ADMINISTRATION PORTAL
Help Center User GuideGetting StartedFAQsRelease Notes
 
X
User Guide
Getting Started
FAQs
Release Notes
Help Center
HideContents
Help CenterWorking in Build ModeConfiguring Authentication, Authorization, and Access for Your NetworkCreating and Managing Wireless Authorization Profiles
Contents  
Contents
Contents
DownloadPrint

Creating and Managing Wireless Authorization Profiles

Authorization profiles specify the access permission for authenticated users or devices.

Use the Manage Authorization Profiles page to create new wireless Authorization profiles and manage existing wireless Authorization profiles.

This topic describes:

Managing Authorization Profiles

From the Manage Authorization Profiles page, you can:

Table 85 describes the information provided about Authorization profiles on the Manage Authorization Profiles page. This page lists all Authorization profiles defined for your network, regardless of the scope you selected in the network view.

Table 85: Manage Authorization Profile Fields

Field

Description

Profile Name

Name given to the profile when the profile was created.

Family Type

The device family on which the profile was created.

VLAN Profile

The VLAN profile associated with the Authorization profile. You specify a VLAN profile while creating an Authorization profile.

VLAN Pool

The VLAN pool associated with the Authorization profile. You can specify a VLAN pool while creating an Authorization profile.

CoS Profile

The optional CoS profile associated with the Authorization profile.

Description

Description of the profile that was entered when the profile was created.

Tip: To display the entire description, you might need to resize the Description column by clicking the column border in the heading and dragging it.

Assignment State

Displays the assignment state of the profile. A profile can be:

  • Unassigned—When the profile is not assigned to any object.
  • Deployed—When the profile is assigned and is deployed from Deploy mode.
  • Pending Deployment—When the profile is assigned, but not yet deployed in the network. For more information, see Deploying Configuration to Devices.

Creation Time

Date and time when the profile was created.

Last Updated Time

Date and time when the profile was last modified.

User Name

The username of the person who created or modified the profile.

Note: All columns might not be displayed—this is configurable. To show or hide fields listed in the Manage Authorization Profiles table, click the down arrow on the field header, select Columns, and select or clear the check box adjacent to the field that you want to show or hide.

Creating a Wireless Authorization Profile

In Network Director, you can create a wireless Authorization profile with access permissions for either wireless users or devices. You can also link a VLAN profile and a CoS profile to the Authorization profile to ensure that each user session is assigned to an appropriate VLAN and it gets the required class of service (CoS).

For an Authorization profile, you must specify the following:

Procedure

To create an Authorization profile for wireless users or devices:

  1. Under Views, select one of these options: Logical View, Location View, Device View or Custom Group View.

    Note: Do not select Dashboard View, Datacenter View, or Topology View.

  2. Click in the Network Director banner.
  3. In the Tasks pane, expand Wireless, expand Profiles, and then click Authorization.

    The Manage Authorization Profiles page appears, displaying the list of currently configured wireless Authorization profiles.

  4. Click Add.

    The Create Authorization Profile for Wireless page appears.

  5. Specify the settings as described in both the online help and in Specifying Settings for a Wireless Authorization Profile.
  6. Click Done to save the Authorization profile.

    The system saves the Authorization profile and displays the Manage Authorization Profiles page. Your new or modified Authorization profile is listed in the table of Authorization profiles.

You will need this authorization profile to create a WLAN Service profile—for directions, see Creating and Managing a WLAN Service Profile.

Specifying Settings for a Wireless Authorization Profile

Procedure

While creating an Authorization profile, you will have to specify a VLAN profile. Make sure that you have created a wireless VLAN profile before you attempt to create an Authorization profile. For directions, see Creating and Managing VLAN Profiles.

  1. Enter the settings described in Table 86 to create an Authorization profile. Required settings are indicated by a red asterisk (*) that appears next to the field label in the user interface.

    Table 86: Authorization Profile Basic Settings (WLC)

    Field

    Action

    Name

    Type a unique name that identifies the profile.

    You can use up to 32 characters for profiles created for wireless devices. Profile name must not contain special characters or spaces. Note that profiles that are automatically created by Network Director as part of device discovery or out-of-band changes might contain the underscore (_) character.

    Description

    Type a short description for the profile.

    VLAN Profile
    or
    VLAN Pool

    You can assign a VLAN profile or a VLAN pool profile to the selected controller. Enable either VLAN Profile or VLAN Pool. For directions, see Creating and Managing VLAN Profiles or Creating and Managing VLAN Pools.

    Click the corresponding Select button and then select a VLAN profile or VLAN pool to include in the Authorization profile. When a VLAN profile or pool is applied to a port or a wireless access point, it is initiated when clients are connected and are authorized on the VLAN.

    CoS Profile

    Click Select and then select an optional CoS profile to include in the Authorization profile.

    CoS profiles enable the grouping of class of service parameters and the application of it to one or more network sessions. You can configure policers, classifiers, scheduler maps, rewrite rules and a traffic-control profile within a CoS Profile. For directions, see Creating and Managing Wired CoS Profiles.

    mDNS Profile

    Select an mDNS Profile from the list for Apple TV, Internet printer, or Digital Auto Access Protocol (iTunes). mDNS Profiles are created by following the directions in Creating and Managing mDNS Profiles. For more information, see Understanding Bonjour.

    Filters

    Filters are computer programs that process and sort a data stream. For more information, see Understanding Filter Profiles.

    Ingress Filter

    Click Select and then select a Filter profile to filter traffic that enters the controller from users through an access port, from a wired authentication port, or from the network through a network port. For directions, see Creating and Managing Wired Filter Profiles.

    Egress Filter

    Click Select and then select a Filter profile to filter traffic sent from the controller to users through an access port, from a wired authentication port, or from the network through a network port. For directions, see Creating and Managing Wired Filter Profiles.

    Simultaneous Login

    Restrict the number of concurrent sessions that a user can have on the network by selecting the number of concurrent sessions for users of this Authorization profile.

    Service Type

    Select the type of access that you want the users of the Authorization profile to have:

    • 2 (Framed)—Select to grant network user access.
    • 6 (Administrative)—Select to grant administrative access to the controller with authorization to access enabled (configuration) mode. The user must enter the enable command and the correct enable password to access enabled mode.
    • 7 (NAS-Prompt)—Select to grant administrative access to non-enabled mode only. In this mode, a user cannot enter the enable command nor the enable password to access the enabled mode.

    To configure advanced settings, click Advanced Settings. To skip changing the default advanced settings and save the profile, click Done.

  2. Enter the advanced settings described in Table 87 to modify the default advanced settings for the Authorization profile.

    Table 87: Authorization Profile Advanced Settings (WLC)

    Field

    Action

    User Idle Timeout
    (default is 3600 seconds)

    Specify the length of time that a user or device can remain idle before the controller disconnects the user or device.

    Session Timeout
    (default is 180 seconds)

    Specify the length of time a user or device can remain connected to the network before re-authenticating the session.

    Termination Action

    Select the action to be taken when the session expires:

    • 0 (Disconnect)—Select to indicate that the session is to be terminated.
    • 1 (Re-authenticate)—Select to indicate that the user or device must reauthenticate when the session expires.

    Uniform Resource Locator (URL)

    Specify the URL that the user is to be redirected after successful authentication.

    Use the following format: http://www.example.com

    Accounting Interim Interval

    Enable Updates

    Select Enable Updates to enable accounting updates for the Authorization profile.

    Tip: Accounting updates are applicable only if you have enabled accounting and selected START-STOP as the record type in the corresponding Authentication profile.

    Update Interval: If updates are enabled. you can modify the time in seconds between accounting updates.

    Specify a value from 180 (default) through 3600 seconds.

    Note: If both a RADIUS server and a controller supply a value for the Accounting Interim Interval, then the value from the controller takes precedence.

    Encryption Type

    Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. For more information, see Understanding Wireless Encryption and Ciphers .

    Encryption Type

    Select the type of encryption supported for clients that use this Authorization profile. You can select a combination of encryption types. Clients who attempt to use an unauthorized encryption method are rejected. Network Director supports the following encryption types:

    • AES-CCMP—AES-CCMP (Advanced Encryption Standard using Counter with CBC-MAC) is the standard encryption protocol for use with the WPA2 standard and is much more secure than the TKIP protocol.
    • TKIP—TKIP (Temporal Key Integrity Protocol) is a security protocol used in the IEEE 802.11 wireless networking standard. It uses the same underlying mechanism as the original WEP encryption, and consequently is vulnerable to the same attacks that WEP is vulnerable to.
    • None—No encryption is used.
    Start and End Dates for Authorization

    Start Date

    Select the date and 24-hour time from which users of this authorization profile are authorized to access the network.

    End Date

    Select the last date and 24-hour time that users of this authorization profile are authorized to access the network.

    Time of Day Settings

    Time of Day

    Indicate the time of day the user is permitted to log in to the network. The default is Any and the other options are Never and Day.

  3. Click OK to save the advanced settings and close the Advanced Settings window.
  4. Click Done to save the authorization profile and add it to the Manage Authorization Profiles list.

What To Do Next

After you have created an Authorization profile, you can:

Related Documentation

Help us to improve. Rate this article.
     
Feedback Received. Thank You!
Previous
Understanding Wireless Authorization Profiles
Next
Assigning Wireless Authorization Profiles to Controllers
Related Topics
Need more help?

Ask questions in TechWiki

Contact Customer Support

Check documentation in TechLibrary

© 2018 Juniper Networks, Inc. All rights reserved

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit