Overriding a Management Configuration

About this task

Controllers and service platforms have mechanisms to allow or deny management access to the network for separate interfaces and protocols: HTTP, HTTPS, Telnet, SSH, and SNMP.

These management access configurations can be applied strategically to profiles as resource permissions dictate for the profile. Additionally, overrides can be applied to customize a device‘s management configuration, if deployment requirements change and a device's configuration must be modified from its original device profile configuration.

Additionally, an administrator can define a profile with unique configuration file and device firmware upgrade support. In a clustered environment, these operations can be performed on one cluster member, then propagated to each member of the cluster and onwards to devices managed by each cluster member.

To define or override a profile‘s management configuration:

Procedure

  1. Select Configuration → Devices from the web UI.
    The Device Configuration screen displays a list of managed devices or peer controllers, service platforms, or access points.
  2. Select a target device in the lower left-hand side of the UI.
    You can also select a target device by double-clicking it in the list in the Device Configuration screen.
  3. Go to Profile Overrides → Management.
    Note

    Note

    A blue override icon (to the left of a parameter) defines the parameter as having an override applied. To remove an override go to the Basic Configuration section of the device and click Clear Overrides. This removes all overrides from the device.
    Click to expand in new window
    Device Overrides - Management Settings Screen
    GUID-9676872D-6C9B-491D-96C9-168AB3238494-low.png
  4. Refer to the Management Policy field to set or override a management configuration for this profile.
    A default management policy is also available if no existing policies are usable.

    Use the drop-down menu to select an existing management policy to apply to this profile. If there are no management policies that meet the data access requirements of this profile, click the Create icon to access screens used to define administration, access control, and SNMP configurations. Alternatively, select an existing policy and click the Edit icon to modify the configuration of an existing management policy. For more information, see Viewing Management Access Policies.

  5. Refer to the Message Logging field to define how the profile logs system events.
    It is important to log individual events to discern an overall pattern that might be negatively impacting performance.
    Enable Message Logging Select this option to enable the profile to log system events to a log file or a syslog server. Selecting this check box enables the rest of the parameters required to define the profile‘s logging configuration. This option is disabled by default.
    Remote Logging Host

    Use this table to define numerical (non DNS) IP addresses for up to three external resources where logged system events can be sent on behalf of the profile. Select the Delete icon as needed to remove an IP address.
    Facility to Send Log Messages Use the drop-down menu to specify the local server (if used) for profile event log transfers
    System Logging Level Event severity coincides with the syslog logging level defined for the profile. Assign a numeric identifier to log events based on criticality. Severity levels include 0 - Emergency, 1 - Alert, 2 - Critical, 3 - Errors, 4 - Warning, 5 - Notice, 6 - Info and 7 - Debug. The default logging level is 4.
    Console Logging Level Event severity coincides with the syslog logging level defined for the profile. Assign a numeric identifier to log events based on criticality. Severity levels include 0 - Emergency, 1 - Alert, 2 - Critical, 3 - Errors, 4 - Warning, 5 - Notice, 6 - Info and 7 - Debug. The default logging level is 4.
    Buffered Logging Level Event severity coincides with the syslog logging level defined for the profile. Assign a numeric identifier to log events based on criticality. Severity levels include 0 - Emergency, 1 - Alert, 2 - Critical, 3 - Errors, 4 - Warning, 5 - Notice, 6 - Info and 7 - Debug. The default logging level is 4.
    Time to Aggregate Repeated Messages Define the increment (or interval) system events are logged on behalf of the profile. The shorter the interval, the sooner the event is logged. Either define an interval in seconds (0 - 60) or minutes (0 -1). The default value is 0 seconds.
    Forward Logs to Controller Select this option to define a log level for forwarding event logs to the control. Log levels include Emergency, Alert, Critical, Error, Warning, Notice, Info and Debug. The default logging level is Error.
  6. Refer to the System Event Messages field to define or override how controller or service platform system messages are logged and forwarded on behalf of the profile.
    1. Select an Event System Policy from the drop-down menu.
      If an appropriate policy does not exist, click Create to make a new policy.
    2. Select Enable System Events to allow the profile to capture system events and append them to a log file.
      It is important to log individual events to discern an overall pattern that may be negatively impacting controller or service platform performance. This setting is enabled by default.
    3. Select Enable System Event Forwarding to forward system events to another controller, service platform or cluster member.
      This setting is enabled by default.
  7. Refer to the Events E-mail Notification field to define or override how system event notification emails are sent.
    SMTP Server Specify either the hostname or IP address of the outgoing SMTP server where notification emails are originated. Hostnames cannot include an underscore character.
    Port of SMTP If a non-standard SMTP port is used on the outgoing SMTP server, select this option and specify a port from 1 - 65,535 for the outgoing SMTP server to use.
    Sender E-mail Address Specify the email address from which notification email is originated. This is the from address on notification email.
    Recipient's E-mail Address

    Specify up to 6 email addresses to be the recipients of event email notifications.
    Username for SMTP Server Specify the username of the sender on the outgoing SMTP server. Many SMTP servers require users to authenticate with an username and password before sending email through the server.
    Password for SMTP Server Specify password associated with the username of the sender on the outgoing SMTP server. Many SMTP servers require users to authenticate with an username and password before sending email through the server.
  8. In the Persist Configuration Across Reloads field, use the Configure drop-down menu to define whether configuration overrides should persist when the device configuration is reloaded.
    Options include Enabled, Disabled, and Secure.
  9. Refer to the HTTP Analytics field to define analytic compression settings and update intervals.
    Compress Select this option to use data compression to when sending updates to the controller. This option is disabled by default.
    Update Interval

    Define an interval in either seconds (1 - 3,600), minutes (1 - 60), or hours (1) for pushing buffered packets. The default setting is 1 minute.
  10. Refer to the External Analytics Engine section to define or override analytics engine login information for an external host.
    The Guest Access & Analytics software module is a site-wide Enterprise License available only on service platforms. When a customer visits a store, they connect to the Wireless LAN via guest access using a mobile device. The user needs to authenticate only on their first visit, and will automatically connect to the network for subsequent visits. The Analytics module helps gather data about customer behavior such as web sites visited, search terms used, mobile device types, number of new users vs. repeat users. This data provides a better understanding of pricing strategies and promotions being run by competitors. The data can be exported for additional in-depth analysis.
    Controller Select this option to provide service platform analytics to a local device. This setting is enabled by default.
    URL When using an external analytics engine with an NX 9000 series service platform, enter the IP address or uniform resource locator (URL) for the system providing external analytics functions.
    User Name Enter the user name needed to access the external analytics engine.
    Password Enter the password associated with the username on the external analytics engine.
    Update Interval Set the interval in either seconds (1 - 3,600), minutes (1 - 60), or hours (1) to forward buffered information to an external server resource, even when the buffers are not full. The default setting is 1 minute.
  11. Click OK to save the changes and overrides made to the profile‘s management settings.
    Click Reset to revert to the last saved configuration.
  12. Select the Firmware tab from the Management menu.
    Click to expand in new window
    Profile Overrides - Management Firmware Screen
    GUID-52A5D756-3ADF-4E20-B4F2-C670BBC25927-low.png
  13. Refer to the Auto Install via DHCP Option field to configure automatic configuration file and firmware updates.
    Enable Configuration Update

    Select this option from within the Automatic Configuration Update field to enable automatic profile configuration file updates from an external location.

    If this option is enabled (it is disabled by default), provide a complete path to the target configuration file used in the update.
    Enable Firmware Update Select this option to enable automatic firmware updates for this profile from a user-defined remote location. This value is disabled by default.
    Start Time (minutes) Set the number of minutes to delay the start of an auto upgrade operation. Stagger the start of an upgrade operation as needed in respect to allowing an access point to complete its current client support activity before being rendered offline during the update operation. The default setting is 10 minutes.
  14. Refer to the parameters in the Legacy Device Firmware Management to set legacy access point firmware provisions:
    Migration Firmware from AP71xx 4.x path Provide a path to a firmware image used to provision AP71XX model access points currently using a 4.x version legacy firmware file. When a valid path is provided, the update is enabled to the version maintained locally for AP71XX models.
    Legacy AP650 Auto Update Select this option to provision AP650 model access points from their legacy firmware versions to the version maintained locally for that model. This setting is enabled by default, making updates to AP650 models automatic if a newer AP650 image is maintained locally.
  15. Use the parameters in the Automatic Adopted AP Firmware Upgrade section to define an automatic firmware upgrade from a local file.
    Enable Configuration Update of Device Firmware

    Select the device model to upgrade using the most recent firmware file on the controller, service platform or Virtual Controller AP. This parameter is enabled by default. Select All to update all the listed device types.
    Number of Concurrent Upgrades Use the spinner control to define the maximum number (1 - 128) of adopted APs that can receive a firmware upgrade at the same time. The default value is 10. Keep in mind that during a firmware upgrade, the access point is offline and unable to perform its normal client support role until the upgrade process is complete.
  16. Select Persist AP Images on Controller, in the Firmware Persistence for Adopted Devices field, to enable the RF domain manager to retain and store the new image of an access point selected for a firmware update.
    The image is stored on the RF domain manager only when there is enough space to accommodate it. The upgrade sequence is different depending on whether the designated RF domain manager is a controller/service platform or an access point.
    • When the RF domain manager is an access point - The NOC uploads a provisions an access point model‘s firmware on to the access point RF domain manager. The NOC initiates an auto-update for access points using that model‘s firmware. If the Persist Image on Controller option is selected, the RF domain manager retains the image for that model. The NOC then provisions the firmware of the next access point type to the RF domain manager. The auto-update process is then repeated for that model. Once all the selected models have been updated, the RF domain manager‘s model is updated last.
    • When the RF domain manager is a controller or service platform - The NOC adopts controllers to the NOC‘s cluster within its RF domain. The NOC triggers an update on active controllers or service platforms and reboots them as soon as the update is complete. As soon as the active nodes come back u the NOC triggers an update on standby controllers or service platforms and reboots them as soon as the update is complete. When the standby controllers or service platforms come back up the following conditions apply:
      • If the reboot is not scheduled, the access points adopted to RF domain members are not updated. It is expected that the controllers and service platforms have auto-upgrade enabled which will update the access points when re-adopted.
      • If the reboot is scheduled, the NOC pushes the first access point model‘s firmware to the RF domain manager. The NOC initiates an access point upgrade on all access points on the RF domain manager for that model. If the Persist Image on Controller option is selected, the RF domain manager retains the image for that model. The NOC then provisions the firmware of the next access point type to the RF domain manager. This process is repeated until each selected access point model is updated.

    The Firmware Persistence feature is enabled for all controller and service platform RF domain managers with the flash memory capacity to store firmware images for the selected access point models they provision. This feature is disabled for access point RF Domain managers that do not typically have the flash memory capacity needed.

  17. Click OK to save the changes and overrides made to the profile‘s management firmware configuration.
    Click Reset to revert to the last saved configuration.
  18. Select Heartbeat from the Management menu.
    Click to expand in new window
    Device Overrides - Management Heartbeat Screen
    GUID-E4E0D8E1-7E8E-49C0-B7EA-21B7F1CE9380-low.png
  19. Select the Service Watchdog option to implement heartbeat messages.
    This ensures that associated devices are up and running and can interoperate effectively. The Service Watchdog is enabled by default.
  20. Click OK to save the changes and overrides made to the profile‘s configuration.
    Click Reset to revert to the last saved configuration.
9036512-00 Rev AA