Scribd Logo
Upload

Welcome to Scribd!

  • Adoption Policy

    Uploaded by

    envision salem
    14 views8 pages

    Original Title

    adoption-policy

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views8 pages

    Adoption Policy

    Uploaded by

    envision salem

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    Motorola Enterprise Wireless LAN

    Confidential and Restricted - Do Not Redistribute


    CONTENTS

    Contents

    1 REVISION HISTORY 3

    2 INTRODUCTION 4
    2.1 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
    2.2 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

    3 FEATURE DESCRIPTION 5
    3.1 Adoption Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
    3.2 Profile and rf-domain, profile only and rf-domain only rules . . . . . . 6
    3.3 Default adoption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
    3.4 Matching Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
    3.4.1 MAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
    3.4.2 VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
    3.4.3 IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
    3.4.4 Serial Number . . . . . . . . . . . . . . . . . . . . . . . . . . 7
    3.4.5 Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
    3.4.6 DHCP Option . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
    3.4.7 FQDN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
    3.4.8 CDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
    3.4.9 LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
    3.5 Profile and rf-domain name templates. . . . . . . . . . . . . . . . . . 8
    3.5.1 template components . . . . . . . . . . . . . . . . . . . . . . . 8
    DOC-NUM TBD VERSION 0.1 PROG-NAME Wing5 Adoption Policy

    Motorola Confidential - Do Not Redistribute Page 2 of 8


    CHAPTER 1. REVISION HISTORY

    Chapter 1

    REVISION HISTORY

    +----------+---------------------+-------------------------------------+
    | Date | Author | Comment |
    +----------+---------------------+-------------------------------------+
    | 08/18/10 | Ilys Minkin | Initial Draft |
    | 10/11/10 | Ilya Minkin | Clarified DHCP option, renamed |
    | | | dhcp-hostname to FQDN |
    | 06/21/11 | Ilya Minkin | Added profile and rf-domaain only |
    | | | rules and templates |
    | | | |
    +----------+---------------------+-------------------------------------+

    Motorola Confidential - Do Not Redistribute Page 3 of 8


    CHAPTER 2. INTRODUCTION

    Chapter 2

    INTRODUCTION

    2.1 Purpose
    This document describes the Adoption Policies implemented in Wing 5.x.

    2.2 Overview
    Wireless devices running Wing 5.x can ’adopt’ other wireless devices, for example, a wireless switch
    can adopt an number of AP. When a device is adopted the device configuration is determined by
    the ’adopter’ device. Since multiple configuration policies are supported an ’adopter’ device needs a
    way of determining which of the multiple configuration policies should be used for a given ’adoptee’.
    Adoption Policies provide a way to determine a configuration policy to be used for an ’adoptee’ based
    on some of its properties. For example, a configuration policy could be assigned based on a MAC
    address, IP address, CDP snoop strings, etc.

    Motorola Confidential - Do Not Redistribute Page 4 of 8


    CHAPTER 3. FEATURE DESCRIPTION

    Chapter 3

    FEATURE DESCRIPTION

    3.1 Adoption Policy


    Adoption Policy [AP] is a Wing 5.x named configuration object. The following command creates new
    adoption policy or starts the edit of an existing one:

    rfs4000-22A4A6(config)#adoption-policy test

    Once created an adoption policy can be used in profiles or device configuration objects:

    rfs4000-22A4A6(config-profile-default-rfs4000)*#use adoption-policy test

    An adoption policy contains a set of ordered by precedence rules that either deny or allow adoption
    based on a potential adoptee properties and a catch-all variable that determines if the adoption should
    be allowed when none of the rules were matched.
    For example:

    rfs4000-22A4A6(config-adoption-policy-test)#adopt ap7131 precedence 10


    profile <profile name> rf-domain <rf-domain name>
    mac 00-11-22-33-44-50 00-11-22-33-44-59
    rfs4000-22A4A6(config-adoption-policy-test)#adopt ap7131 precedence 20
    profile <profile name> rf-domain <rf-domain name>
    mac 00-11-22-33-44-60 00-11-22-33-44-69

    Creates two adoption rules for AP7131 with two ranges of MAC addresses. When an AP7131 with
    a MAC address matching the ranges is adopted it is assigned profile and rf-domain that is specified in
    the rule.
    Deny rules are similar except profile and rf-domain names are omitted:

    rfs4000-22A4A6(config-adoption-policy-test)#deny ap7131 precedence 10


    mac 00-11-22-33-44-50 00-11-22-33-44-59
    rfs4000-22A4A6(config-adoption-policy-test)#deny ap7131 precedence 20
    mac 00-11-22-33-44-60 00-11-22-33-44-69

    All rules (both deny and allow) are evaluated sequentially starting with the rule with the lowest
    precedence value. The evaluation stops as soon as a rule has been matched, no attempt is made to
    find a better match further down in the set.

    Motorola Confidential - Do Not Redistribute Page 5 of 8


    CHAPTER 3. FEATURE DESCRIPTION

    3.2 Profile and rf-domain, profile only and rf-domain only rules
    An allow rule can specify profile only rf-domain only or both. For example:

    rfs4000-22A4A6(config-adoption-policy-test)#adopt ap7131 precedence 10


    profile prof1 mac 00-11-22-33-44-50 00-11-22-33-44-59
    rfs4000-22A4A6(config-adoption-policy-test)#adopt ap7131 precedence 20
    profile prof2 mac 00-11-22-33-44-60 00-11-22-33-44-69
    rfs4000-22A4A6(config-adoption-policy-test)#adopt ap7131 precedence 30
    rf-domain rfd1 mac 00-11-22-33-44-50 00-11-22-33-44-69

    When only one of the profile and rf-domain is specified in the matching rule the search continues
    until another matching rule is found that specifies the other required value. In the example above
    AP7131 with MAC 00-11-22-33-44-50 will be adopted with profile prof1 and rf-domain rfd1 and AP7131
    with MAC 00-11-22-33-44-60 will be adopted with profile prof2 and rf-domina rfd1. Profile or rf-domain
    selected from a rule with lower precedence value is not overridden when they are also specified in
    another matching rule with higher precedence value. For example, a policy similar to the one above
    but with the last rule specifying both profile and rf-domain.

    rfs4000-22A4A6(config-adoption-policy-test)#adopt ap7131 precedence 10


    profile prof1 mac 00-11-22-33-44-50 00-11-22-33-44-59
    rfs4000-22A4A6(config-adoption-policy-test)#adopt ap7131 precedence 20
    profile prof2 mac 00-11-22-33-44-60 00-11-22-33-44-69
    rfs4000-22A4A6(config-adoption-policy-test)#adopt ap7131 precedence 30
    profile prof3 rf-domain rfd1 mac 00-11-22-33-44-50 00-11-22-33-44-69

    For AP7131 with MAC 00-11-22-33-44-50 the rule with precedence 10 matches and prof1 is se-
    lected. Since rf-domain is not known yet the search continues. Rule with precedence 30 matches. It
    specifies both profile and rf-domian. Because profile has already been selected from the previous rule
    it is ignored, rf-domain rfd1 is selected. AP is adopted with prof1 and rfd1.

    3.3 Default adoption


    Is is possible that after evaluating all rules in the policy at least one of profile and rf-domain is not
    selected. In that case adoption is determined by ’default-adoption’ setting in the policy. If ’default-
    adoption’ is to deny adoption the adoption is denied. Otherwise AP is adopted using default values for
    what has not been found in the rules. If rf-domain has not been found ’default’ rf-domain will be used
    for adoption. If profile has not been found ’default-<device type> profile will be used for adoption (e.g.
    default-ap71xx for AP7131). If ’default’ rf-domain or default-<device type> profile does not exist it will
    be created on the fly.

    3.4 Matching Criteria


    The following properties can be matched

    3.4.1 MAC
    Matches the MAC address of a device attempting to be adopted. Either a single MAC address or a
    range of MAC addresses can be specified.

    Motorola Confidential - Do Not Redistribute Page 6 of 8


    CHAPTER 3. FEATURE DESCRIPTION

    3.4.2 VLAN
    When adoption is over a L2 link matches the VLAN ID of an adoption request. Note that this is a
    VLAN ID as seen by the recipient of the request, in case of multiple hops over different VLANs this
    may different from VLAN ID set by the sender. A single VLAN ID is specified in the rule.
    This rule is ignored for adoption attempts over L3.

    3.4.3 IP address
    When adoption is over L3 link matches the source IP address of an adoption request. In case of NAT
    the IP address may be different from what the sender has used. A single IP, IP range or IP/mask is
    specified in the rule.
    This rule is ignored for adoption attempts over L2.

    3.4.4 Serial Number


    Matches exact serial number (case insensitive).

    3.4.5 Model
    Matches exact model name (case insensitive).

    3.4.6 DHCP Option


    Matches the value found in DHCP vendor option 191 (case insensitive). DHCP vendor option 191 can
    be setup to communicate various configuration parameters to an AP. The value of the option in a string
    in the form of tag=value separated by a semicolon, e.g. ’tag1=value1;tag2=value2;tag3=value3’. AP
    includes the value of tag ’rf-domain’, if present. This value is matched against the adoption rule.

    3.4.7 FQDN
    Matches a substring to FQDN of AP (case insensitive).

    3.4.8 CDP
    Matches a substring in a list of CDP snoop strings (case insensitive). For example, AP snooped 3
    devices:
    switch1.moto.com switch2.moto.com switch3.moto.com
    ’swtich1’, ’moto’, ’moto.com’, ’itch’ are examples of the substrings that will match

    3.4.9 LLDP
    Matches a substring in a list of LLDP snoop strings (case insensitive). For example, AP snooped 3
    devices:
    switch1.moto.com switch2.moto.com switch3.moto.com
    ’swtich1’, ’moto’, ’moto.com’, ’itch’ are examples of the substrings that will match

    Motorola Confidential - Do Not Redistribute Page 7 of 8


    CHAPTER 3. FEATURE DESCRIPTION

    3.5 Profile and rf-domain name templates.


    For additional flexibility an adoption policy rule can specify a template instead of an actual profile or
    rf-domain name. When the rule matches the name is then generated based on the template. If the
    name cannot be generated because AP did not provide all the information required by the template
    or if the object with that name does not exist then the rule is considered not matching and the search
    continues.

    3.5.1 template components


    A template consists of fixed strings, and substitution tokens. Tokens reference information strings that
    are sent by devices during the adoption. A token has the following format:
    $TOKEN[start character:end character]
    Currently supported tokens:
    $FQDN - references FQDN string
    $CDP - references CDP string
    $LLDP - references LLDP string
    $DHCP - references DHCP option string
    $SN - references device serial number
    $MODEL - references device model string
    $DNS-SUFFIX - same as FQDN except only uses the non-host portion of FQDN
    i.e. everything after the first dot
    for example, if FQDN is test.motorola.com
    DNS-SUFFIX is motorola.com
    A token is optionally followed by the character range specification. When present, only the specified
    range of characters from the token is used for the substitution. For example:
    rfs4000-22A4A6(config-adoption-policy-test)#adopt ap7131 precedence 10
    profile test$FQDN[1:4] mac 00-11-22-33-44-50 00-11-22-33-44-59
    When AP from the matching MAC range comes for adoption the rule is selected. The profile name
    is then formed by concatenating ’test’ with the first 4 characters from FQDN that was sent by AP in the
    adoption request. For example, if FQDN was CALA-STORE101 the profile name will be testCALA. If
    the AP did not specify FQDN or FQDN is shorter than 4 characters or if ’testCALA’ does not exist the
    search continues.
    Character range is optional either beginning or end of both can be omitted:
    test-$FQDN[4:6] - take FQDN characters 4,5 and 6
    test-$FQDN - take the whole FQDN
    test-$FQDN[:] - take the whole FQDN
    test-$FQDN[4:] - take characters from 4 to the end
    test-$FQDN[:4] - take characters from the beginning to 4
    Note that while tokens use the same information as the matching criteria they can be specified in
    rules independently from the matching criteria used.
    A pattern can contain any number of tokens and the same token can be used multiple times. For
    example:
    $FQDN[:]$SN[:2] - take full FQDN and concatenate with
    the first 2 characters of serial number
    $FQDN[1:2]$FQDN[10:11] - take characters 1, 2, 10 and 11
    from FQDN
    store$CDP[2:4]$CDP[1:3] - concatenate ’store’ with
    CPD characters 2,3,4,1,2,3, not sure why :).

    Motorola Confidential - Do Not Redistribute Page 8 of 8

    You might also like