Override Profile Miscellaneous Configuration

About this task

Refer to the advanced profile‘s Miscellaneous menu item to set or override a profile‘s NAS configuration. The profile database on the RADIUS server consists of user profiles for each connected network access server (NAS) port. Each profile is matched to a username representing a physical port. When an access point, controller, or service platform authorizes users, it queries the user profile database using a username representative of the physical NAS port making the connection.

Access point LED behavior and RF Domain management can also be defined from the Miscellaneous screen.

To define or override a profile's miscellaneous configuration attributes:

Procedure

  1. Select Configuration → Devices → Profile Overrides from the web UI.
  2. Select a target device in the lower left-hand side of the UI.
  3. Select Advanced to expand its sub-menu items.
  4. Select Miscellaneous.
    Click to expand in new window
    Advanced Profile Overrides - Miscellaneous Screen
  5. Set a NAS-Identifier Attribute up to 253 characters in length.
    This is the RADIUS NAS-Identifier attribute that typically identifies where a RADIUS message originates.
  6. Set a NAS-Port-Id Attribute up to 253 characters in length.
    This is the RADIUS NAS port ID attribute which identifies the device port where a RADIUS message originates.
  7. Select Turn on LEDs, in the LEDs (Light Emitting Diodes) section, to enable the LEDs on an access point.
    This parameter is not available for controllers or service platforms.
  8. Select Flash Pattern(2), in the LEDs (Light Emitting Diodes) section, to flash an access point‘s LEDs in a distinct manner (different from its operational LED behavior).
    With this option enabled, an administrator can verify that an access point has received its configuration from its managing controller or service platform (perhaps remotely at the site of deployment) without having to log into the managing controller or service platform. This feature is disabled by default.
  9. Select Capable, in the RF Domain Manager section, to designate this specific device as being the RF Domain manager for a particular RF Domain.
    The default value is enabled.
  10. Select Priority, in the RF Domain Manager section, to set a priority value for this specific profile managed device. O
    Once enabled, use the spinner control to set a device priority between 1 - 255. The higher the number you select, the higher the priority in the RF Domain manager election process.
  11. Configure a Root Path Monitor Interval (from 1 - 65,535 seconds) to specify how often to check if the mesh point is up or down.
  12. Set the Additional Port value, in the RADIUS Dynamic Authorization section, to enable a Cisco Identity Services Engine (ISE) Authentication, Authorization and Accounting (AAA) server to dynamically authenticate a client.

    The allowed port range is 1 to 65,535.

    When a client device requests access to the network, the Cisco ISE RADIUS server presents the client with a URL where a device‘s compliance is checked for definition file validity (this form of file validity checking is called posture). The check verifies, for example, that the device's anti-virus or anti-spyware software is valid. If the device complies, it is allowed access to the network.

  13. Enable Bluetooth Detection to scan for Bluetooth devices over the WiNG-managed 2.4 GHz access point radio.
    Bluetooth is a technology for exchanging data over short distances using short-wavelength UHF radio waves in the 2.4 GHz band from mobile wireless clients.
    Note

    Note

    Enabling Bluetooth detection results in interference on the Access Point‘s 2.4 GHz radio when in WLAN mode. WLANs are susceptible to sources of interference by Bluetooth devices.
  14. Click OK to save the changes made to the profile's advanced miscellaneous configuration.
    Click Reset to revert to the last saved configuration.