Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

SD-LAN Profiles Overview

 

SD-LAN profiles are templates for configuring port parameters such as flow control, MTU, link mode, and port speed, access control, user authentication, RADIUS server settings, and firewall filters. A user with tenant administrator privileges can add the following profiles to CSO and deploy them on the switch to configure the switch and the switch ports:

  • Authentication profiles: Authentication profiles are used to implement network access control (NAC).

    An authentication profile defines:

    • the authentication method

    • fallback options

    • other settings such as number of retries, maximum number of authentication requests that can be allowed for a supplicant, authentication server timeout, and so on, related to the communication between the switch and the supplicant (a user or device such as printer).

    You can reference an authentication profile directly in a port profile or assign the authentication profile to a port when you configure the port manually.

    See Add Authentication Profiles for details.

  • Firewall filter: Firewall filters are used to deny or permit network access to supplicants based on the filter terms.

    You can reference an egress firewall filter and an ingress firewall filter in a port profile. You can also assign the firewall filters to a port when you configure the port manually.

    See Add Firewall Filters and Termsfor details.

  • Port profiles: Port profiles are used to define the behavior of a port. You can use port profiles to simultaneously provision multiple ports with the same set of attributes. A port profile includes the following:

    • Authentication profile (Optional)

    • Firewall filters (Optional)

    • Link settings

    • Storm control settings

    • Power over Ethernet (PoE) settings

    • Port security settings

    A port profile has an authentication profile and one ingress firewall filter and one egress firewall filter assigned to it. Figure 1 shows the relationship between an authentication profile, firewall filters, and a port profile.

    Figure 1: Relationship Between a Port Profile, an Authentication Profile, and Firewall Filters
    Relationship Between a Port Profile,
an Authentication Profile, and Firewall Filters

    See Add Port Profiles for details about adding a port profile to CSO.

  • RADIUS server profiles: RADIUS server profiles are used to define the RADIUS server for authentication and accounting. You define the RADIUS server IP address, password, authorization ports, accounting ports, retry counts, and server timeout in this profile.

    A RADIUS server profile is referenced by an access profile and deployed on the switch when the access profile is deployed. See Add RADIUS Server Profiles for information about adding RADIUS server profiles.

  • Access profiles: Access profiles are used to define the list of RADIUS servers to be used for authentication and accounting. An access profile has one or more RADIUS server profiles assigned to it.

    Figure 2 shows the relationship between the a RADIUS profile and an access profile.

    Figure 2: Relationship Between RADIUS Profiles and an Access Profile
    Relationship Between RADIUS Profiles
and an Access Profile

    An access profile, deployed on a switch, is referenced by an authentication profile when 802.1x authentication is configured on the switch port.

    See Add Access Profiles for details.

Life Cycle of a Port Profile

Figure 3 shows the life cycle of a port profile.

Figure 3: Life Cycle of a Port Profile
Life Cycle of a Port Profile

The life cycle of a port profile is as follows:

  1. Add a port profile to CSO.

  2. Assign the port profile to one or more ports on a switch.

    When you assign the port profile, the deployment status of the port is set to Pending Deployment indicating that the profile is only assigned to the port.

  3. Deploy the port profile on one or more ports.

    During the deployment, that is, when the configuration is being committed on the port, the deployment status is changed to In Progress. If the deployment job completes successfully, the deployment status of the port is set to Success; otherwise, the deployment status is set to Failed.

  4. Edit the port profile.

    When you edit the port profile, an authentication profile or a firewall filter associated with the port profile, the deployment status of the port profile is set to Pending Deployment.

  5. Redeploy the port profile to ensure the changes are reflected in the port configuration.

    During the redeployment, the deployment status of the port is changed to In Progress. If the deployment job completes successfully, the deployment status of the port is set to Success; otherwise, the deployment status is set to Failed.