Profile Services Configuration
A profile can contain specific guest access
(captive portal) server configurations. These guest network access permissions can
be defined uniquely as profile requirements dictate.
Before defining a profile‘s captive portal and DHCP configuration, refer to the
following deployment guidelines to ensure the profile configuration is optimally
effective:
- A profile plan should consider the number of wireless clients allowed on the
profile‘s guest (captive portal) network and the services provided, or if
the profile should support guest access at all.
- Profile configurations supporting a captive portal should include firewall
policies to ensure logical separation is provided between guest and internal
networks so internal networks and hosts are not reachable from guest
devices.
- DHCP‘s lack of an authentication mechanism means a DHCP server supported
profile cannot check if a client or user is authorized to use a given user
class. This introduces a vulnerability when using user class options. Ensure
a profile using DHCP resources is also provisioned with a strong user
authorization and validation configuration.
To define a profile‘s services configuration:
-
Select .
-
Refer to the Captive Portal Hosting field to select or set
a guest access configuration (captive portal) for use with this profile.
A captive portal is guest access policy for providing guests temporary and
restrictive access to the access point managed network.
A captive portal provides secure authenticated access using a standard Web
browser. Captive portals provides authenticated access by capturing and
re-directing a wireless user's Web browser session to a captive portal login
page where the user must enter valid credentials to access to the wireless
network. Once logged into the captive portal, additional Agreement, Welcome
and Fail pages provide the administrator with a number of options on screen
flow and user appearance.
-
Select an existing captive portal policy, use the default captive portal policy
or select the Create link to create a new captive portal
configuration that can be applied to this profile.
-
Refer to the Bonjour Gateway field to select or set a
Bonjour Gateway Forwarding Policy.
Bonjour is Apple‘s implementation of zero-configuration networking (Zeroconf).
Zeroconf is a group of technologies that include service discovery, address
assignment and hostname resolution. Bonjour locates devices such as printers,
other computers and services that these computers offer over a local
network.
Bonjour Forwarding Policy enables discovery of services on VLANs
which are not visible to the device running the Bonjour Gateway. Bonjour
forwarding enables forwarding of Bonjour advertisements across VLANs to
enable the Bonjour Gateway device to build a list of services and the VLANs
where these services are available.
-
Refer to the Imagotag Policy field to
select or set a Imagotag Policy. Use the drop-down menu to select and apply an
Imagotag Policy to the AP's profile. You can use the
Create to create a new policy or
Edit icon to edit an exisiting policy. The Imagotag
feature is supported only on the AP 8432 model access point.
-
Select OK to save the changes made to the profile‘s
services configuration. Select Reset to revert to the
last saved configuration.