Company Property

The Authentication Company Property Screen displays information on devices owned by a company that can be assigned to an employee for daily use (e.g., printers, IP phones, laptops, tablets), and is used to create, edit, and delete property information. If a device is configured as a Device Specific PSK device, you can also print out a PSK Passphrase or QR Code for a user to enable them to log into the network.

Creating a Company Property List Entry

Click on the Add icon to bring up the Create Company Property Screen. Complete the fields as described below, then click on the Create button to add a device. Note that you can also add multiple devices at once by importing the information in an Excel or CSV file.

• Device MAC - MAC address of the company device.
• Device Name - System name of the company device.
• Employee Account - The employee account to which the company device is associated.
• Device Category - Category of the company device:
• Computer
• Mobile
• Tablet
• Game console
• Digital media receiver
• Others
• Device Family - Production vendor of the company device:
• Alcatel-Lucent Enterprise
• Apple
• Samsung
• Huawei
• Microsoft
• LG
• Lenovo
• HP
• IBM
• Nokia
• MI
• HTC
• Sony
• Blackberry
• Others
• Device OS - Operation system of the company device:
• Linux
• Windows
• MacOS
• Android
• IOS
• Others
• Enable Device Specific PSK - Enables/Disables Device Specific PSK. Device Specific PSK provides more security than traditional PSK. If Device Specific PSK is enabled on a wireless network and a device is configured for Device Specific PSK, when the AAA Server sends the Radius Access Accept for MAC Authentication for the device, it will also send the specific pre-shared key for that device, differentiated by the device's MAC Address. This means that each device will have a different key. If enabled:
  • Device Specific Passphrase - The Device Specific Passphrase. Click on the View icon to the right to view the passprhase as you type.
  • Device Specific Passphrase Retype- Re-enter the passphrase.
  • Passphrase Generation - Click on the Generate button to automatically generate a passphrase for the device. The passphrase will be entered in the Device Specific Passphrase fields. Click on the View icon to the right to view the passphrase.
  • Device Specific Passphrase Validity Period - Select the duration for the Device Specific Passphrase from the drop-down (e.g., Always, 6 Weeks, 3 Months). You can also select "Specific Date" and configure a specific date and time for the validity period to expire. If you change your mind and want to return to the drop-down menu, click on the "Fixed Period" button.

  Note: Device Specific PSK must be enabled on a wireless network as well as the device. Device Specific PSK is enabled on either the WLAN - SSIDs Screen or the WLAN - Service (Expert) Screen.

• Access Role Profile - Access Role Profile that is bound to the company device. It is prior to the ARP configured in authentication strategy.
• Policy List - Policy List that is bound to the company device. It is prior to the policy list configured in authentication strategy.
• Other Attributes - Select an attribute from the drop-down, enter a value and click on the Add icon to add the attribute. Repeat the process to add additional attributes.
  • Session Timeout - The Session Timeout Interval is the maximum number of consecutive seconds of connection allowed to the user before termination of the session or prompt. If not configured, the device’s default session timeout policy will take effect. (Range = 12000 - 86400, Default =43200)
  • Accounting Interim Interval - Interval for RADIUS accounting, in seconds. If not configured, the device’s default accounting policy will take effect. (Range = 60 - 1200, Default = 600)
  • WISPr Bandwidth Max Up - The user upstream bandwidth, in kbit/s. By default, it is not limited.
  • WISPr Bandwidth Max Down - The user downstream bandwidth, in kbit/s. By default, it is not limited.

Note: You can automatically import a xls/csv/xlsx file containing Company Property information by clicking on the Import button at the top of the screen. You can also download a template by clicking on the Import button then clicking on the Template Download button.

Importing Multiple Devices

You can add multiple devices at once to the Company Property list by importing the devices in an Excel or CSV File. Click on the Import button at the top of the screen. The Import File Window will appear. Click on the Browse button to locate the Excel or CSV File, then click on Import. The devices in the file will be populated in the Company Properties List.

You can download an Excel or CSV Template that you can use to create an import file. Click on the Import button at the top of the screen. The Import File Window will appear. Click on the Template button to download a Zip File containing an Excel Template File and a CSV Template File. Use the template file to create a list of devices that you can import into the Company Property List.

Editing a Company Property Entry

Select an employee account in the Company Property List and click on the Edit icon. Edit the field(s) as described above, and click on the Apply button. Note that you cannot edit a Device MAC address.

Deleting a Company Property Entry

Select an employee account in the Company Property List and click on the Delete icon. Click OK at the Confirmation Prompt.

Printing a PSK Passphrase or QR Code

If a device in the Company Property List has Device Specific PSK enabled, you can print the PSK Passphrase or a QR Code version of the Passphrase to give to a user to enable them to log into the network. Select a device(s) in the Company Property List and click on one of the buttons at the top of the screen:

• Print PSK - Prints the PSK Passphrase.
• Print QR Code - Prints a QR Code version of the PSK Passphrase that the user can scan to obtain the Passphrase.

Company Property List

The Company Property List displays information about company property that can be assigned to employees. The Online Devices List displays information about devices associated with an Employee account that have been authenticated and accessed the network.

Company Property

The Company Property List displays information about company property that can be assigned to employees.

• Employee Account - The employee account to which the company device is associated.
• Device MAC - The MAC address of the company device.
• Device Name - The system name of the company device.
• Device Category - The category of the company device (e.g., Computer, Mobile Tablet).
• Device Family - The Production vendor of the company device (e.g., Alcatel Lucent Enterprise, Apple IBM).
• Device OS - The operating system of the company device (e.g., Linux, Windows, IOS).
• Enable Device Specific PSK - The administrative status of Device Specific PSK for the device (Enabled/Disabled). If you click on a row to bring up detailed information, you can click on the view icon next to the Device Specific Passphrase field to view the passphrase.
• Effective Date - The date and time the company device information was first entered.
• Last Authentication Time - The date and time the company device was last authenticated. 
• Last Access Location - The date and time the company device last accessed the network.
• Status - The operational status of the device (Online/Offline).
• Access Role Profile - Access Role Profile that is bound to the company device. It is prior to the ARP configured in authentication strategy.
• Policy List - Policy List that is bound to the company device. It is prior to the policy list configured in authentication strategy.

Online Devices

The Online Devices List displays information about devices assiciated with an Employee account that have accessed the network. You can also select a device(s) in the list and click on the Kick Off button to immediately log the user out of the network. The user will have to log in again to connect to the network again.

• Account Name - The employee account to which the company device is associated.
• Client IPv4 - The IPv4 address of the client of the user device requesting authentication. Note that IP addresses are displayed only if they are known at the time the RADIUS Accounting packets are sent/received. For MAC Authentication, the Accounting Start packets typically do not contain client IP addresses.
• Client IPv6 - The IPv6 address of the client of the user device requesting authentication. Note that IP addresses are displayed only if they are known at the time the RADIUS Accounting packets are sent/received. For MAC Authentication, the Accounting Start packets typically do not contain client IP addresses.
• Device MAC - MAC address of the company device.
• Session Start - The time when the user passed authentication and a connection session was created.
• Session Stop - The time when the connection session ended.
• Acct Status Type - Indicates whether this Accounting-Request marks the beginning of the user service (Start) or the end (Stop). Values: Start (1), Stop (2), Interim-Update (3), Accounting-On (7) Accounting-Off (8).
• Acct Terminate Cause - Indicates how the session was terminated, and can only be present in Accounting-Request records where the Acct-Status-Type is set to Stop.
  • 1 - User Request: User logout.
  • 4 - Idle Timeout: User activity logout (only applicable for MAC based or Captive Portal users).
  • 6 - Admin Reset: Operator logout/flush operation.
  • 7 - Admin Reboot: Operator reboot operation.
  • 8 - Port Error: Port down, NI down.
  • 9 - NAS-Error: Any software notification that the user is no longer authenticated.
• Acct Session Time - Indicates how many seconds the user has received service, and can only be present in Accounting-Request records where the Acct Status Type is set to Stop.
• Session Timeout Interval - The maximum number of seconds of service provided prior to session termination.
• Account Session ID - Unique Accounting ID that makes it easy to match start and stop records in a log file. The start and stop records for a given session MUST have the same Acct Session ID.
• Acct Interim Interval - The number of seconds between each interim update, in seconds, for this specific session.
• Final Access Role Profile - The Access Role Profile assigned by NAS in effect on the user device, but it is not Access Role Profile returned by UPAM.
• Tunnel Private Group ID - Used to support the legacy VLAN assignment from RADIUS (ID = VLAN ID).
• Authentication Method - The method used to authenticate the device (e.g., EAP-PEAP).
• Access Device SSID - The wireless service broadcast by the NAS and connected by user device (only valid for wireless access).
• Access Device Location - The location of the NAS.
• Access Device Name - The system name of the NAS to which the user device is attached.
• Auth Resource - The user profile database used in authentication (e.g., None, Local Database, LDAP/AD, external RADIUS server); can refer to the authentication strategy definition.
• Access Device MAC - The MAC address of the NAS to which the user device is attached.
• Called Station ID - Allows the NAS to send the phone number the user called, using Dialed Number Identification (DNIS) or similar technology inside the Access-Request packet:
  • For Switch - Switch MAC Address.
  • For AP - radio_MAC_address:SSID_NAME.
• NAS Port Type - The type of physical port type of the NAS authenticating the user:
  • Wireless-IEEE 802.11
  • Ethernet.
• NAS IP Address - The identifying IP Address of the NAS.
• NAS Port - The physical port number of the NAS authenticating the user.
  • For Switch - if index
  • For AP - Wireless radio index.
• Authentication Type - The authentication type from the user requesting authentication (MAC authentication, 802.1x authentication, and Captive Portal authentication).
• Framed MTU - The Maximum Transmission Unit to be configured for the user when it is not negotiated by some other means (e.g., PPP). It is a fixed value = 1400.
• NAS ID - The NAS identifier, identify the NAS originating the Access-Request. (The attribute can be configured in Unified Access - Unified Profile – Template - AAA Server Profile.)
• Access Role Profile - The Access Role Profile that is bound to the employee account. It is prior to the Access Role Profile configured in Authentication Strategy.
• Policy List - The Policy List that is bound to the employee account. It is prior to the Policy List configured in an Authentication Strategy.
• Slot/Port - The slot/port number on the switch to which the device is connected (only for wired access).
• Port Desc/WLAN Service
  • For Switch - if index
  • For AP - Wireless radio index.
• NAS Port ID - The NAS authenticating the user (the attribute can be configured in Unified Access - Unified Profile – Template - AAA Server Profile):
  • For Switch - chassis/slot/port
  • For AP - WLAN service.
• Access Policy - The name of the Access Policy for the user.
• Authentication Strategy - The name of the Authentication Strategy for the user.
• Termination Action - Fixed with “Radius-Request”. When the session is timed out, the user needs to be re-authenticated.
• Upstream Bandwidth - Device upstream bandwidth, in kbit/s.
• Downstream Bandwidth - Device downstream bandwidth, in kbit/s.
• Acct Input Packets - Indicates how many packets have been received from the port over the course of this service being provided to a Framed User, and can only be present in Accounting-Request records where the Acct-Status-Type is set to "Stop".
• Acct Output Packets - Indicates how many packets have been sent to the port in the course of delivering this service to a Framed User, and can only be present in Accounting-Request records where the Acct-Status-Type is set to "Stop"..
• Acct Input Octets - Indicates how many octets have been received from the port over the course of this service being provided, and can only be present in Accounting-Request records where the Acct-Status-Type is set to "Stop".
• Acct Output Octets - Indicates how many octets have been sent to the port in the course of delivering this service, and can only be present in Accounting-Request records where the Acct-Status-Type is set to "Stop".
• Acct Input Gigawords - Indicates how many gigawords have been received from the port over the course of this service being provided, and can only be present in Accounting-Request records where the Acct-Status-Type is set to "Stop".
• Acct Output Gigawords - Indicates how many gigawords have been sent to the port in the course of delivering this service, and can only be present in Accounting-Request records where the Acct-Status-Type is set to "Stop".
• Acct Multi-Session ID - A unique Accounting ID to make it easy to link together multiple related sessions in a log file. 
• Roaming Information - Client roaming historical information (indicates the client roamed a path from AP to AP).
• Web Access Strategy - Guest Strategy or BYOD Strategy.
• Access AP Group - AP Group through which the user accesses the network.