use (profile/device-config-mode-commands)

Profile Config Commands

Associates existing policies with this profile. This command is also applicable to the device configuration mode.

Supported in the following platforms:

Syntax Profiles Mode

use [auto-provisioning-policy|bonjour-gw-forwarding-policy|bonjour-gw-query-forwarding-policy|captive-portal|client-identity-group|crypto-cmp-policy| database-client-policy|dhcp-server-policy|dhcpv6-server-policy| event-system-policy|firewall-policy|global-association-list|guest-management|ip-access-list|ipv6-access-list|iot-device-type-imagotag-policy|location-policy|management-policy| netflow-policy||radius-server-policy|role-policy|routing-policy|web-filter-policy] <POLICY-NAME>
use ip/ipv6-access-list <IP/IPv6-ACL-NAME> traffic-shape class <1-4>

Syntax Device Mode

use [auto-provisioning-policy|bonjour-gw-forwarding-policy|bonjour-gw-query-forwarding-policy|captive-portal|client-identity-group|crypto-cmp-policy| database-client-policy|database-policy|dhcp-server-policy|dhcpv6-server-policy| enterprise-ui|event-system-policy|firewall-policy|global-association-list| guest-management|iot-device-type-imagotag-policyip-access-list|ipv6-access-list|license|location-policy| management-policy|netflow-policy|nsight-policy|profile|radius-server-policy|rf-domain| role-policy|routing-policy|rtl-server-policy|sensor-policy|web-filter-policy| wips-policy] <POLICY-NAME>
Note

Note

The following tables contain the ‘use‘ command parameters for the Profile and Device configuration modes.

Parameters Profiles Mode

use [auto-provisioning-policy|bonjour-gw-forwarding-policy|bonjour-gw-query-forwarding-policy|
captive-portal|client-identity-group|crypto-cmp-policy|database-client-policy|
dhcp-server-policy|dhcpv6-server-policy|event-system-policy|firewall-policy|
global-association-list|guest-management|iot-device-type-imagotag-policy|ip-access-list|
ipv6-access-list|management-policy|netflow-policy|radius-server-policy|role-policy|routing-policy|
web-filter-policy] <POLICY-NAME>
use Associates the specified policies with this profile

The specified policies should be existing and configured.
auto-provisioning-policy <POLICY-NAME> Associates an auto provisioning policy
  • <POLICY-NAME> – Specify the auto provisioning policy name.
bonjour-gw-forwarding-policy <POLICY-NAME> Uses an existing Bonjour GW Forwarding policy with a profile or device
  • <POLICY-NAME> – Specify the Bonjour GW Forwarding policy name (should be existing and configured).

For more information on Bonjour GW Forwarding policy, see bonjour-gw-forwarding-policy.
bonjour-gw-query-forwarding-policy <POLICY-NAME> Uses an existing Bonjour GW Query Forwarding policy with a profile or device
  • <POLICY-NAME> – Specify the Bonjour GW Query Forwarding policy name (should be existing and configured).
captive-portal server <CAPTIVE-PORTAL> Configures access to a specified captive portal with this profile
  • <CAPTIVE-PORTAL> – Specify the captive portal name.
client-identity-identity-group <CLIENT-IDENTITY-GROUP-NAME> Associates an existing client identity group with this profile
  • <CLIENT-IDENTITY-GROUP-NAME> – Specify the client identity group name.

For more information on the ‘client-identity‘ and ‘client-identity-group‘ commands, see client-identity and client-identity-group.
crypto-cmp-policy <POLICY-NAME> Associates an existing crypto certificate management protocol (CMP) policy with this profile
  • <POLICY-NAME> – Specify the CMP policy name.

For more information on configuring a crypto CMP policy, see Crypto-CMP Policy.
database-client-policy <POLICY-NAME> Associates an existing database client policy with a profile
  • <POLICY-NAME> – Specify the policy name (should be existing and configured).

For more information on database client policy, see database-client-policy global-config.

Applicable only to the NX9500, NX9600, and VX9000 model service platforms.
dhcp-server-policy <DHCP-POLICY> Associates a DHCP server policy
  • <DHCP-POLICY> – Specify the DHCP server policy name.
dhcpv6-server-policy <DHCPv6-POLICY> Associates a DHCPv6 server policy
  • <DHCPv6-POLICY> – Specify the DHCPv6 server policy name.
event-system-policy <EVENT-SYSTEM-POLICY> Associates an event system policy
  • <EVENT-SYSTEM-POLICY> – Specify the event system policy name.
firewall-policy <FW-POLICY> Associates a firewall policy
  • <FW-POLICY> – Specify the firewall policy name.
global-association-list server <GLOBAL-ASSOC-LIST-NAME> Associates the specified global association list with the controller profile
  • <GLOBAL-ASSOC-LIST-NAME> – Specify the global association list name.

Once associated, the controller, using this profile, applies this association list to requests received from all adopted APs. For more information on global association list, see global-association-list.
guest-management <GUEST-MANAGEMENT-POLICY-NAME> Associates the specified guest management policy with the controller profile
  • <GUEST-MANAGEMENT-POLICY-NAME> – Specify the guest management policy name (should be existing and configured).
iot-device-type-imagotag-policy <POLICY-NAME> Associates an IoT Imago Tag policy to an AP‘s profile or device context.
  • <POLICY-NAME> – Specify the policy name. When associated, the policy enables support for SES-imagotag‘s ESL (Electronic Shelf Label) tags and communicator on WiNG APs with USB interfaces. This feature is supported only on AP8432 model access points.
ip/ipv6-access-list <IP/IPv6-ACL-NAME> traffic-shape class <1-4> Associates an IP and/or IPv6 ACL with this profile and applies it as a firewall for the selected traffic-shape class
  • <IP/IPv6-ACL-NAME> – Specify the IP/IPv6 ACL name (should be existing and configured)
    • traffic-shape class <1-4> – Selects the traffic-shape class to apply the above specified IP/IPv6 ACL

      <1-4> – Select the traffic-shape class from 1 - 4.
location-policy <POLICY-NAME> Associates a location policy to the device profile. The Location policy is a means to upload site hierarchy to the ExtremeLocation server through the WiNG controller (NOC, standalone APs, virtual controllers). The location policy points to the ExtremeLocation server and provides the Tenant authentication key needed to authenticate with the server.

It is applicable to the following platform profiles: NX5500, NX7500, NX9500, NX9600, and VX9000.

  • <POLICY-NAME> – Specify the policy name.
management-policy <MNGT-POLICY> Associates a management policy
  • <MNGT-POLICY> – Specify the management policy name.
netflow-policy <POLICY-NAME> Associates a NetFlow policy
  • <POLICY-NAME> – Specify the policy name.
Note: NetFlow Version 9 is only supported on the AP4xx and AP5xx model access points. For information on configuring NetFlow policy, see netflow-policy.
radius-server-policy <RADIUS-POLICY> Associates a device onboard RADIUS policy
  • <RADIUS-POLICY> – Specify the RADIUS policy name.
role-policy <ROLE-POLICY> Associates a role policy
  • <ROLE-POLICY> – Specify the role policy name.
routing-policy <ROUTING-POLICY> Associates a routing policy
  • <ROUTING-POLICY> – Specify the routing policy name.
web-filter-policy <POLICY-NAME> Associates an existing Web Filter policy with a profile or device
  • <POLICY-NAME> – Specify the policy name.

Parameters Device Mode

use [auto-provisioning-policy|bonjour-gw-forwarding-policy|
bonjour-gw-query-forwarding-policy|captive-portal|client-identity-group|crypto-cmp-policy|
database-client-policy|database-policy|dhcp-server-policy|dhcpv6-server-policy|
enterprise-ui|event-system-policy|firewall-policy|global-association-list|guest-management|
iot-device-type-imagotag-policy|ip-access-list|ipv6-access-list|license|location-policy|
management-policy|netflow-policy|nsight-policy|profile|radius-server-policy|rf-domain|role-policy|
routing-policy|rtl-server-policy|sensor-policy|wips-policy|smart-rf-policy|web-filter-policy]
<POLICY-NAME>
use Associates the following policies with this device:
auto-provisioning-policy <POLICY-NAME> Associates an auto provisioning policy
  • <POLICY-NAME> – Specify the auto provisioning policy name.
bonjour-gw-forwarding-policy <POLICY-NAME> Uses an existing Bonjour GW Forwarding policy with a profile or device
  • <POLICY-NAME> – Specify the Bonjour GW Forwarding policy name (should be existing and configured).

For more information on Bonjour GW Forwarding policy, see bonjour-gw-forwarding-policy.
bonjour-gw-query-forwarding-policy <POLICY-NAME> Uses an existing Bonjour GW Query Forwarding policy with a profile or device
  • <POLICY-NAME> – Specify the Bonjour GW Query Forwarding policy name (should be existing and configured).
captive-portal server <CAPTIVE-PORTAL> Configures access to a specified captive portal
  • <CAPTIVE-PORTAL> – Specify the captive portal name.
client-identity-identity-group <CLIENT-IDENTITY-GROUP-NAME> Associates an existing client identity group with this device
  • <CLIENT-IDENTITY-GROUP-NAME> – Specify the client identity group name.

For more information on the ‘client-identity‘ and ‘client-identity-group‘ commands, see client-identity and client-identity-group.
crypto-cmp-policy <POLICY-NAME> Associates an existing crypto certificate management protocol (CMP) policy
  • <POLICY-NAME> – Specify the CMP policy name.

For more information on configuring a crypto CMP policy, see Crypto-CMP Policy.
database-client-policy <POLICY-NAME> Associates an existing database client policy with a device
  • <POLICY-NAME> – Specify the policy name (should be existing and configured).

For more information on database client policy, see database-client-policy global-config.

Applicable only to the NX9500, NX9600, and VX9000 model service platforms.
database-policy <DATABASE-POLICY-NAME> Associates an existing database policy with this device
  • <DATABASE-POLICY-NAME> – Specify the database policy name.
    Note: For more information on configuring a database policy, see database-policy global config.
dhcp-server-policy <DHCP-POLICY> Associates a DHCP server policy
  • <DHCP-POLICY> – Specify the DHCP server policy name.
dhcpv6-server-policy <DHCPv6-POLICY> Associates a DHCPv6 server policy
  • <DHCPv6-POLICY> – Specify the DHCPv6 server policy name.
enterprise-ui Enables application of the site controller‘s Enterprise user interface (UI) on all management points (controllers and access points)

For example, the site controller is NX500 and an AP7562 is adopted to it. To enable the access point to also use the Enterprise UI:

On the AP7562‘s profile configuration mode execute: use > enterprise-ui

On adoption and application of this profile, the AP7562 access point resets and reboots using the Enterprise UI. Once using the Enterprise UI, on all subsequent adoptions, the AP does not get reset.
event-system-policy <EVENT-SYSTEM-POLICY> Associates an event system policy
  • <EVENT-SYSTEM-POLICY> – Specify the event system policy name.
firewall-policy <FW-POLICY> Associates a firewall policy
  • <FW-POLICY> – Specify the firewall policy name.
global-association-list server <GLOBAL-ASSOC-LIST-NAME> Associates the specified global association list with the device (controller)
  • <GLOBAL-ASSOC-LIST-NAME> – Specify the global association list name.

Once associated, the controller applies this association list to requests received from all adopted APs. For more information on global association list, see global-association-list.
guest-management <GUEST-MANAGEMENT-POLICY-NAME> Associates the specified guest management policy with this device
  • <GUEST-MANAGEMENT-POLICY-NAME> – Specify the guest management policy name (should be existing and configured).
ip/ipv6-access-list <IP/IPv6-ACL-NAME> traffic-shape class <1-4> Associates an IP and/or IPv6 ACL with this device and applies it as a firewall for a selected traffic-shape class
  • <IP/IPv6-ACL-NAME> – Specify the IP/IPv6 ACL name (should be existing and configured)
    • traffic-shape class <1-4> – Selects the traffic-shape class to apply the above specified IP/IPv6 ACL
      • <1-4> – Select the traffic-shape class from 1 - 4.
license <WORD> Associates a Web filtering license with this device
  • <WORD> – Provide a 256 character maximum license string for the Web filtering feature. Web filtering is used to restrict access to specific resources on the Internet.
location-policy <POLICY-NAME> Associates a location policy to the device self.The Location policy is a means to upload site hierarchy to the ExtremeLocation server through the WiNG controller (NOC, standalone APs, virtual controllers). The location policy points to the ExtremeLocation server and provides the Tenant authentication key needed to authenticate with the server.

It is applicable to the following platform profiles: AP7522, AP7532, AP7522, AP7532, AP7562, AP7612, AP7632, AP7662, AP8432, AP8533, NX5500, NX7500, NX9500, NX9600, and VX9000.

  • <POLICY-NAME> – Specify the policy name.
management-policy <MNGT-POLICY> Associates a management policy
  • <MNGT-POLICY> – Specify the management policy name.
nsight-policy <NSIGHT-POLICY-NAME> Associates a specified NSight policy with this device
  • <NSIGHT-POLICY-NAME> – Specify the NSight policy name (should be existing and configured).
    Note: Use this command to associate an NSight policy to a controller to enable it to function as the NSight server. For more information, see nsight-policy (global-config-mode).
profile <PROFILE-NAME> Associates a profile with this device
  • <PROFILE-NAME> – Specify the profile name.
radius-server-policy <RADIUS-POLICY> Associates a device onboard RADIUS policy
  • <RADIUS-POLICY> – Specify the RADIUS policy name.
rf-domain <RF-DOMAIN-NAME> Associates an RF Domain
  • <RF-DOMAIN-NAME> – Specify the RF Domain name.
role-policy <ROLE-POLICY> Associates a role policy
  • <ROLE-POLICY> – Specify the role policy name.
routing-policy <ROUTING-POLICY> Associates a routing policy
  • <ROUTING-POLICY> – Specify the routing policy name.
rtl-server-policy <POLICY-NAME> Associates a Real TIme Locationing (RTL) server policy with an access point. When associated, enables the access point to directly send RSSI feeds to the third-party Euclid RTL server.
  • <POLICY-NAME> – Specify the RTL server policy name (should be existing and configured).
sensor-policy <POLICY-NAME> Associates a sensor policy with an access point or controller. When associated, WiNG controllers and access points function as sensors.
  • <POLICY-NAME> – Specify the sensor policy name (should be existing and configured).
wips-policy <WIPS-POLICY> Associates a WIPS policy
  • <WIPS-POLICY> – Specify the WIPS policy name.
web-filter-policy <POLICY-NAME> Associates an existing Web Filter policy with a profile or device
  • <POLICY-NAME> – Specify the policy name.
 
nx9500-6C8809(config)#profile ap505 test505
nx9500-6C8809(config-profile-test505)#use netflow-policy test

nx9500-6C8809(config-profile-test505)#show context include-factory | include netflow-policy
 use netflow-policy test
nx9500-6C8809(config-profile-test505)#

Related Commands

no Disassociates a specified policy from this profile/device
9036514-01 Rev AA