BYOD Access Strategy

The BYOD Access Strategy Screen is used to configure access attributes for BYOD users. The screen can be used to create, edit, and delete BYOD Access Strategies. There is a pre-configured Default BYOD Access Strategy that you can edit, or you can create new Guest Access Strategies (up to a maximum of 32).

Creating a BYOD Access Strategy

Click on the Add icon and complete the fields as described below. When you are finished, click on the Create button.

General

Configure redirect and authentication attributes.

• Strategy Name - Name of the BYOD access strategy.
• Redirect Strategy - Specify the captive portal page template to be used for BYOD service.
• Mode - The http protocol used to redirect the captive portal page (https/http).
• IP/FQDN - The displayed URL format for redirection to the captive portal page (FQDN).
• Current FQDN - The FQDN used for the captive portal page redirection.
• Authentication Source
• Local Database - The employee account utilized for BYOD service is stored in the local database of UPAM.
• External LDAP/AD - The employee account utilized for BYOD service is stored in an external LDAP/AD Server (configured on the UPAM – Setting - LDAP/AD Configuration Screen).
• External Radius - The employee account utilized for BYOD service is stored in the local database of UPAM.
• On-Premises LDAP - The employee account utilized for BYOD service is stored in an on-premises LDAP/AD Server (configured on the Security - Authentication Servers - LDAP Screen). If selected, a private LDAP/AD Server is used instead of one in cloud for AP authentication. In this scenario, user authentication requests are communicated directly between an AP and the LADP/AD server, and are not exposed in the public network

Registration Strategy

Configure BYOD user account attributes.

• Period Unit - Select a unit for the Account and Device Validity Periods (Days, Hours, Minutes).
• Remember Device - Specify whether to remember the device MAC addresss and make it valid after authentication success (Enabled/Disabled). If the remembered device is valid, the MAC address check will be performed first and the device allooed access without re-authentication.
• Expire Setting - Specify the rules for remembered device.
  • Never Expire - User remembered device will always be valid after authentication success.
  • Customization - Customize the valid period for the remembered devices.
    • Device Validity Period - Length of time that the guest user device is valid. Ranges and default values are shown below. (Range = 1 – 365, Default = 90, -1 = never expires)
    • Max Device Number Per Account - Maximum number of devices that can access the network with one single guest account. (Range = 1 – 10, Default = 5)

Login Strategy

Configure BYOD user login.

• Success Redirect URL:
• Go Initially URL - Redirect to the guest-user-input URL after passing authentication
• Go Fixed URL - Redirect to a fixed webpage specified by the Administrator.

Post Portal Authentication Enforcement

Configure post-authentication enforcement for BYOD users. 

• Fixed Access Role Profile - The Access Role Profile assigned to the BYOD device after it is authorized.
• Fixed Policy List - The policy List assigned to the BYOD device after it is authorized.
• Other Attributes - Select an attribute from the drop-down, enter a value and click on the Add icon to add the attribute. Repeat the process to add additional attributes.
  • Session Timeout - The Session Timeout Interval is the maximum number of consecutive seconds of connection allowed to the user before termination of the session or prompt. If not configured, the device’s default session timeout policy will take effect. (Range = 12000 - 86400, Default = 43200)
  • Accounting Interim Interval - Interval for RADIUS accounting, in seconds. If not configured, the device’s default accounting policy will take effect. (Range = 60 - 1200, Default = 600)
  • WISPr Bandwidth Max Up - The user upstream bandwidth, in kbit/s. By default, it is not limited.
  • WISPr Bandwidth Max Down - The user downstream bandwidth, in kbit/s. By default, it is not limited.

Editing a BYOD Access Strategy

Select a strategy in the Guest Access Strategy List and click on the Edit icon. Edit any fields as described above and click on the Apply button. Note that you cannot edit the Strategy Name.

Deleting a BYOD Access Strategy

Select a strategy in the Guest Access Strategy List and click on the Delete icon. Click OK at the Confirmation Prompt. You cannot delete the Default BYOD Access Strategy.