Profiles assign configuration parameters, applicable policies and WLANs to one or more controllers and access points, thus allowing smart administration across large wireless network segments. However, individual devices can still be assigned unique configuration parameters that follow the flat configuration model supported in previous software releases. As individual device updates are made, these device no longer share the profile based configuration they originally supported. Changes made to a profile are automatically inherited by all assigned devices, but not those devices who have had their configuration customized. These devices require careful administration, as they no longer can be tracked and as profile members. Their customized configurations overwrite their profile configurations until the profile can be re-applied to the device.
Each device is automatically assigned a default profile unless an AP Auto-Provisioning policy is defined that specifically assigns an access point to a user defined profile. A default profile for each supported model is automatically added to a device's configuration file when the device is provisioned. Default profiles can also be manually added prior to discovery when needed. Default profiles are ideal for single site deployments where controllers, service platforms and access points share a common configuration.
User defined profiles are manually created for each supported device model. User defined profiles can be manually assigned or automatically assigned to access points using an AP Auto-Provisioning policy. AP Adoption policies provide the means to easily assign profiles to access points based on model, serial number, VLAN ID, DHCP option, IP address (subnet) and MAC address.
User defined profiles should be utilized in larger deployments when groups of devices (on different floors, buildings or sites) share a common configuration.
Each default and user defined profile contains policies and configuration parameters. Changes made to these parameters are automatically inherited by the devices assigned to the profile.
Review existing profiles to determine whether a new profile requires creation, or an existing profile requires edit or deletion.
To review the existing profiles:
Profile | Lists the user-assigned name defined for each profile when created. Profile names cannot be edited with a profiles configuration. |
Type | Displays the device type (and subsequent device specific configuration) supported by each listed profile. |
Auto-Provisioning Policy | Displays the Auto-Provisioning policy applied to this profile. At adoption, an AP solicits and receives multiple adoption responses. These adoption responses contain preference and loading policy information the AP uses to select the optimum controller or access point for adoption. By default, an Auto-Provisioning policy generally distributes AP adoption evenly amongst available adopters. Modify existing adoption policies or create a new one as needed to meet the adoption requirements of this particular profile. |
Firewall Policy | Displays an existing firewall policy, if any, assigned to each listed profile. Firewall policies can be assigned when creating or editing a profile. |
Wireless Client Role Policy | Lists the name of the wireless client role policy currently applied to the listed device. The wireless client role policy contains the matching rules and IP and MAC Inbound and Outbound policies used to filter traffic to and from clients. This policy can be applied to controllers, service platforms or access points. |
Advanced WIPS Policy | Lists the name of the Advanced WIPS Policy used with each listed profile to (among other things) block up to 100 client MAC address from connectivity. |
DHCP Server Policy | Lists the name of the DHCP Server Policy used with each listed profile. An internal DHCP server groups wireless clients based on defined user-class option values. Clients with a defined set of user class values are segregated by class. A DHCP server can associate multiple classes to each pool. Each class in a pool is assigned an exclusive range of IP addresses. |
Management Policy | Lists the name of Management policies applied to each listed profile. A management policy is a mechanism to allow/deny management access for separate interfaces and protocols (HTTP, HTTPS, Telnet, SSH or SNMP). Management access can be enabled/disabled as required for each policy. |
RADIUS Server Policy | Displays the name of the RADIUS Server policy applied to each listed profile. A RADIUS Server policy provides customized, profile specific, management of authentication data (usernames and passwords). |