Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Labels

Juniper Mist uses the concept of labels to represent a collection of users or resources, similar to how tags, or groups, are used in some other applications. The idea is to represent a group of related items under a central, clear name so that you can reference the label rather than having to specify all the constituents every time you want to include the items in a configuration. Labels are similar to variables in this way, but the values in a label are absolute – there is no dynamic swapping as is the case with variables.

You can create labels at the organization level or at the site level. Organization-level labels can be used only in the WLAN templates. Site-level labels can only be referenced at that specific site.

To create labels:

  • Organization-level—From the left menu of the Juniper Mist portal, select Organization > Wireless | Labels.

  • Site-level—From the left menu of the Juniper Mist portal, select Site > Wireless | Labels .

Types of Labels

You can create user labels and resource labels.

  • User Labels

    • AAA attributes—Currently there are two options under AAA attributes user group or RADIUS Username.
    • Client Name
    • Client MAC
    • Users connected to a specific WLAN/WLANs
  • Resource Labels

    • Application
    • Hostname
    • IP Address—List of IPs or CIDR
    • Port
    • Emails / File Sharing / Online Backup / Social / Videos and Music applications (pre-defined by Mist)
    Note:

    Resources cannot be dynamically discovered or based on AAA attributes like users. Resources need to be statically defined.

Use Case: Labels for a Bonjour Gateway

You can use user labels in conjunction with a Bonjour gateway to prevent or allow access to Bonjour services that are available on a different VLAN than the WLAN or user.

The following RADIUS attributes, present in access-accept AAA message type, are supported for user labels: Filter-Id, aruba-user-role, and Airespace-ACL-Name.

Figure 1: User Labels User Labels

To creating a user label for Bonjour filtering:

  1. In the Juniper Mist portal, click Organization > Admin | Labels.

  2. Click Add Label.

  3. Enter a name and define your label:

    • Label Type—Select AAA Attribute.

    • Label Values—Select User Group.

    • User Group Values—Enter the RADIUS attribute value you want to connect this user role to.

  4. Click Create at the top of the page.

Site vs Organization Labels

For both organization and site-level policies, rules are evaluated from top to bottom, with any matching conditions executed prior to the next evaluation.

Adding APs and Clients to an Existing Label

You can also add individual APs and clients to an existing label, as shown in the following animation and step-by-step procedure.

Figure 2: Adding a Label to Selected Clients Adding a Label to Selected Clients
Note:

To replay the animation, right-click, and open it in a new tab. Use the refresh button to replay it as needed.

  1. In the left menu, select Clients > WiFi Clients.

  2. Select the client(s) that you want to assign to a label.

  3. Click Edit Clients in the top-right corner of the page.

    Note:

    The button appears only when clients are selected.

  4. Select Add Labels.

  5. Click the plus sign (+), and select a label. Repeat this step as needed to add more labels.

  6. Click OK.