Unified Profile Templates

Unified Profile Templates are used to configure Unified Access Profiles, which provide unified security functions for Edge Ports and AOS WLAN Devices. In addition to device authentication and classification, you can create Access Role Profiles (similar to User Network Profiles) to configure network access controls for one or more user devices. This is achieved using both Layer 2 and Layer 3 Authentication and Classification. Layer 2 Authentication and Classification provides the initial user authentication and Access Role Profile assignment. Layer 3 Authentication and Classification can dynamically change the QoS Policy List/Role for a user already authenticated and classified into the network. Based on the Access Role Profile (UNP) into which the user is initially classified, the user may undergo Quarantine Manager and Remediation (QMR), RADIUS based MAC Check Blocklisting, and Location or Time based validations that can restrict a user's network access or assign different Policy Lists/Roles to the user.

The first step in configuring Unified Profile is to configure an Access Auth Profile and assign it to ports/linkaggs on the network. You then configure Access Role Profiles and AAA Server Profiles to which a user is assigned based on the Access Auth Profile. The following links are used to access Unified Profile Templates:

• Access Auth Profile - An Access Auth Profile contains all of the UNP properties to be enabled on an Edge Port. The template can be applied to a port or linkagg to enable UNP Edge Port status and set the parameters for the authentication process for the port. The Access Auth Profile configures 802.1x and MAC authentication, Access Classification, the AAA Server Profile to be used for authentication specifying the default Access Role Profile (UNP), etc.
• Access Role Profile - Contains the various UNP properties, including the QoS Policy List attached to the UNP and Captive Portal Authentication for users assigned to into this UNP.
• AAA Server Profile - In addition to the global AAA configuration included in an Access Auth Profile, you can also create a AAA Server Profile that can be applied on a per Port/Linkagg basis. This enables you to configure different RADIUS Servers for different users on different ports and apply different RADIUS client attributes to them. AAA Server Profiles are only supported on 8.x and Wireless devices. 6.x and 7.x devices use Global AAA Configuration.
• Access Policies - Configure Location/Period Policies.
• Access Classification - Used to configure Access Role Profile Classification Rules.
• Customer Domain - Used to configure Customer Domains. Customer Domains provide an additional method for segregating device traffic. A Customer Domain is identified by a numerical ID, which can be assigned to UNP ports and Access Classification Rules.
• SPB Profile - Used to create an SBP Profile. An SPB Profile contains SBP parameters that can be mapped to an Access Role Profile.
• Far End IP - Used to create Far End IP Lists. A Far End IP List is assigned to an Access Role Profile through the mapping of VXLAN service parameters to the profile. This allows multiple far-end nodes to be associated with the service created for the VXLAN Network ID (VNID) specified in a VXLAN Profile.
• Static Service - Used to configure a Static Service Profile. This can be used to configure the mapping of an existing SPB or VXLAN service ID to an Access Role Profile.
• VXLAN Profile - Used to configure a VXLAN Profile that can be mapped to an Access Role Profile.
• Legacy Wireless Profiles - Used to create the following OAW Wireless Device Profiles: 802.1x, Authentication, MAC Authentication, and AP Group.
• Global Configuration - Used to configure global Settings, AAA, Redirect Allowed Profiles, and DHCP Option Sub-option information.