Unified Access
The Unified Access application provides unified wireless device configuration of security functions for Access Points (APs) on OmniAccess Wireless devices. In addition to device authentication and classification, you can create Access Role Profiles (similar to User Network Profiles) to configure network access controls for one or more user devices.
Unified Access consists of the following applications that work together with the Authentication Servers application to seamlessly authenticate and configure QoS for wireless devices. These applications are accessible by clicking on Network Access > Unified Access under the “Configure” section of the OmniVista Cirrus Menu.
Access Auth Profile - Displays all configured Access Authentication Profiles and is used to create, edit, and delete Access Authentication Profiles. An Access Authentication Profile defines the parameters for the authentication process applied to client traffic received on Stellar AP downlink ports.
AAA Server Profile - Displays information about the configured authentication, authorization, and accounting (AAA) Server Profiles and is used to create, edit, and delete AAA Server Profiles. This type of profile defines specific AAA parameters that can be used in an Access Authentication Profile or Captive Portal Profile. When an AAA Server Profile is assigned to device traffic through an Access Authentication Profile, the parameter values defined in the profile will override any existing global AAA configuration.
Access Role Profiles - Displays all configured Access Role Profiles and is used to create, clone, edit, and delete Access Role Profiles. An Access Role Profile contains the various UNP properties (e.g., QoS Policy List attached to the UNP, Captive Portal Authentication) for users assigned to the profile. In a wireless-centric network, an Access Role Profile is considered as a user role with which every client in the wireless-centric network is associated.
Unified Policies - Displays configured Unified Policies and is used to create, edit, delete, and view Unified Policies. Unified Policies are QoS Policies that can be applied to wireless devices.
Unified Policies List - Displays all configured Unified Policy Lists, including the Unified Policies included in each list, and is used to create, edit, and delete Unified Policy Lists. A Unified Policy List is a set of Unified Policies that are grouped together and assigned to devices as a group.
IoT Categorization - Displays information about device categories, and is used to create, edit, and delete custom categories. OmniVista Cirrus monitors network packets to determine the types of client devices connected to an IoT-enabled Access Point and interfaces with Device Fingerprinting Service to categorize them. When a device is initially categorized, it will be assigned to one of the available, top-level categories (e.g., Phone, Tablet, or Wearable). As OmniVista monitors packets and learns more about a device, the category assigned to the device will become more specific. As OmniVista learns more about the device, the device may be categorized as an "Apple Mobile Device", and then an "Apple iPhone". As OmniVista learns these new categories, they are added to the IoT Categorizations List.
A default set of hierarchical categories is provided. These default categories cannot be deleted, but can be edited to assign an Access Role Profile to the category.
In addition to the default set of hierarchical categories, you can create custom categories that you can edit and delete. There are two types of custom categories: hierarchy and MAC-based.
A custom hierarchy category specifies the hierarchy categorization a device must match to be associated with the custom category.
A custom MAC-based category specifies the MAC address a device must have to be associated with the custom category.
Category-based device authentication is configurable by assigning an Access Role Profile to a category (default or custom) with the option of Automatic Enforcement.
Tunnel Profiles - Displays all configured Tunnel Profiles and is used to create, edit, and delete Guest Tunnel Profiles. When you create a Tunnel Profile, you configure the parameters that can be mapped to an Access Role Profile to authenticate a Guest Client, and map the client to a Guest UNP profile that is mapped to an L2 GRE service.
Location Policies - Displays information about configured Location Policies and is used to create, edit, and delete a Location Policy. A Location Policy defines a specific location where a device can access the network. The policy is associated with an Access Role Profile and applied to devices classified into the Access Role Profile.
Access Classification - Displays information about configured Access Classification Rules that are assigned to Access Role Profiles and is used to create, edit, and delete classification rules. Assigning Access Classification Rules to an Access Role Profile provides an additional method for classifying a device into the Access Role Profile. If authentication is not available or does not return a profile name, for whatever reason, Access Classification rules are applied to determine the Access Role Profile assignment.
Period Policies - Displays information about configured Period Policies and is used to create, edit, and delete a Period Policy. A Period Policy specifies the days and times during which a device can access the network. The policy is associated with an Access Role Profile and applied to devices classified into the Access Role Profile.