724-746-5500 | blackbox.com
Page 144
724-746-5500 | blackbox.com
Chapter 9: Common Configuration Examples
To add another domain name, click New, click the empty space at the top of the drop-down list and type a new domain name,
add an optional description, and then click “Apply.” You can create up to 32 entries for a single device domain object, and there
can be up to 64 device domain objects per SmartPath AP.
Step 4: Set User Profile Reassignment Policy Rules
With the MAC, OS, and device domain objects defined, you can now create a policy to classify client types and assign user
profiles based on how the clients are classified.
Click Configuration > Guided Configuration > User Profiles > user_profile, expand the Client Classification Policy section, enter the
following to add a client classification policy, and then click “Save:”
Enable user profile reassignment based on client classification rules: (select)
Choose an entry from the MAC Object, OS Object, and Device Domain Object drop-down lists. If you do not see one that you
need, click the New icon ( + ), and create it. Then choose the user profile from the Reassigned User Profile drop-down list that
you want to apply to traffic from clients that match all three device classification objects.
NOTE: SmartPath APs apply policy rules to change user profile assignments based on three client characteristics: MAC address, OS
version, and device domain membership. A rule that sets one of these classification types as "[-any-]" ignores that
particular characteristic and bases user profile reassignments on the other two.
To add another rule, click “New,” add the three client classification objects and the user profile reassignment, and then click
“Apply.”
The order of the rules within a policy is important. SmartPath APs look for a match to the individual rules starting from the top,
and as soon as they find a match, that is the rule that is applied. To reorder the rules within a policy, select the checkbox to the
left of the ID of the rule that you want to move, and then click the Up or Down buttons located on the right of the rules until you
are satisfied with the order of the rules in the policy.
Step 5: Enable User Profile Reassignment in SSIDs
You can enable and disable user profile reassignments at the SSID level.
To enable it, click Configuration > Guided Configuration > SSIDs > ssid_name, select the Enable user profile reassignment based
on client classification rules checkbox, and then click “Save.” To disable it, clear the checkbox.
NOTE: The SSID must contain a user profile that is configured with a client classification policy.
To apply your settings, push the WLAN profile referencing the modified SSIDs and user profiles to the SmartPath APs.
9.4.4 Private PSK User Groups
You next create two private PSK user groups, one for employees and another for contractors.
To create a private PSK user group for employees, click Configuration > Advanced Configuration > Authentication > Local User
Groups > New, enter the following, and then click Save:
User Group Name: Employees(30)
Including the attribute number in the private PSK user group name and in the user profile name makes it easier to match them
when configuring the SSID.
Description: Corp employees
User Type: Manually created private PSK users
User Profile Attribute: 30
This must be the same number as the user profile "Employees(30)".