The Unified Access Unified Profile application provides unified security functions for Edge Ports and AOS WLAN Devices. In addition to device authentication and classification, you can create Access Role Profiles (similar to User Network Profiles) to configure network access controls for one or more user devices. This is achieved using both Layer 2 and Layer 3 Authentication and Classification. Layer 2 Authentication and Classification provides the initial user authentication and Access Role Profile assignment. Layer 3 Authentication and Classification can dynamically change the QoS Policy List/Role for a user already authenticated and classified into the network. Based on the Access Role Profile (UNP) into which the user is initially classified, the user may undergo Quarantine Manager and Remediation (QMR), RADIUS based MAC Check Blocklisting, and Location or Time based validations that can restrict a user's network access or assign different Policy Lists/Roles to the user.
Unified Profile is configured using the links on the left side of the screen. An overview of each configuration function is provided below.
Unified Profile provides network access and Quality of Service on a per user basis. This is achieved using both Layer 2 and Layer 3 Authentication and Classification.
Unlike regular Layer 2 bridging, all users are learned through software. The user is learned "forwarding" or "filtering" based on Layer 2 authentication mechanisms configured on the port. The authentication mechanisms supported are 802.1x and MAC based authentication. Access Classification rules can also be used to learn a user in the forwarding state if no authentication mechanism is configured. Apart from determining the forwarding or filtering state, this stage also determines the UNP and VLAN to be assigned to the user. The UNP and VLAN assigned to the user do not change. The UNP provides an initial QoS Policy list/role to be assigned to the user.
A user is first authenticated using 802.1x or MAC based authentication (MAC authentication is used only if 802.1x authentication is disabled or the user is not a supplicant.) If the user passes authentication, and the RADIUS server returns a valid UNP name, the user is mapped to that Access Role Profile (UNP name) and VLAN. The RADIUS server may also return an explicit policy list name, which overrides the policy list associated with the UNP.
If authentication is not enabled or fails, or the Authentication Server does not return a valid UNP, and classification is enabled, the user is classified based on one of the following Access Classification Rules - Port, Group ID, MAC, LLDP, Authentication Type, IP Address - and assigned a Default UNP.
Unified Profile can be configured using Workflow windows and/or Templates. Unified Profile is configured using the links on the left side of the screen.