The Unified Access application provides unified wireless device configuration of security functions for Access Points (APs) on OmniAccess Wireless devices. In addition to device authentication and classification, you can create Access Role Profiles (similar to User Network Profiles) to configure network access controls for one or more user devices.

Unified Access consists of the following applications that work together with the Authentication Servers application to seamlessly authenticate and configure QoS for wireless devices. These applications are accessible by clicking on Network > Unified Access under the “Configure” section of the OmniVista Cirrus Menu.

  • Access Role Profiles - Displays all configured Access Role Profiles and is used to create, clone, edit, and delete Access Role Profiles. An Access Role Profile contains the various UNP properties (e.g., QoS Policy List attached to the UNP, Captive Portal Authentication) for users assigned to the profile. In a wireless-centric network, an Access Role Profile is considered as a user role with which every client in the wireless-centric network is associated.

  • Unified Policies - Displays configured Unified Policies and is used to create, edit, delete, and view Unified Policies. Unified Policies are QoS Policies that can be applied to wireless devices.

  • Unified Policies List - Displays all configured Unified Policy Lists, including the Unified Policies included in each list, and is used to create, edit, delete, view and apply Unified Policy Lists. A Unified Policy List is a set of Unified Policies that are grouped together and assigned to devices as a group. A Unified Policy List can be applied to a UPAM Server. A Unified Policy List can be applied to APs as part of an Access Role Profile. Access Role Profiles are configured in the Unified Access application (Network Access > Unified Access > Access Role Profile).

  • IoT Categorization - Displays information about device categories, and is used to create, edit, and delete custom categories. OmniVista Cirrus monitors network packets to determine the types of client devices connected to an IoT-enabled Access Point and interfaces with Device Fingerprinting Service to categorize them. When a device is initially categorized, it will be assigned to one of the available, top-level categories (e.g., Phone, Tablet, or Wearable). As OmniVista monitors packets and learns more about a device, the category assigned to the device will become more specific. As OmniVista learns more about the device, the device may be categorized as an "Apple Mobile Device", and then an "Apple iPhone". As OmniVista learns these new categories, they are added to the IoT Categorizations List.

    • A default set of hierarchical categories is provided. These default categories cannot be deleted, but can be edited to assign an Access Role Profile to the category.

    • In addition to the default set of hierarchical categories, you can create custom categories that you can edit and delete. There are two types of custom categories: hierarchy and MAC-based.

      • A custom hierarchy category specifies the hierarchy categorization a device must match to be associated with the custom category.

      • A custom MAC-based category specifies the MAC address a device must have to be associated with the custom category.

    • Category-based device authentication is configurable by assigning an Access Role Profile to a category (default or custom) with the option of Automatic Enforcement.

  • Tunnel Profiles - Displays all configured Tunnel Profiles and is used to create, edit, and delete Guest Tunnel Profiles. When you create a Tunnel Profile, you configure the parameters that can be mapped to an Access Role Profile to authenticate a Guest Client, and map the client to a Guest UNP profile that is mapped to an L2 GRE service.

  • Location Policy - Displays information about configured Location Policies and is used to create, edit, and delete a Location Policy. A Location Policy defines a specific location where a device can access the network. The policy is associated with an Access Role Profile and applied to devices classified into the Access Role Profile.

  • Period Policy - Displays information about configured Period Policies and is used to create, edit, and delete a Period Policy. A Period Policy specifies the days and times during which a device can access the network. The policy is associated with an Access Role Profile and applied to devices classified into the Access Role Profile.

  • Authentication Servers

    • RADIUS Servers - Displays all RADIUS Servers known to OmniVista. It also enables you to add, modify, and delete RADIUS Servers from the RADIUS Servers Management List. A RADIUS Server that supports Vendor Specific Attributes (VSAs) is required. VSAs carry specific authentication, authorization, and configuration details about RADIUS requests to and replies from the server.

    • LDAP Servers - Displays all LDAP Authentication Servers known to OmniVista. It also enables you to add, modify, and delete LDAP Servers from the list of LDAP Servers known to OmniVista. Lightweight Directory Access Protocol (LDAP) is a standard directory server protocol. The protocol was developed as a way to use directory services over TCP/IP and to simplify the Directory Access Protocol (DAP) defined as part of the Open Systems Interconnection (OSI) effort.

  • Groups - Enables you to create the following groups, which can be used in various policy conditions

    • MAC Groups - Displays all configured MAC Groups. The screen is used to create, edit, and delete MAC Groups, which can be used in creating various policy conditions, such as source MAC group condition and destination MAC group condition.

    • IP Groups - Displays all configured IP Groups. The screen is used to create, edit, and delete IP Groups, which can be used in creating various policy conditions.

    • Service Groups - Displays all configured Service Groups. The screen is used to create, edit, and delete Service Groups, which can be used in creating various policy conditions.

      • Service Policies - Displays all configured Service Policies, which are assigned to a Service Group. This screen is used to create, edit, and delete Service Policies.

      • Service Ports - Displays all configured Service Ports, which are assigned to Service Policies. By default, the TCP radio button is selected and TCP Services are displayed. Click on the UDP radio button to display UDP Services. The screen is used to create, edit, and delete Service Ports.