SD-LAN Profiles Overview
SD-LAN profiles are templates for configuring port parameters such as flow control, MTU, link mode, and port speed, access control, user authentication, RADIUS server settings, and firewall filters. A user with tenant administrator privileges can add the following profiles to CSO and deploy them on the switch to configure the switch and the switch ports:
Authentication profiles: Authentication profiles are used to implement network access control (NAC).
An authentication profile defines:
the authentication method
other settings such as number of retries, maximum number of authentication requests that can be allowed for a supplicant, authentication server timeout, and so on, related to the communication between the switch and the supplicant (a user or device such as printer).
You can reference an authentication profile directly in a port profile or assign the authentication profile to a port when you configure the port manually.
See Add Authentication Profiles for details.
Firewall filter: Firewall filters are used to deny or permit network access to supplicants based on the filter terms.
You can reference an egress firewall filter and an ingress firewall filter in a port profile. You can also assign the firewall filters to a port when you configure the port manually.
See Add Firewall Filters and Termsfor details.
Port profiles: Port profiles are used to define the behavior of a port. You can use port profiles to simultaneously provision multiple ports with the same set of attributes. A port profile includes the following:
Authentication profile (Optional)
Firewall filters (Optional)
Storm control settings
Power over Ethernet (PoE) settings
Port security settings
A port profile has an authentication profile and one ingress firewall filter and one egress firewall filter assigned to it. Figure 1 shows the relationship between an authentication profile, firewall filters, and a port profile.
See Add Port Profiles for details about adding a port profile to CSO.
RADIUS server profiles: RADIUS server profiles are used to define the RADIUS server for authentication and accounting. You define the RADIUS server IP address, password, authorization ports, accounting ports, retry counts, and server timeout in this profile.
A RADIUS server profile is referenced by an access profile and deployed on the switch when the access profile is deployed. See Add RADIUS Server Profiles for information about adding RADIUS server profiles.
Access profiles: Access profiles are used to define the list of RADIUS servers to be used for authentication and accounting. An access profile has one or more RADIUS server profiles assigned to it.
Figure 2 shows the relationship between the a RADIUS profile and an access profile.
An access profile, deployed on a switch, is referenced by an authentication profile when 802.1x authentication is configured on the switch port.
See Add Access Profiles for details.
Life Cycle of a Port Profile
Figure 3 shows the life cycle of a port profile.
The life cycle of a port profile is as follows:
Add a port profile to CSO.
Assign the port profile to one or more ports on a switch.
When you assign the port profile, the deployment status of the port is set to Pending Deployment indicating that the profile is only assigned to the port.
Deploy the port profile on one or more ports.
During the deployment, that is, when the configuration is being committed on the port, the deployment status is changed to In Progress. If the deployment job completes successfully, the deployment status of the port is set to Success; otherwise, the deployment status is set to Failed.
Edit the port profile.
When you edit the port profile, an authentication profile or a firewall filter associated with the port profile, the deployment status of the port profile is set to Pending Deployment.
Redeploy the port profile to ensure the changes are reflected in the port configuration.
During the redeployment, the deployment status of the port is changed to In Progress. If the deployment job completes successfully, the deployment status of the port is set to Success; otherwise, the deployment status is set to Failed.