Global Configuration - Setting

The Unified Profile Global Configuration Setting Screen displays all configured Access Guardian Global configurations and used to create, clone, edit, delete, and assign Unified Profile Global configurations. This Global Configuration can be assigned and automatically applied to all UNP ports which have not been assigned an Access Authentication Profile.

Creating a Global Configuration

Click on the Add icon. Enter a Global Config Name and configure it as described below, then click on the Create button. When you are finished, select the checkbox next to the profile and click on the Apply to Devices button to assign the configuration to switches/wireless devices on the network.

Global Configuration Attributes

• Redirect Pause Timer - Configures the global pause timer value, in seconds, for the switch. Use this command to configure the amount of time the switch filters traffic from a non-supplicant (non-802.1X device) on a UNP port. This is done to allow enough time for the switch to clear the authentication state of the non-supplicant, at which time the device is re-authenticated. The pause timer is triggered when a COA request is received that requires a VLAN change for a non-supplicant (non-802.1X device) and the port bounce action is not triggered for the device. (Range = 60 – 65535, Default = 0)
• Auth Server Down Timeout - The authentication server down timer value, in seconds. When the timer runs out for a particular device, the switch clears the device from the Auth Server Down Access Role Profile and triggers another authentication attempt for that device. If authentication fails again, the device is classified back into the Auth Server Down Access Role Profile. The switch will repeat this process until the device authentication is completed. (Range = 10 to 1000, Default = 60)
• Redirect Port Bounce - Enables/Disables Port Bounce. This feature is required to handle scenarios where a client is switched from one VLAN to other after a Change of Authorization (COA) request. If port bounce is enabled, the port will be administratively put down. This is to trigger DHCP renewal and re-authentication, if necessary. (Default = Enabled, always "Enabled" on wireless devices)
• UNP Dynamic VLAN Configuration - Enables/Disables UNP Dynamic VLAN configuration when assigning Access Role Profiles to 8.x Devices running AOS 8.6R1 and higher.
• Auto-Create Dynamic VLANs on Switch Reload - Enables/Disables Dynamic UNP VLAN configuration when assigning Access Role Profiles to 6.x Devices running AOS 6.7R08 and higher.
• Auth Server Down Access Role Profile - The configuration can include an Authentication Server Down Access Role Profile. This is the profile to which a device is classified if MAC or 802.1X authentication fails because the RADIUS-capable server is unreachable. If necessary, you can also click the Add icon to go to the Access Role Profile Screen to create a new profile to include in the Global Configuration.
• Redirect Proxy Server Port - The HTTP proxy port number to use for redirection to UPAM or the CPPM Server.
• Redirect Server IP - The IP address used for redirection of HTTP traffic to UPAM or the CPPM Server. Specify the address that is associated with the dynamic URL returned from UPAM or the CPPM Server.

Cloning a Global Setting Profile

You can clone an existing profile and edit it to quickly create a new profile. Select a profile in the Setting List and click on the Clone button. Enter a new Global Config Name, edit the fields as necessary and click on the Clone button. After creating the profile, assign the profile to network devices.

Assigning a Global Setting Profile

Select a profile in the Setting List and click on the Apply to Devices button. Click on on the Devices ADD button and/or the AP Group ADD button to select devices. The device(s) will appear in the List of Selected Devices. If necessary, click on the Devices EDIT button and/or the AP Group EDIT button to add/remove devices from the list. When you are finished, click on the Apply button.

Editing a Global Configuration

Select the configuration on the Global Configuration Setting Screen and click on the Edit icon to bring up the Edit Global Configuration Setting. Edit the fields as described above then click on the Apply button.

• If the edited configuration has not yet been assigned to switches/wireless devices, the update will be applied and the status displayed. Click OK to return to the Global Configuration Setting Screen. If you want to assign the configuration to network switches/wireless devices, select the configuration on the Global Configuration Setting Screen and click on the Apply to Devices button to assign the configuration to switches/wireless switch on the network.
• If the edited configuration has already been assigned to switches/wireless devices, the Update Global Configuration confirmation prompt will appear (you can click on Devices to view the switches/wireless devices). Click on the Process button. The update will be applied and the status displayed. Click OK to return to the Global Configuration Setting Screen.

Note: You cannot edit a Global Configuration Name.

Deleting a Global Configuration

Select the configuration in the Global Configuration Setting Screen, click on the Delete icon, then click OK at the confirmation prompt.

• If the configuration has not yet been assigned to switches/wireless devices, the update will be applied and the status displayed. Click OK to return to the Global Configuration Setting Screen.
• If the configuration has already been assigned to switches/wireless devices, the Delete Global Configuration Setting confirmation prompt will appear (you can click on Devices to view the switches/wireless devices). Click on the Process button. The update will be applied and the status displayed. Click OK to return to the Global Configuration Setting Screen.

Removing a Global Configuration From a Switch

To remove a Global Configuration from a switch, select the configuration in the table and click on the Apply To Devices button. The switches/wireless devices to which the configuration has been assigned will appear in the Assigned Switches area. Remove the switch(es)/wireless device(s) from the right-hand column and click OK. Click the Apply button. The configuration will be applied and the assignment status displayed. Click OK to return to the Global Configuration Setting Screen.