Override Services Configuration

About this task

A device profile contains specific guest access (captive portal), DHCP, server and RADIUS server configurations supported by the controller, service platform, or access point's own internal resources. These can be overriden at the device level.

To override a profile's services configuration at the device level:

Procedure

  1. Select Configuration → Devices from the web UI.
    The Device Configuration screen displays a list of managed devices or peer controllers, service platforms, or access points.
  2. Select a target device in the lower left-hand side of the UI.
    You can also select a target device by double-clicking it in the list in the Device Configuration screen.
  3. Select Profile Overrides.
  4. Select Services.
    Note

    Note

    A blue override icon (to the left of a parameter) defines the parameter as having an override applied. To remove an override go to the Basic Configuration section of the device and click Clear Overrides. This removes all overrides from the device.
    Click to expand in new window
    Device Overrides - Services Screen
  5. Refer to the Captive Portal Hosting field to set or override a guest access configuration (captive portal) for use with this profile.

    Captive portals are access policies that provide guests temporary and restrictive access to the managed network.

    A captive portal is a browser-based authentication mechanism that forces unauthenticated users to a web page. Captive portals capture and re-direct a wireless user's web-browser session to a captive portal login page where the user must enter valid credentials to access the wireless network. Once logged into the captive portal, additional Acknowledgment, Agreement, Welcome, No Service and Fail customized pages enhance screen flow and user experience.

    Select an existing captive portal policy or click the Create link to create a new configuration that can be applied to this profile. For more information, see Captive Portal Policies.

  6. In the RADIUS Server Application Policy section select an Application policy or Purview Application policy based on the AP type.

    For legacy WiNG 802.11ac APs, running WiNG 7.2.1 OS, select an Application policy from those listed on the screen. To create a new policy click, Create and the define the Application policy settings. For information on creating Application policies, see Create an Application Policy.

    For 802.11ax APs, running WiNG 7.1.2 or later version of the WiNG 7 OS, select a Purview Application policy. To create a new policy click, Create and the define the Application policy settings. For information on creating Purview Application policies, refer to the WiNG 7.2.1 CLI Reference guide.

    Use this option to enforce RADIUS change of authorization (CoA) in the profile configuration context. when enforced, successfully authenticated users are reauthenticated and the attributes of their active AAA session changed based on the rules defined by the application policy.

  7. Use the DHCP Server Policy drop-down menu assign this profile a DHCP server policy.
    DHCP Server Policy defines the DHCP pool, global settings, and DHCP class information for IPv4 DHCP servers.
    If an existing DHCP policy does not meet the profile‘s requirements, click the Create icon to create a new policy configuration that can be applied to this profile, or click the Edit icon to modify the parameters of an existing DHCP Server policy.

    Dynamic Host Configuration Protocol (DHCP) allows hosts on an IP network to request and be assigned IP addresses as well as discover information about the network where they reside.

  8. Use the DHCPv6 Server Policy drop-down menu assign this profile a DHCPv6 server policy.
    IPv6 DHCP Server Policy defines the DHCP pool, global settings, and DHCP class information for IPv6 DHCP servers.
    If an existing DHCP policy for IPv6 does not meet the profile‘s requirements, click the Create icon to create a new policy configuration that can be applied to this profile, or click the Edit icon to modify the parameters of an existing DHCP Server policy.

    DHCPv6 is a networking protocol for configuring IPv6 hosts with IP addresses, IP prefixes, or other configuration attributes required on an IPv6 network. DHCP in IPv6 works in with IPv6 router discovery. With the proper RA flags, DHCPv6 works like DHCP for IPv4. The central difference is the way a device identifies itself if assigning addresses manually instead of selecting addresses dynamically from a pool.

  9. Use the Guest Management Policy drop-down menu to select an existing Guest Management policy to use as a mechanism to manage guest users with this profile.
  10. Use the RADIUS Server Policy drop-down menu to select an existing RADIUS server policy to use as a user validation security mechanism with this profile.
    A profile can have its own unique RADIUS server policy to authenticate users and authorize access to the network. A profile‘s RADIUS policy provides the centralized management of controller or service platform authentication data (usernames and passwords). When an client attempts to associate, an authentication request is sent to the RADIUS server. For more information, see RADIUS Server Policies.
  11. Set Bonjour Gateway settings.
    Bonjour is Apple‘s implementation of zero-configuration networking (Zeroconf). Zeroconf is a group of technologies that include service discovery, address assignment and hostname resolution. Bonjour locates devices such as printers, other computers and services that these computers offer over a local network.

    Bonjour provides a general method to discover services on a local area network (LAN). It allows users to set up a network without any configuration. Services such as printers, scanners and file-sharing servers can be found using Bonjour. Bonjour only works within a single broadcast domain. However, with special DNS configuration, it can be extended to find services across broadcast domains.

    From the Forwarding Policy drop-down menu, select the Bonjour Gateway forwarding policy.

  12. Use the Location Policy drop-down menu to select and apply a location policy to the controller/virtual controller. The location policy provides the ExtremeLocation server's hostname and ExtremeLocation tenant's location API key. This information is required by the controller to authenticate and authorize with the ExtremeLocation server. Use the Create or Edit icons to create a new policy or edit an existing policy.
    Note

    Note

    For information on creating location policies, see Location Policy.
  13. Refer to the Imagotag Policy field to select or set a Imagotag Policy. Use the drop-down menu to select and apply an Imagotag Policy to the AP's profile. You can use the Create or Edit icons to create a new policy or edit an existing policy. The Imagotag feature is supported only on the AP8432 model access point.

    For information on enabling support for SES-imagotag‘s ESL tags on WiNG APs with USB interfaces, seeConfigure Imagotag Policy.

  14. In the Netflow Policy field, use the drop-down menu to select and apply a Netflow policy to the AP's profile.
    Netflow policy enables IP flow data collection and export within your WiNG 7.3.0 managed network. The NetFlow policy identifies the NetFlow Collector host and specifies the interval at which templates are exported to the specified NetFlow Collector. Create a NetFlow policy and apply locally on the AP or in the AP's profile context.
    Note

    Note

    For information on creating Netflow policy, see Netflow Policy Configuration.
  15. Click OK to save the changes or overrides made to the profile‘s services configuration.
    Click Reset to revert to the last saved configuration.
9036512-01 Rev AB