Profiling and policy enforcement allows profiling of mobile devices and basic onboarding of the profiled devices to a specific VLAN assigns ACL and QOS, or configures session timeout. It can be configured as two separate components. The configuration on the WLC is based on defined parameters specific to clients joining the network. The policy attributes which are of interest are:
a.
Role – Defines the user type or the user group the user belongs to, for example, student or employee.
b. Device – Defines the type of device, for example, Windows machine, Smart phone, Apple device such as iPad, iPhone and so on.
c. Location – Defines where the end point is connected on the network. Location represents AP group. APs can be divided or grouped according to the location and policy can be applied per AP group.
d. Time of day – Allows configuration to be defined at what time of the day end-points are allowed on the network.
e. EAP Type - Checks what EAP method the client is getting connected to.
The above parameters are configurable as policy match attributes. Once WLC has a match corresponding to the above parameters per end-point, policy enforcement comes into picture. Policy enforcement allows basic device on-boarding of mobile devices based on session attributes such as:
e. Sleeping Client–Timeout duration for a specific sleeping client (in hours)
The user can configure these policies and enforce end-points with specified policies. The wireless clients will be profiled based on MAC OUI, DHCP, HTTP user agent (valid Internet is required for successful HTTP profiling). The WLC uses these attributes and predefined classification profiles to identify devices.
