Local Policies
Controller can do profiling of devices based on protocols such as HTTP, DHCP, and so on to identify the clients. You can configure the device-based policies and enforce per-user or per-device policy on the network. The controller also displays statistics that are based on per-user or per-device end points and policies that are applicable per device. The maximum number of policies that you can configure is 64.
The policies are defined based on the following attributes:
-
User group or user role
-
Device type such as Windows clients, smartphones, tablets, and so on
-
Service Set Identifier (SSID)
-
Location, based on the access point group that the end point is connected to
-
Time of the day
-
Extensible Authentication Protocol (EAP) type, to check what EAP method that the client is getting connected to
When these policy attributes match, you can define the following actions:
-
Virtual local area network (VLAN)
-
Access control list (ACL)
-
Quality of Service (QoS) level
-
Session timeout value
-
Sleeping client timeout value
-
Select either AVC profile or role, or both based on local policy attributes defined in the AAA server.
The following are the different ways by which local policies are applied based on a combination of AVC profile and role defined in the AAA server:
-
Both AVC profile and role are derived from the AAA server, the following options are available:
-
If AAA override is enabled, then AVC profile is prioritized and is applied.
-
If AAA override is disabled, then role matching is applied.
-
-
Only role is derived from the AAA server and role matching takes place, the following options are available:
-
If profile is defined in the policy, then role policy is applied.
-
If profile is not defined in the policy, then AVC profile defined in WLAN is applied.
-
-
Only AVC profile is derived from the AAA server, the following options are available:
-
If AAA override is enabled, then AVC profile received from the AAA server is applied.
-
If AAA override is disabled, then AVC profile defined on the WLAN is applied.
-
-
This section contains the following subsections: