Understanding Access Profiles
Access profiles enable access configuration on the network—this consists of authentication configuration and accounting configuration. Network Director supports RADIUS, Lightweight Directory Access Protocol (LDAP), and local authentication as authentication methods, and RADIUS for accounting.
Authentication prevents unauthorized devices and users from gaining access to your network. Authentication controls access to your network using authentication methods such as 802.1X, MAC RADIUS, or captive portal. For 802.1X and MAC RADIUS authentication, end devices or users must be authenticated before they receive an IP address from a DHCP server. For captive portal authentication, the switch or the controller enables the end devices to obtain an IP address, after which these devices can forward packets such as DHCP, DNS, and ARP.
Accounting servers collect and send information used for billing, auditing, and reporting, such as:
Connection start and stop times
Number of packets received and sent
Number of transferred bytes
The accounting information is stored locally or on a remote RADIUS server. You can track sessions by using this information. As network users roam through a Network or Mobility Domain, accounting records can be used to track their network usage.
RADIUS is an authentication and accounting server used for validating users who attempt to access the wireless controller or switch. RADIUS is a distributed client-server system—the RADIUS client runs on the controller or the switch, and the server runs on a remote network system.
LDAP is an Internet protocol for accessing and updating information in an X.500-compliant directory. Network administrators for LDAP clients can connect to X.500 directory service and add, delete, modify, or search for information if they have the required access rights to the directory. LDAP is designed to run over TCP/IP and can access information in both X.500 directories and many non-X.500 directories.
LDAP is supported as an authentication and accounting method for Campus Switching ELS and wireless devices.
With local authentication, you configure a password for each user allowed to log in to the controller or switch.
You can define one or more Access profiles. Each Access profile is specific to a device family. Use the Manage Access Profiles page to create, modify, view, and delete existing Access profiles.