification Rule for the specified UNP Access Role Profile. If the source MAC address of the device traffic matches the MAC address defined for the rule, the specified Access Role Profile is applied. Note that when a MAC Access Classification Rule is removed or modified, all MAC addresses classified with that rule are flushed.
  • Name - User-configured name for the MAC Rule.
  • MAC Address - The MAC address to be used for the rule. If the source MAC address of the device traffic matches the MAC address defined for the rule, the specified Access Role Profile is applied.
  • VLAN Tag - An optional VLAN Tag. If configured, traffic must also match this VLAN Tag in addition to the source MAC address.
  • Customer Domain ID - An optional Customer Domain ID to which this rule will apply. When a customer domain ID is configured for this rule, the rule is applied only to traffic received on UNP ports that are associated with the same domain ID. All UNP ports are automatically assigned to customer domain 0 at the time the port is configured as a UNP port.
  • Access Role Profile - Select the Access Role Profile to use for the rule.
• MAC OUI Rule (Both AOS Devices and APs) - Defines a MAC address Organizationally Unique Identifier (OUI) classification rule for the specified Access Role Profile. If the OUI of the source MAC address of the device traffic matches the OUI defined for the rule, the specified Access Role Profile is applied to the device.
  • Name - User-configured name for the MAC OUI Rule.
  • MAC Address - The MAC OUI to be used for the rule.
  • VLAN Tag - An optional VLAN Tag. If configured, traffic must also match this VLAN Tag in addition to the source MAC OUI.
• MAC Range Rule (Both AOS Devices and APs) - Defines a MAC Address Range Access Classification Rule for the specified UNP Access Role Profile. If the source MAC address of the device traffic matches any of the MAC address within the range of MAC addresses, the specified profile is applied. Note that when a MAC Access Classification Rule is removed or modified, all MAC addresses classified with that rule are flushed.
  • MAC Low Address - MAC address that defines the low end of the range (e.g., 00:00:39:59:f1:00).
  • MAC High Address - MAC address that defines the high end of the range (e.g., 00:00:39:59:f1:90).
  • VLAN Tag - An optional VLAN Tag. If configured, traffic must also match this VLAN Tag in addition to the source MAC address.
  • Customer Domain ID - An optional Customer Domain ID to which this rule will apply. When a customer domain ID is configured for this rule, the rule is applied only to traffic received on UNP ports that are associated with the same domain ID. All UNP ports are automatically assigned to customer domain 0 at the time the port is configured as a UNP port.
  • Access Role Profile - Select the Access Role Profile to use for the rule.
• VLAN Tag Rule (AOS Devices only) - Defines a VLAN Tag for the specified Access Classification Rule. If the source VLAN Tag of the device traffic matches the VLAN Tag defined for the rule, the specified Access Role Profile is applied.
  • VLAN Tag - The VLAN Tag used for the rule.
  • Customer Domain ID - An optional Customer Domain ID to which this rule will apply. When a customer domain ID is configured for this rule, the rule is applied only to traffic received on UNP ports that are associated with the same domain ID. All UNP ports are automatically assigned to customer domain 0 at the time the port is configured as a UNP port.
  • Access Role Profile - Select the Access Role Profile to use for the rule.

Deleting an Access Classification Profile

Select a device(s)/AP Group(s) in the Access Classification Profile List and click on the Delete icon, then click OK at the confirmation prompt.