Assigning and Unassigning Port Profiles from Interfaces
You can assign an existing user-created or system-created Port profile to network interfaces (including aggregated Ethernet interfaces), or Port Group member interfaces on one or more devices.
During the process of assigning a Port profile to interfaces, you can also:
Configure IPv4 or IPv6 addresses on interfaces to which you have assigned a routing Port profile.
IPv4 filters are separate from IPv6 filters.
Configure certain authentication attributes—such as the RADIUS server or servers to use—for all 802.1X interfaces on the device. Because configuring these attributes involves assigning an Access profile to the device, you must have previously created an Access profile.
To assign a Port profile to interfaces:
- Click in the Network Director banner.
- Under Select View, select one of the following views: Logical View, Location View, Device View or Custom Group.
Do not select Datacenter View or Topology View.
- In the Tasks pane, select Wired > Profiles > Port.
The Manage Port Profile page is displayed.
- Select the Port profile you want to assign and then click Assign.
The Assign Port Profile wizard appears. It has three parts—Device Selection, Profile Assignment, and Review.
- Complete device selection for assignment by following the directions Selecting Devices for Assignment.
- Assign the port profile to one or more objects by following the directions Selecting Interfaces for Assignment.
- Review your configuration by following the directions Reviewing and Accepting the Assignments.
- Click Finish.
After you assign a Port profile to ports, you can modify your assignments by selecting the Port profile from the Manage Port Profiles page and clicking Edit Assignments.
The following sections describe how to use the Assign Port Profile wizard and the Edit Assignments page.
Selecting Devices for Assignment
Use the Device Selection page in the Assign Port Profile wizard to select one or more devices that have ports. You can select container nodes, individual devices, or port groups. For more information about Port Groups, see Creating and Managing Port Groups.
To select devices for Port profile assignment:
- Enable either Select Devices or Select Port Groups.
- If you enabled Select Devices, expand the list of
objects and select the objects that contain the devices and interfaces
you want to assign by clicking the check box next to the them. If
you select a container node, all devices under that node are selected.
The list of objects is filtered to include only devices that match the profile’s family type. If you do not see a device that you expected to see, verify that the device matches the profile’s family type. For example, a profile with the Data Center Switching ELS family type cannot be assigned to a Data Center Non-ELS device.
- If you enabled Select Port Groups, select one or more port groups from the Select Port Group list.
- Click either Next or Profile Assignment to proceed to the next step in the wizard, Profile Assignment.
For directions to complete Port Profile Assignment, see Selecting Interfaces for Assignment.
Selecting Interfaces for Assignment
Use Profile Assignment in the Assign Port Profile wizard to select the interfaces to which you want to assign the Port profile. After you have selected the interfaces, you can configure specific attributes on the interfaces or on the devices to which the interfaces belong.
Before you start the procedure below, you might want to select a device and click View Assignments to view what profiles and attributes are already configured on the device. Any profile assignments or attributes you define during this procedure replace the existing ones.
One optional attribute you can configure for switching interfaces is the Access profile that defines RADIUS server authentication for 802.1X ports. If you will be configuring this optional attribute, make sure that an Access profile has been created.
If you enabled Select Port Groups during Object Selection, you can assign the Port profile to any or all existing port groups.
If you enabled Select Devices during Object Selection, assign the Port profile to interfaces and configure the port-specific or device-specific attributes:
- Select one or more container nodes or devices from the
To assign the profile to nonconsecutive interfaces or to aggregated Ethernet interfaces, select a single device.
To assign the profile to interfaces in the same consecutive interface range (for example, ge-0/0/0 through ge-0/0/15) on one or more devices, select one or more devices. To make multiple selections, press Shift or Ctrl while making the selections.
To assign a profile to ports within a QFabric system select the member node group or groups that contain the ports.
To assign a profile to ports within a Virtual Chassis Fabric (VCF), you can select any container nodes or member devices within the VCF, including the VCF container node.
To assign a profile to aggregated Ethernet ports within a Virtual Chassis or VCF, select the Virtual Chassis or VCF container node. To assign a profile to physical device ports within a Virtual Chassis or VCF, select one or more member devices.
Channelized ports are only applicable for Data Center Switching ELS devices and only XE interfaces can be used as channelized ports.
If Network Director fails to read the configuration of one or more devices after the device discovery, such devices are not displayed in the Assignments list. You will not be able to assign profiles to such devices. The Manage Jobs page in System mode displays details of the device discovery jobs. Use the information displayed on this page to take appropriate corrective steps to enable Network Director to reread the configuration of the failed device. For more information, see Discovering Devices in a Physical Network.
- Click Assign to Port.
The Assign Profile to Ports window opens.
- Select either Ports (default) or Port Range. If you selected multiple devices in the previous step, you cannot choose the Port option.
- If you selected the Port option, select the ports from
the list of ports.
By default, aggregated Ethernet interfaces are listed after the ge- and xe- interfaces in the list of ports. Members of aggregated Ethernet interfaces are not included in the port list.
- If you selected the Port Range option, enter the port
- In the Normal Ports section, enter a first and last port name in the text boxes, then click Add The port range appears in the Selected Port Range section.
- Repeat the add process to add any additional port ranges.
- To delete a port range, select its check box, then click Delete
At least one port within the port range must be available on each selected device for the port range to succeed. Channelized ports are supported in a port range. Assignments are created for the ports within the port range that are available. You can assign the profile to the same interface on multiple devices by entering the interface name in both fields of the port range.
- Click Assign to complete the port assignments
and close the window.
The port assignment appears in the list of Assignments, with the Device, Type, Assigned To, and Attributes columns completed. In the Attributes column, you see a triangle and the link Define.
- Configure the following port-specific or device-specific
If the Port profile is a switching profile that contains an Authentication profile—in other words, the profile is enabling 802.1X authentication on ports—click the Define link in the Attributes column for a device to define additional authentication attributes.
The Configure attributes window opens. Fill in the fields described in Table 1.
Table 1: Configure Device Attributes for Port Profile Assignments
Select an Access profile.
The RADIUS server attributes defined in the Access profile is configured on the device when you deploy the configuration.
Radius Server Source IP Address
Type an IP address to be used as the source IP address for RADIUS server requests sent by the switch. The source address must a valid IPv4 or IPv6 (either format) address configured on one of the switch interfaces.
Post authentication URL
Type a URL to be used for the captive portal post-authentication website.
If you see the message Port profile does not have an associated Authentication profile. Please configure the Authentication profile.;then click OK, and edit the Port profile by selecting Port under Profile and Configuration Management, selecting the Port profile from the list and clicking Edit. The Authentication profile association is located in the Port Family Options section.
The attributes you define for the device apply to all 802.1X authenticator interfaces on the switch. Different sets of interfaces on the switch cannot have different attributes.
If the Port profile is a routing profile, click the Define link in the port’s Attributes field to configure an IPv4 or IPv6 address on the interface.
Repeat this step for all the ports on which you want to configure IPv4 or IPv6 interfaces.
- Repeat the previous steps as needed to complete the port
assignments and then click either Next or Review.
For review directions, see Reviewing and Accepting the Assignments.
Reviewing and Accepting the Assignments
Use the Review step of the Assign Port Profile wizard to review and accept your assignments:
Click Edit to return to the Profile Assignment step and make changes to your assignments.
Click Finish to accept the assignments.
After you click Finish, the Create Profile Assignments Job Details window opens, which reports on the status of the profile assignment job. If you have assigned the profile to a large number of objects, the profile assignment job can take some time to complete. Instead of waiting for the Job Details window to report job completion status, you can close it and check the details of the profile assignment job at a later time by using the Manage Job task in System mode.
If any assignment fails, the profile assignment job fails and none of the assignments are created. Check the details for the profile assignment job for information about why the assignment failed.
After the profile assignment job completes, you can deploy the configuration defined in the Port profile and in the port-specific and device-specific attributes on the affected devices. See Deploying Configuration to Devices.
Editing Profile Assignments
Use the Edit Assignments page to change Port profile assignments. You can:
Delete a port from the profile assignments.
If the profile has been already deployed on the port, then the configuration is removed from the port when you next deploy the configuration on the device. The configuration removed includes any port configuration that was defined in associated profiles, such as the CoS, Authentication, and IPv4 or IPv6 Filter profiles.
Change the IPv4 or IPv6 address for ports associated with a routing Port profile.
Change the device-specific authentication attributes, such as the Access profile associated with the device. For more information about these attributes, see Table 1.
You cannot assign the Port profile to additional ports by using the Edit Assignment page. To add port assignments, use the Assign Port Profile wizard.
Table 2 describes the fields in the Edit Assignments page and how to use them to change the profile assignments. When you are finished with your modifications, click Apply. You can then deploy your modifications on the affected devices.
Table 2: Edit Assignment for Port Profile Fields
Expand the device nodes to see the ports or port group the profile is assigned to.
Indicates the current state of profile assignment on the port:
If the attributes for a port or device are currently undefined, you can click the Define link to define them. If attributes have been defined and you want to view them or change them, click the Change link.
Click the Delete link to delete the profile assignment from the port.
Shows the current assignment status:
After you apply your assignment changes, these indicators disappear.
Unassigning a Port Profile from an Interface
Starting Network Director Release 3.4, you can unassign multiple port profiles that are assigned to multiple ports, at the same time.
To unassign port profiles:
- On the Network Director banner, under Views, select one of the following views—Logical View, Location View, Device View, or Custom Group.
- On the Tasks pane, click Wired > Profiles > Port.
The Manage Port Profile page appears.
- Select one or more port profiles that you want to unassign
from the ports and click Unassign.
A confirmation message indicating the profiles were successfully unassigned appears and the status of the profiles change to Pending Deployment.