Access Classification Rules are defined and associated with an Access Role Profile to provide an additional method for classifying a device into an Access Role Profile. If authentication is not available or does not return a profile name for whatever reason, Access Classification rules are applied to determine the profile assignment.
Use the Access Classification screen to display information about all Access Classification Rules configured for Access Role Profiles. This screen is also used to create edit, and delete Access Classification Rules. To access the Access Classification screen, click on Network Access > Unified Policies > Access Classification under the “Configure” section of the OmniVista Cirrus Menu.
Creating an Access Classification Rule
The Create a New Access Classification screen is used to select the type of rule (SSID or MAC address) to configure and assign the rule to an Access Role Profile and network devices. To access this screen, click on Create Access Classification.
The Create a New Access Classification screen provides the following step-by-step process to create an an Access Classification Rule:
1. Classification Configuration - Specify the type of rule, a name for the rule, and the Access Role Profile to which the rule is assigned. The Access Role Profile is applied to traffic that matches the Access Classification Rule.
2. Network Assignment - Selects Access Point (AP) Groups from one or more Sites. The Access Classification Rule is applied to the APs in the selected Sites/AP groups.
1. Classification Configuration
Complete the fields on the Classification Configuration tab, as described below, then click Next to go to the next tab (Step 2).
Rule Type - Click on this field and select the type of rule to configure (MAC or SSID) from the drop-down menu.
SSID - Defines an SSID for the specified Access Role Profile. The specified Access Role Profile will be applied if the SSID of AP (which client is associating) matches with the defined SSID in the rule.
SSID Value - The SSID of AP.
MAC - Defines a MAC Address Access Classification Rule for the specified Access Role Profile. If the source MAC address of the device traffic matches the MAC address defined for the rule, the specified Access Role Profile is applied. Note that when a MAC Access Classification Rule is removed or modified, all MAC addresses classified with that rule are flushed.
MAC Address - The MAC address to use for the rule.
Rule Name - Specify a name to identify the rule.
Access Role Profile - Select an existing Access Role Profile to use for the rule from the drop-down menu or click on Create Access Role Profile to open the the Create Access Role Profile screen and create a new profile. You can also click on Edit to open the Edit Access Role Profile and make changes to the selected profile.
2. Network Assignment
The Network Assignments tab is used to select the AP Group(s) within a Site(s) to which the Access Classification rule will be applied to devices within those groups. Complete the network assignments as described below, then click Create a New Access Classification. The Access Classification Rule is created and used to determine the Access Role Profile assignment for a device.
Select Site to Filter Groups - Select the Site from which you want to select AP Group(s).
Select Access Point Groups - Select the Access Point Group(s) associated with the selected Site. The Access Role Profile is applied to devices in the AP Group(s).
Editing an Access Classification Rule
You can edit the values for an existing Access Classification Rule by accessing the Update Access Classification screen. Use one of the following methods to access the Update Access Classification screen:
Select the rule to edit by clicking o the checkbox next to the rule, click on Actions, then select Edit from the drop-down menu.
Click on the pencil icon under the “Actions” column next to the rule that you want to edit.
The following Update Access Classification screen displays. Edit the fields as described above, then click on Update Access Classification.
Deleting an Access Classification Rule
To delete an Access Classification Rule, use one of the following methods to select the rule that you want to delete:
Select the rule to edit by clicking on the checkbox next to the rule, click on Actions, then select Delete from the drop-down menu.
Click on the trash can icon under the “Actions” column next to the rule that you want to delete.
When you select the Access Classification Rule that you want to delete, the following confirmation prompt appears:
Click on Delete to confirm that you want to delete the selected rule(s).
Display Access Classification Detail
The Access Classification list displays information for the configured Access Classification Rules. To display detailed information about a specific rule, click on the Additional Information icon under the “Actions” column. The information displayed on this screen is defined below.
The following information is displayed for each Access Classification Rule:
Rule Name - The name assigned to identify the classification rule.
Rule Type - The type of rule (MAC or SSID).
MAC Address - If the rule type is set to MAC, this field displays the MAC address to match for this rule.
SSID - If the rule type is SSID, this field displays the SSID to match for this rule.
Access Role Profile - The name of the Access Role Profile assigned to this rule. The profile is applied to traffic that matches the classification rule parameters.
Assigned Devices - The Organization Site(s) and AP Group(s) to which the Access Classification Rule is applied to devices within the selected groups.