Override Services Configuration

About this task

Use this option to override the access point's captive portal server configurations at the device level. You can also override the RADIUS server, DHCP server, Bonjour Gateway Forwarding Policy, and Imagotag Policy settings.

To set or override the access point profile‘s services configuration:

Procedure

  1. Go to Configuration → Devices → Device Overrides.

    The Device Overrides screen displays. This screen lists devices within the managed network.

  2. Select an access point.

    The selected access point's configuration menu displays.

  3. Expand Profile Overrides and select Services.

    The Services configuration screen displays.

    Click to expand in new window
    Profile Overrides - Service Configuration Screen
    GUID-AFA3A810-43DE-4BB2-808F-A58EBCDE3EE4-low.png
  4. Refer to the Profile_Captive_Portal field to select or set a guest access configuration (captive portal) for use with this profile.

    Captive portals are access policies that guests temporary and restrictive access to the access point managed network.

    A captive portal is a browser-based authentication mechanism that forces unauthenticated users to a web page. Captive portals capture and re-direct a wireless user's web-browser session to a captive portal login page where the user must enter valid credentials to access the wireless network. Once logged into the captive portal, additional Acknowledgment, Agreement, Welcome, No Service and Fail customized pages enhance screen flow and user experience.

  5. Select an existing captive portal policy.
    If an existing captive portal policy does not meet your requirements, use the Create or Edit icons to create a new captive portal policy or edit an existing policy. For more information, see Captive Portal Policies.
  6. In the RADIUS Server Application Policy section select an Application policy or Purview Application policy based on the AP type. This will override the selection made in the profile context.
    For legacy WiNG 802.11ac APs, running WiNG 7.2.1 OS, select an Application policy from those listed on the screen. To create a new policy click, Create and the define the Application policy settings. For information on creating Application policies, see Create an Application Policy.

    For 802.11ax APs, running WiNG 7.1.2 or later version of the WiNG 7 OS, select a Purview Application policy. To create a new policy click, Create and the define the Application policy settings. Refer the WiNG 7.2.1 CLI Reference guide for information on Purview Application Policy.

    Use this option to enforce RADIUS change of authorization (CoA) in the profile configuration context. when enforced, successfully authenticated users are reauthenticated and the attributes of their active AAA session changed based on the rules defined by the application policy.

  7. Use the DHCP Server Policy drop-down menu to assign this device a DHCP server policy.

    Dynamic Host Configuration Protocol (DHCP) is a client-server protocol that manages IPv4 and IPv6 address assignment to network resources and mobile devices. Central to the DHCP IP address management process is the DHCP server that dynamically assigns IP addresses and related configuration information, such as gateways and subnet masks to the DHCP client.

    If an existing DHCP policy does not meet your requirements, click the Create icon to create a new policy configuration that can be applied to this profile, or click the Edit icon to modify the parameters of an existing DHCP Server policy.
  8. Use the DHCPv6 Server Policy drop-down menu assign this device a DHCPv6 server policy.

    DHCPv6 is a networking protocol for configuring IPv6 hosts with IP addresses, IP prefixes, or other configuration attributes required on an IPv6 network. DHCP in IPv6 works in with IPv6 router discovery. With the proper RA flags, DHCPv6 works like DHCP for IPv4. The central difference is the way a device identifies itself if assigning addresses manually instead of selecting addresses dynamically from a pool.

    If an existing DHCP policy for IPv6 does not meet your requirements, use the Create or Edit icons to create a new DHCPv6 server policy or edit an existing policy.
  9. Use the RADIUS Server Policy drop-down menu to select an existing RADIUS server policy to use as a user validation security mechanism with this device.
    A profile can have its own unique RADIUS server policy to authenticate users and authorize access to the network. A profile‘s RADIUS policy provides the centralized management of controller or service platform authentication data (usernames and passwords). When an client attempts to associate, an authentication request is sent to the RADIUS server.
    If an existing RADIUS policy does not meet your requirements, use the Create or Edit icons to create a new RADIUS server policy or edit an existing policy.
  10. Refer to the Bonjour Gateway field to select or set a Bonjour Gateway Forwarding Policy.

    Bonjour is Apple‘s implementation of zero-configuration networking (Zeroconf). Zeroconf is a group of technologies that include service discovery, address assignment and hostname resolution. Bonjour locates devices such as printers, other computers and services that these computers offer over a local network. Bonjour provides a general method to discover services on a LAN. It allows users to set up a network without any configuration. Services such as printers, scanners and filesharing servers can be found using Bonjour. Bonjour only works within a single broadcast domain. However, with special DNS configuration, it can be extended to find services across broadcast domains.

    Bonjour Forwarding Policy enables discovery of services on VLANs which are not visible to the device running the Bonjour Gateway. Bonjour forwarding enables forwarding of Bonjour advertisements across VLANs to enable the Bonjour Gateway device to build a list of services and the VLANs where these services are available.

  11. Use the Location Policy drop-down menu to select and apply a location policy to the controller/virtual controller. The location policy provides the ExtremeLocation server's hostname and ExtremeLocation tenant's location API key. This information is required by the controller to authenticate and authorize with the ExtremeLocation server. Use the Create or Edit icons to create a new policy or edit an existing policy.
    Note

    Note

    For information on creating location policies, see Location Policy.
  12. Refer to the Imagotag Policy field to select or set a Imagotag Policy. Use the drop-down menu to select and apply an Imagotag Policy to the AP's profile. You can use the Create to create a new policy or Edit icon to edit an existing policy. The Imagotag feature is supported only on the AP8432 model access point.
    For more information on enabling support for SES-imagotag‘s ESL tags on AP8432 APs with USB interfaces, see Setting the Imagotag Policy.
  13. Select OK to save services configuration overrides.

    Select Reset to revert to the last saved configuration.