Skip to main content
Skip table of contents

Unified Access

The Unified Access application provides unified wireless device configuration of security functions for Access Points (APs) on OmniAccess Wireless devices. In addition to device authentication and classification, you can create Access Role Profiles (similar to User Network Profiles) to configure network access controls for one or more user devices.

Unified Access consists of the following applications that work together with the Authentication Servers application to seamlessly authenticate and configure QoS for wireless devices. These applications are accessible by clicking on Network Access > Unified Access under the “Configure” section of the OmniVista Cirrus Menu.

  • Access Auth Profile - Displays all configured Access Authentication Profiles and is used to create, edit, and delete Access Authentication Profiles. An Access Authentication Profile defines the parameters for the authentication process applied to client traffic received on Stellar AP downlink ports.

  • AAA Server Profile - Displays information about the configured authentication, authorization, and accounting (AAA) Server Profiles and is used to create, edit, and delete AAA Server Profiles. This type of profile defines specific AAA parameters that can be used in an Access Authentication Profile or Captive Portal Profile. When an AAA Server Profile is assigned to device traffic through an Access Authentication Profile, the parameter values defined in the profile will override any existing global AAA configuration.

  • Access Role Profiles - Displays all configured Access Role Profiles and is used to create, clone, edit, and delete Access Role Profiles. An Access Role Profile contains the various UNP properties (e.g., QoS Policy List attached to the UNP, Captive Portal Authentication) for users assigned to the profile. In a wireless-centric network, an Access Role Profile is considered as a user role with which every client in the wireless-centric network is associated.

  • Unified Policies - Displays configured Unified Policies and is used to create, edit, delete, and view Unified Policies. Unified Policies are QoS Policies that can be applied to wireless devices.

  • Unified Policies List - Displays all configured Unified Policy Lists, including the Unified Policies included in each list, and is used to create, edit, and delete Unified Policy Lists. A Unified Policy List is a set of Unified Policies that are grouped together and assigned to devices as a group.

  • IoT Categorization - Displays information about device categories, and is used to create, edit, and delete custom categories. OmniVista Cirrus monitors network packets to determine the types of client devices connected to an IoT-enabled Access Point and interfaces with Device Fingerprinting Service to categorize them. When a device is initially categorized, it will be assigned to one of the available, top-level categories (e.g., Phone, Tablet, or Wearable). As OmniVista monitors packets and learns more about a device, the category assigned to the device will become more specific. As OmniVista learns more about the device, the device may be categorized as an "Apple Mobile Device", and then an "Apple iPhone". As OmniVista learns these new categories, they are added to the IoT Categorizations List.

    • A default set of hierarchical categories is provided. These default categories cannot be deleted, but can be edited to assign an Access Role Profile to the category.

    • In addition to the default set of hierarchical categories, you can create custom categories that you can edit and delete. There are two types of custom categories: hierarchy and MAC-based.

      • A custom hierarchy category specifies the hierarchy categorization a device must match to be associated with the custom category.

      • A custom MAC-based category specifies the MAC address a device must have to be associated with the custom category.

    • Category-based device authentication is configurable by assigning an Access Role Profile to a category (default or custom) with the option of Automatic Enforcement.

  • Tunnel Profiles - Displays all configured Tunnel Profiles and is used to create, edit, and delete Guest Tunnel Profiles. When you create a Tunnel Profile, you configure the parameters that can be mapped to an Access Role Profile to authenticate a Guest Client, and map the client to a Guest UNP profile that is mapped to an L2 GRE service.

  • Location Policies - Displays information about configured Location Policies and is used to create, edit, and delete a Location Policy. A Location Policy defines a specific location where a device can access the network. The policy is associated with an Access Role Profile and applied to devices classified into the Access Role Profile.

  • Access Classification - Displays information about configured Access Classification Rules that are assigned to Access Role Profiles and is used to create, edit, and delete classification rules. Assigning Access Classification Rules to an Access Role Profile provides an additional method for classifying a device into the Access Role Profile. If authentication is not available or does not return a profile name, for whatever reason, Access Classification rules are applied to determine the Access Role Profile assignment.

  • Period Policies - Displays information about configured Period Policies and is used to create, edit, and delete a Period Policy. A Period Policy specifies the days and times during which a device can access the network. The policy is associated with an Access Role Profile and applied to devices classified into the Access Role Profile.

  • Authentication Servers

    • RADIUS Servers - Displays all RADIUS Servers known to OmniVista. It also enables you to add, modify, and delete RADIUS Servers from the RADIUS Servers Management List. A RADIUS Server that supports Vendor Specific Attributes (VSAs) is required. VSAs carry specific authentication, authorization, and configuration details about RADIUS requests to and replies from the server.

    • LDAP Servers - Displays all LDAP Authentication Servers known to OmniVista. It also enables you to add, modify, and delete LDAP Servers from the list of LDAP Servers known to OmniVista. Lightweight Directory Access Protocol (LDAP) is a standard directory server protocol. The protocol was developed as a way to use directory services over TCP/IP and to simplify the Directory Access Protocol (DAP) defined as part of the Open Systems Interconnection (OSI) effort.

  • Groups - Enables you to create the following groups, which can be used in various policy conditions

    • MAC Groups - Displays all configured MAC Groups. The screen is used to create, edit, and delete MAC Groups, which can be used in creating various policy conditions, such as source MAC group condition and destination MAC group condition.

    • IP Groups - Displays all configured IP Groups. The screen is used to create, edit, and delete IP Groups, which can be used in creating various policy conditions.

    • Service Groups - Displays all configured Service Groups. The screen is used to create, edit, and delete Service Groups, which can be used in creating various policy conditions.

    • Service Policies - Displays all configured Service Policies, which are assigned to a Service Group. This screen is used to create, edit, and delete Service Policies.

    • Service Ports - Displays all configured Service Ports, which are assigned to Service Policies. By default, the TCP radio button is selected and TCP Services are displayed. Click on the UDP radio button to display UDP Services. The screen is used to create, edit, and delete Service Ports.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.