Auto-Provisioning Policies

Wireless devices can adopt and manage other wireless devices. For example, a wireless controller can adopt any number of access points. When a device is adopted, the device configuration is provisioned by the adopting device. Since multiple configuration policies are supported, an adopting device needs to define which configuration policies are used for a given adoptee. Auto-provisioning policies determine which configuration policies are applied to an adoptee based its properties. For example, a configuration policy could be assigned based on MAC address, IP address, CDP snoop strings, etc.

Once created an auto-provisioning policy can be used in profiles or device configuration objects. An Auto-Provisioning policy contains a set of ordered by precedence rules that either deny or allow adoption based on potential adoptee properties and a catch-all variable that determines if the adoption should be allowed when none of the rules is matched. All rules (both deny and allow) are evaluated sequentially starting with the rule with the lowest precedence. The evaluation stops as soon as a rule has been matched, no attempt is made to find a better match further down in the set.

The evaluation is performed using various matching criteria. The matching criteria supported include:
MAC Matches the MAC address of a device attempting to be adopted. Either a single MAC address or a range of MAC addresses can be specified.
VLAN Matches when adoption over a Layer 2 link matches the VLAN ID of an adoption request. Note that this is a VLAN ID as seen by the recipient of the request, in case of multiple hops over different VLANs this may different from VLAN ID set by the sender. A single VLAN ID is specified in the rule. This rule is ignored for adoption attempts over Layer 3.
IP Address Matches when adoption is using a Layer 3 link matches the source IP address of an adoption request. In case of NAT the IP address may be different from what the sender has used. A single IP, IP range or IP/mask is specified in the rule. This rule is ignored for adoption attempts over Layer 2.
Serial Number Matches exact serial number (case insensitive).
Model Matches exact model name (case insensitive).
DHCP Option Matches the value found in DHCP vendor option 191 (case insensitive). DHCP vendor option 191 can be setup to communicate various configuration parameters to an AP. The value of the option in a string in the form of tag=value separated by a semicolon, e.g.‘tag1=value1;tag2=value2;tag3=value3‘. The access point includes the value of tag‘rf-domain‘, if present. This value is matched against the auto provisioning policy.
FQDN Matches a substring to the FQDN of a device (case insensitive).
CDP Matches a substring in a list of CDP snoop strings (case insensitive). For example, if an Access Point snooped 3 devices: controller1.extremenetworks.com, controller2.extremenetworks.com and controller3.extremenetworks.com,‘controller1‘,‘extremenetworks‘, ‘extremenetworks.com‘, are examples of the substrings that will match.
LLDP Matches a substring in a list of LLDP snoop strings (case insensitive). For example, if an Access Point snooped 3 devices: controller1.extremenetworks.com, controller2.extremenetworks.com and controller3.extremenetworks.com,‘controller1‘, ‘extremenetworks‘, ‘extremenetworks.com‘, are substrings match.
Auto provisioning is the process by which access points discover controllers or service platforms available in the network, pick the most desirable controller or service platform, establish an association, optionally obtain an image upgrade and obtain its configuration.

At adoption, an access point solicits and receives multiple adoption responses from controllers and service platforms available on the network. These adoption responses contain loading policy information the Access Point uses to select the optimum controller or service platform for adoption. By default, an auto provisioning policy generally distributes AP adoption evenly amongst available controller or service platform. Modify existing adoption policies or create a new one as needed to meet the adoption requirements of a device and their assigned profile.

Note

Note

A device configuration does not need to be present for an auto provisioning policy to take effect. Once adopted, and the device‘s configuration is defined and applied by the controller or service platform, the auto provisioning policy mapping does not have impact on subsequent adoptions by the same device.

Use an auto provisioning policy to define rules for adoption of access point by wireless controllers.

To review exisiting Auto-provisioning policies:
  1. Select Configuration → Devices → Auto-Provisioning Policy.

    The Auto-Provisioning screen displays by default. This screen displays existing auto-provisioning policies. Review these policies to determine whether a new policy requires creation, or an existing policy requires edit or deletion.

    Click to expand in new window
    Auto-Provisioning Policy Screen
  2. Review the following parameters:
    Auto-Provisioning Policy Lists the name of each policy when it was created. It cannot be modified as part of the Auto-provisioning policy‘s edit process.
    Adopt if No Rules Match Displays whether this policy will adopt devices if no adoption rules apply. Doubleclick within this column to launch the edit screen where rules can be defined for device adoption. This feature is disabled by default
    Rerun Policy Rules Every Time AP Adopted Displays whether this policy will be run every time an AP is adopted. Double-click within this column to launch the edit screen where this option can be modified. This feature is disabled by default.