724-746-5500 | blackbox.com
Page 142
724-746-5500 | blackbox.com
Chapter 9: Common Configuration Examples
* The three addresses "10.0.0.0/8", "172.16.0.0/12", and "192.168.0.0/16" that define private network address space were
created in a previous example. See “Address Objects” in Figure 9-15.
Click “Save” to save the IP firewall policy and return to the User Profile dialog box.
From-Access: contractors-outgoing-IP-policy (This is the firewall policy that you just created.)
To-Access: (nothing)
Default Action: DenyUser Profile Reassignment
9.4.3 User Profile Reassignment
SmartPath APs can reassign users to different user profiles based on the MAC addresses or OUIs, operating systems, and device
domain names of their clients. This allows a SmartPath AP to assign different user profiles to a user going on the network with
the same credentials but using different devices. For example, you might apply one set of firewall and QoS policies to employees
using authorized company-issued equipment and a different set when they go on-line with unauthorized mobile devices.
To configure SmartPath APs to reassign user profiles based on client characteristics:
Step 1: Create MAC Objects
Click Configuration > Advanced Configuration > Network Objects > MAC Objects > New, enter the following, and then click
Save:
MAC Address or MAC Address Range or MAC OUI:
Select the one you want to use to distinguish a type of client device.
If you want to create a user profile reassignment policy rule for a single device, select MAC address.
or
If you want to make a policy rule that applies to devices with a range of MAC addresses (such as a shipment of company-
purchased laptops), enter the MAC Address Range.
or
If you want to set a policy rule for all clients with the same OUI—and, therefore, the same device type—select MAC OUI.
NOTE: You can see a list of OUIs on the Home > Administration > Auxiliary Files > MAC OUI Dictionary page. You can also
download the entire file for reference.
MAC Object Name:
Type the name of the MAC object. This is the name that appears in the MAC Object drop-down list when
you configure a client classification policy in the User Profile dialog box.
Based on whether you selected MAC Address, MAC Address Range, or MAC OUI, enter a 12-hexadecimal MAC address, the
start and end MAC addresses of an address range, or a 6-hexadecimal MAC OUI, optionally include a description, and then click
“Apply.”
To add another MAC entry, click “New,” and then make another MAC entry, include an optional description, and then click
“Apply.” You can add up to 255 entries to a single MAC object, and there can be up to 128 MAC objects per SmartPath AP.
Step 2: Create OS Objects
There are several predefined OS objects for common operating systems and versions of those systems:
• Windows NT 5.1 (Windows XP), NT 5.2 (Windows 2003), NT 6.0 (Windows Vista and Windows 2008), and NT 6.1
(Windows 7)